Show More
| @@ -1,277 +1,277 b'' | |||||
| 1 | """Functions for signing notebooks""" |
|
1 | """Functions for signing notebooks""" | |
| 2 | #----------------------------------------------------------------------------- |
|
2 | #----------------------------------------------------------------------------- | |
| 3 | # Copyright (C) 2014, The IPython Development Team |
|
3 | # Copyright (C) 2014, The IPython Development Team | |
| 4 | # |
|
4 | # | |
| 5 | # Distributed under the terms of the BSD License. The full license is in |
|
5 | # Distributed under the terms of the BSD License. The full license is in | |
| 6 | # the file COPYING, distributed as part of this software. |
|
6 | # the file COPYING, distributed as part of this software. | |
| 7 | #----------------------------------------------------------------------------- |
|
7 | #----------------------------------------------------------------------------- | |
| 8 |
|
8 | |||
| 9 | #----------------------------------------------------------------------------- |
|
9 | #----------------------------------------------------------------------------- | |
| 10 | # Imports |
|
10 | # Imports | |
| 11 | #----------------------------------------------------------------------------- |
|
11 | #----------------------------------------------------------------------------- | |
| 12 |
|
12 | |||
| 13 | import base64 |
|
13 | import base64 | |
| 14 | from contextlib import contextmanager |
|
14 | from contextlib import contextmanager | |
| 15 | import hashlib |
|
15 | import hashlib | |
| 16 | from hmac import HMAC |
|
16 | from hmac import HMAC | |
| 17 | import io |
|
17 | import io | |
| 18 | import os |
|
18 | import os | |
| 19 |
|
19 | |||
| 20 | from IPython.utils.py3compat import string_types, unicode_type, cast_bytes |
|
20 | from IPython.utils.py3compat import string_types, unicode_type, cast_bytes | |
| 21 | from IPython.utils.traitlets import Instance, Bytes, Enum, Any, Unicode, Bool |
|
21 | from IPython.utils.traitlets import Instance, Bytes, Enum, Any, Unicode, Bool | |
| 22 | from IPython.config import LoggingConfigurable, MultipleInstanceError |
|
22 | from IPython.config import LoggingConfigurable, MultipleInstanceError | |
| 23 | from IPython.core.application import BaseIPythonApplication, base_flags |
|
23 | from IPython.core.application import BaseIPythonApplication, base_flags | |
| 24 |
|
24 | |||
| 25 | from .current import read, write |
|
25 | from .current import read, write | |
| 26 |
|
26 | |||
| 27 | #----------------------------------------------------------------------------- |
|
27 | #----------------------------------------------------------------------------- | |
| 28 | # Code |
|
28 | # Code | |
| 29 | #----------------------------------------------------------------------------- |
|
29 | #----------------------------------------------------------------------------- | |
| 30 | try: |
|
30 | try: | |
| 31 | # Python 3 |
|
31 | # Python 3 | |
| 32 | algorithms = hashlib.algorithms_guaranteed |
|
32 | algorithms = hashlib.algorithms_guaranteed | |
| 33 | except AttributeError: |
|
33 | except AttributeError: | |
| 34 | algorithms = hashlib.algorithms |
|
34 | algorithms = hashlib.algorithms | |
| 35 |
|
35 | |||
| 36 | def yield_everything(obj): |
|
36 | def yield_everything(obj): | |
| 37 | """Yield every item in a container as bytes |
|
37 | """Yield every item in a container as bytes | |
| 38 |
|
38 | |||
| 39 | Allows any JSONable object to be passed to an HMAC digester |
|
39 | Allows any JSONable object to be passed to an HMAC digester | |
| 40 | without having to serialize the whole thing. |
|
40 | without having to serialize the whole thing. | |
| 41 | """ |
|
41 | """ | |
| 42 | if isinstance(obj, dict): |
|
42 | if isinstance(obj, dict): | |
| 43 | for key in sorted(obj): |
|
43 | for key in sorted(obj): | |
| 44 | value = obj[key] |
|
44 | value = obj[key] | |
| 45 | yield cast_bytes(key) |
|
45 | yield cast_bytes(key) | |
| 46 | for b in yield_everything(value): |
|
46 | for b in yield_everything(value): | |
| 47 | yield b |
|
47 | yield b | |
| 48 | elif isinstance(obj, (list, tuple)): |
|
48 | elif isinstance(obj, (list, tuple)): | |
| 49 | for element in obj: |
|
49 | for element in obj: | |
| 50 | for b in yield_everything(element): |
|
50 | for b in yield_everything(element): | |
| 51 | yield b |
|
51 | yield b | |
| 52 | elif isinstance(obj, unicode_type): |
|
52 | elif isinstance(obj, unicode_type): | |
| 53 | yield obj.encode('utf8') |
|
53 | yield obj.encode('utf8') | |
| 54 | else: |
|
54 | else: | |
| 55 | yield unicode_type(obj).encode('utf8') |
|
55 | yield unicode_type(obj).encode('utf8') | |
| 56 |
|
56 | |||
| 57 |
|
57 | |||
| 58 | @contextmanager |
|
58 | @contextmanager | |
| 59 | def signature_removed(nb): |
|
59 | def signature_removed(nb): | |
| 60 | """Context manager for operating on a notebook with its signature removed |
