Personal tools

Ace:IMSPython: Difference between revisions

From Adapt

Jump to: navigation, search
No edit summary
(No difference)

Revision as of 19:55, 7 January 2011

Using the python suds library it's fairly trivial to request tokens from the ACE IMS service.

Validating ace tokens is described in on the ims overview page and token store example page

Request One Token

from suds.client import Client

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)
request = client.factory.create('tokenRequest')
request.hashValue = '4ed9ba3d9c7e3e092d0b0e3441f04574'
request.name = 'MyFile'

result = client.service.requestTokensImmediate('SHA-256-0',reqlist)
print result

Here's the result of running it:

[python] [toaster@loach ace-cli]$ python test2.py 
[(tokenResponse){
   digestService = "SHA-256"
   name = "somename"
   proofElements[] = 
      (proofElement){
         hashes[] = 
            "9129f93bc8ac2d93e35aa6206298fb8616690211a8563db51cf2ea1159682692",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "34bd07cc18a7ab1a47467081dcb21a6ca1857b1d3bdc12106ba2fd538b3bafbd",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "8a2042da9a114a41cf3738a841d65336af5b864ed6be8484c6bae4a4ac9e65a1",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "e95826668c3f301bef729e60157bbd3dbc346859ceee71655a9a065106276d72",
         index = 1
      },
   roundId = 2892850
   statusCode = 100
   timestamp = 2011-01-07 12:59:36.000013
   tokenClassName = "SHA-256-0"
 }]

Secure One File

Using hashlib, and binascii we can use python to both generate a digest and grab an ace token for that digest.

import hashlib
import binascii
from suds.client import Client

filename='test2.py'

digFile = open(filename,'rb')
hashAlg = hashlib.sha256()
hashAlg.update(digFile.read())
filedigest = binascii.b2a_hex(hashAlg.digest())

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)

print  filename, ' ', filedigest

request = client.factory.create('tokenRequest')
request.hashValue = filedigest
request.name = filename

result = client.service.requestTokensImmediate('SHA-256-0',request)
print result

And the output:

[python] [toaster@loach ace-cli]$ python test2.py
test2.py   164182eef9792e2e1c5005cd9240ff508aef042b8fa344597431eae39370c784
[(tokenResponse){
   digestService = "SHA-256"
   name = "test2.py"
   proofElements[] = 
      (proofElement){
         hashes[] = 
            "c5e82872eeee3dfa539202a9757f8a5364b6fded4dfcb40b66084158f2b5c627",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "6e16a71847403f4e586625463160993bfab189c0bba771d81354c03d9c3591fd",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "0879b385c366d07142446a18dfb6d19c468a733991e9685fc75ce6f4b929b659",
         index = 0
      },
      (proofElement){
         hashes[] = 
            "e19dd18bd9eabf79a074d72231a7117bd2319a859d31a429575b4657e85d0c95",
         index = 1
      },
   roundId = 2893078
   statusCode = 100
   timestamp = 2011-01-07 13:08:27.000253
   tokenClassName = "SHA-256-0"
 }]

Bulk sending

Rather than sending one token per request, you should create batches to send. Just send a 'list' of tokenRequest objects to requestTokensImmediate. The IMS currently supports up to 10,000 tokens per request.

Round Requests

You can request the round hashes for one or more rounds using getRoundSummaries.

from suds.client import Client

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)

result = client.service.getRoundSummaries(2893078)
print result[0].id
print result[0].hashValue

output

[python] [toaster@loach ace-cli]$ python test2.py
2893078
1324d496da42e04347c74001f8bd948b31fa296419ee49246ba5494970b16752

Complete Example

This example will read a file, compute its digest and request a token. It will then recompute the round hash using the

import hashlib
import binascii
from suds.client import Client

filename='test2.py'

digFile = open(filename,'rb')
hashAlg = hashlib.sha256()
hashAlg.update(digFile.read())
binarydigest = hashAlg.digest()
filedigest = binascii.b2a_hex(binarydigest)

url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)

print '---File to secure:'
print filename, ' ', filedigest


print '\n---Token Response from IMS'
request = client.factory.create('tokenRequest')
request.hashValue = filedigest
request.name = filename
token = client.service.requestTokensImmediate('SHA-256-0',request)
print 'Round:',  token[0].roundId, ' Date:', token[0].timestamp
print token[0].proofElements


print '\n---Computing proof'

level = 0
prevhash = binarydigest
for element in token[0].proofElements:
    i = 0
    hashAlg = hashlib.sha256()
    # create level by converting hashes to bytes and inserting 
    # previous level where necessary, first level uses file hash
    for strhash in element.hashes:
        if i == element.index:
            hashAlg.update(prevhash)
        hashAlg.update(binascii.a2b_hex(strhash))
        i = i + 1

    # in case previous level is to be inserted at end
    if i == element.index:
        hashAlg.update(prevhash)
    prevhash = hashAlg.digest()
    print 'Level:',level, '( index:',element.index,') ', binascii.b2a_hex(prevhash)
    level = level + 1

print '\n---Requesting Round Hash for',token[0].roundId
rounds = client.service.getRoundSummaries(token[0].roundId)
print 'Round hash:', rounds[0].hashValue

print '\n---Comparing Round Hash to computed proof hash'
print rounds[0].hashValue
print binascii.b2a_hex(prevhash)
print 'Equal:',binascii.b2a_hex(prevhash) == rounds[0].hashValue

And now the output:

[python] [toaster@loach ace-cli]$ python test2.py
---File to secure:
test2.py   1f9bf12fc4e402d6cad8b36f9f6e0482af14add1b00f0f5aff2197309483a199

---Token Response from IMS
Round: 2895642  Date: 2011-01-07 14:54:21.000883
[(proofElement){
   hashes[] = 
      "31ed6c99ea3932bd2cbc8db0e42fc7bd028a773ac7e2359785f55fe076a6492b",
   index = 0
 }, (proofElement){
   hashes[] = 
      "be071a2271d0be7633e986c4463cbc3fc39e244d75948000c41583e78d0398e3",
   index = 0
 }, (proofElement){
   hashes[] = 
      "2cb53579297ff25fa6492e6f9b4cc130acf379f1061e31d2e5fd65da734c0f91",
   index = 0
 }, (proofElement){
   hashes[] = 
      "439e40fbeae4635d014091ed93324cd467c61a3848516ee99d2c0bb20e02e7cf",
   index = 1
 }]

---Computing proof
Level: 0 ( index: 0 )  f91649510d117b361d6023b8846f12f273de0e25fab257d94be774a77bd222c6
Level: 1 ( index: 0 )  1d56960d990765a1581559786df5e77dbdcf25e6c53b79f215375001ac761f88
Level: 2 ( index: 0 )  31473c279b3d0d4714b096fe59c0aaa2b36286cbf3e82dbc9afb73a988a33f3e
Level: 3 ( index: 1 )  1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c

---Requesting Round Hash for 2895642
Round hash: 1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c

---Comparing Round Hash to computed proof hash
1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c
1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c
Equal: True