Personal tools

Ace:IMSPython

From Adapt

Revision as of 19:49, 7 January 2011 by Toaster (talk | contribs)
Jump to: navigation, search

Using the python suds library it's fairly trivial to request tokens from the ACE IMS service.

Validating ace tokens is described in on the ims overview page and token store example page

Request One Token

from suds.client import Client

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)
request = client.factory.create('tokenRequest')
request.hashValue = '4ed9ba3d9c7e3e092d0b0e3441f04574'
request.name = 'MyFile'

result = client.service.requestTokensImmediate('SHA-256-0',reqlist)
print result

Here's the result of running it:

[python] [toaster@loach ace-cli]$ python test2.py 
[(tokenResponse){
   digestService = "SHA-256"
   name = "somename"
   proofElements[] = 
      (proofElement){
         hashes[] = 
            "9129f93bc8ac2d93e35aa6206298fb8616690211a8563db51cf2ea1159682692",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "34bd07cc18a7ab1a47467081dcb21a6ca1857b1d3bdc12106ba2fd538b3bafbd",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "8a2042da9a114a41cf3738a841d65336af5b864ed6be8484c6bae4a4ac9e65a1",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "e95826668c3f301bef729e60157bbd3dbc346859ceee71655a9a065106276d72",
         index = 1
      },
   roundId = 2892850
   statusCode = 100
   timestamp = 2011-01-07 12:59:36.000013
   tokenClassName = "SHA-256-0"
 }]

Secure One File

Using hashlib, and binascii we can use python to both generate a digest and grab an ace token for that digest.

import hashlib
import binascii
from suds.client import Client

filename='test2.py'

digFile = open(filename,'rb')
hashAlg = hashlib.sha256()
hashAlg.update(digFile.read())
filedigest = binascii.b2a_hex(hashAlg.digest())

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)

print  filename, ' ', filedigest

request = client.factory.create('tokenRequest')
request.hashValue = filedigest
request.name = filename

result = client.service.requestTokensImmediate('SHA-256-0',request)
print result

And the output:

[python] [toaster@loach ace-cli]$ python test2.py
test2.py   164182eef9792e2e1c5005cd9240ff508aef042b8fa344597431eae39370c784
[(tokenResponse){
   digestService = "SHA-256"
   name = "test2.py"
   proofElements[] = 
      (proofElement){
         hashes[] = 
            "c5e82872eeee3dfa539202a9757f8a5364b6fded4dfcb40b66084158f2b5c627",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "6e16a71847403f4e586625463160993bfab189c0bba771d81354c03d9c3591fd",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "0879b385c366d07142446a18dfb6d19c468a733991e9685fc75ce6f4b929b659",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "e19dd18bd9eabf79a074d72231a7117bd2319a859d31a429575b4657e85d0c95",
         index = 1
      },
   roundId = 2893078
   statusCode = 100
   timestamp = 2011-01-07 13:08:27.000253
   tokenClassName = "SHA-256-0"
 }]

Bulk sending

Rather than sending one token per request, you should create batches to send. Just send a 'list' of tokenRequest objects to requestTokensImmediate. The IMS currently supports up to 10,000 tokens per request.

Round Requests

You can request the round hashes for one or more rounds using getRoundSummaries.

from suds.client import Client

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)

result = client.service.getRoundSummaries(2893078)
print result[0].id
print result[0].hashValue

output

[python] [toaster@loach ace-cli]$ python test2.py
2893078
1324d496da42e04347c74001f8bd948b31fa296419ee49246ba5494970b16752

Complete Example

import hashlib
import binascii
from suds.client import Client

filename='test2.py'

digFile = open(filename,'rb')
hashAlg = hashlib.sha256()
hashAlg.update(digFile.read())
binarydigest = hashAlg.digest()
filedigest = binascii.b2a_hex(binarydigest)

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)

print '---File to secure:'
print filename, ' ', filedigest

request = client.factory.create('tokenRequest')
request.hashValue = filedigest
request.name = filename
token = client.service.requestTokensImmediate('SHA-256-0',request)

print '\n---Token Generated'
print 'Round:',  token[0].roundId, ' Date:', token[0].timestamp
print token[0].proofElements

rounds = client.service.getRoundSummaries(token[0].roundId)
print '\n---Requested Round Hash'
print 'Round hash:', rounds[0].hashValue

print '\n---Computing proof'

level = 0
prevhash = binarydigest
for element in token[0].proofElements:
    i = 0
    hashAlg = hashlib.sha256()
    # create level by converting hashes to bytes and inserting 
    # previous level where necessary
    for strhash in element.hashes:
        if i == element.index:
            hashAlg.update(prevhash)
        hashAlg.update(binascii.a2b_hex(strhash))
        i = i + 1

    # in case index is last item
    if i == element.index:
        hashAlg.update(prevhash)
    prevhash = hashAlg.digest()
    print 'Level:',level, '( index:',element.index,') ', binascii.b2a_hex(prevhash)
    level = level + 1

print '\n---Comparing Round to Proof'
print rounds[0].hashValue
print binascii.b2a_hex(prevhash)
print 'Equal:',binascii.b2a_hex(prevhash) == rounds[0].hashValue

And now the output:

[python] [toaster@loach ace-cli]$ python test2.py
---File to secure:
test2.py   8637a62b365b82ea32d98859d9383dd6e0ecae196821df7b432988d5284ab84e

---Token Generated
Round: 2895470  Date: 2011-01-07 14:46:46.000473
[(proofElement){
   hashes[] = 
      "6e29363fd205cea2d07fd0e9319982f5b32322a9e9450b5520384df715282e1c",
   index = 0
 }, (proofElement){
   hashes[] = 
      "9941e51555f20cf2bcaa478ca91932734131a697bfad613c8a9c1c95b4b55ec3",
   index = 0
 }, (proofElement){
   hashes[] = 
      "b7f7469e851ca4501e5941f99be9e8b883291404a53bdaf1848da317228cd4c2",
   index = 0
 }, (proofElement){
   hashes[] = 
      "aa0b940e1fb04caa3e54b89e78412424970066017ee1dc7eb31d733f43a98ebe",
   index = 1
 }]

---Requested Round Hash
Round hash: 1a4a52a7ab22ce7298f39097743460fc995957c4222117c19a49f9812134daa6

---Computing proof
Level: 0 ( index: 0 )  2f109b4c0dd6f1210419755e6772c11a4bccd491bf2c36aa206d2ae98e8b5350
Level: 1 ( index: 0 )  2be8b53ffe64f9ba9910f028cd2bd8b33e01e68d8904fa58998e0b7b5da72760
Level: 2 ( index: 0 )  494189c93ad5b55beaaa9760311840149ee1ae7cfd411e2d616d3073bcf3c04a
Level: 3 ( index: 1 )  1a4a52a7ab22ce7298f39097743460fc995957c4222117c19a49f9812134daa6

---Comparing Round to Proof
1a4a52a7ab22ce7298f39097743460fc995957c4222117c19a49f9812134daa6
1a4a52a7ab22ce7298f39097743460fc995957c4222117c19a49f9812134daa6
Equal: True