|
60 | """Context manager for operating on a notebook with its signature removed | |
| 61 |
|
61 | |||
| 62 | Used for excluding the previous signature when computing a notebook's signature. |
|
62 | Used for excluding the previous signature when computing a notebook's signature. | |
| 63 | """ |
|
63 | """ | |
| 64 | save_signature = nb['metadata'].pop('signature', None) |
|
64 | save_signature = nb['metadata'].pop('signature', None) | |
| 65 | try: |
|
65 | try: | |
| 66 | yield |
|
66 | yield | |
| 67 | finally: |
|
67 | finally: | |
| 68 | if save_signature is not None: |
|
68 | if save_signature is not None: | |
| 69 | nb['metadata']['signature'] = save_signature |
|
69 | nb['metadata']['signature'] = save_signature | |
| 70 |
|
70 | |||
| 71 |
|
71 | |||
| 72 | class NotebookNotary(LoggingConfigurable): |
|
72 | class NotebookNotary(LoggingConfigurable): | |
| 73 | """A class for computing and verifying notebook signatures.""" |
|
73 | """A class for computing and verifying notebook signatures.""" | |
| 74 |
|
74 | |||
| 75 | profile_dir = Instance("IPython.core.profiledir.ProfileDir") |
|
75 | profile_dir = Instance("IPython.core.profiledir.ProfileDir") | |
| 76 | def _profile_dir_default(self): |
|
76 | def _profile_dir_default(self): | |
| 77 | from IPython.core.application import BaseIPythonApplication |
|
77 | from IPython.core.application import BaseIPythonApplication | |
| 78 | app = None |
|
78 | app = None | |
| 79 | try: |
|
79 | try: | |
| 80 | if BaseIPythonApplication.initialized(): |
|
80 | if BaseIPythonApplication.initialized(): | |
| 81 | app = BaseIPythonApplication.instance() |
|
81 | app = BaseIPythonApplication.instance() | |
| 82 | except MultipleInstanceError: |
|
82 | except MultipleInstanceError: | |
| 83 | pass |
|
83 | pass | |
| 84 | if app is None: |
|
84 | if app is None: | |
| 85 | # create an app, without the global instance |
|
85 | # create an app, without the global instance | |
| 86 | app = BaseIPythonApplication() |
|
86 | app = BaseIPythonApplication() | |
| 87 | app.initialize() |
|
87 | app.initialize(argv=[]) | |
| 88 | return app.profile_dir |
|
88 | return app.profile_dir | |
| 89 |
|
89 | |||
| 90 | algorithm = Enum(algorithms, default_value='sha256', config=True, |
|
90 | algorithm = Enum(algorithms, default_value='sha256', config=True, | |
| 91 | help="""The hashing algorithm used to sign notebooks.""" |
|
91 | help="""The hashing algorithm used to sign notebooks.""" | |
| 92 | ) |
|
92 | ) | |
| 93 | def _algorithm_changed(self, name, old, new): |
|
93 | def _algorithm_changed(self, name, old, new): | |
| 94 | self.digestmod = getattr(hashlib, self.algorithm) |
|
94 | self.digestmod = getattr(hashlib, self.algorithm) | |
| 95 |
|
95 | |||
| 96 | digestmod = Any() |
|
96 | digestmod = Any() | |
| 97 | def _digestmod_default(self): |
|
97 | def _digestmod_default(self): | |
| 98 | return getattr(hashlib, self.algorithm) |
|
98 | return getattr(hashlib, self.algorithm) | |
| 99 |
|
99 | |||
| 100 | secret_file = Unicode() |
|
100 | secret_file = Unicode() | |
| 101 | def _secret_file_default(self): |
|
101 | def _secret_file_default(self): | |
| 102 | if self.profile_dir is None: |
|
102 | if self.profile_dir is None: | |
| 103 | return '' |
|
103 | return '' | |
| 104 | return os.path.join(self.profile_dir.security_dir, 'notebook_secret') |
|
104 | return os.path.join(self.profile_dir.security_dir, 'notebook_secret') | |
| 105 |
|
105 | |||
| 106 | secret = Bytes(config=True, |
|
106 | secret = Bytes(config=True, | |
| 107 | help="""The secret key with which notebooks are signed.""" |
|
107 | help="""The secret key with which notebooks are signed.""" | |
| 108 | ) |
|
108 | ) | |
| 109 | def _secret_default(self): |
|
109 | def _secret_default(self): | |
| 110 | # note : this assumes an Application is running |
|
110 | # note : this assumes an Application is running | |
| 111 | if os.path.exists(self.secret_file): |
|
111 | if os.path.exists(self.secret_file): | |
| 112 | with io.open(self.secret_file, 'rb') as f: |
|
112 | with io.open(self.secret_file, 'rb') as f: | |
| 113 | return f.read() |
|
113 | return f.read() | |
| 114 | else: |
|
114 | else: | |
| 115 | secret = base64.encodestring(os.urandom(1024)) |
|
115 | secret = base64.encodestring(os.urandom(1024)) | |
| 116 | self._write_secret_file(secret) |
|
116 | self._write_secret_file(secret) | |
| 117 | return secret |
|
117 | return secret | |
| 118 |
|
118 | |||
| 119 | def _write_secret_file(self, secret): |
|
119 | def _write_secret_file(self, secret): | |
| 120 | """write my secret to my secret_file""" |
|
120 | """write my secret to my secret_file""" | |
| 121 | self.log.info("Writing notebook-signing key to %s", self.secret_file) |
|
121 | self.log.info("Writing notebook-signing key to %s", self.secret_file) | |
| 122 | with io.open(self.secret_file, 'wb') as f: |
|
122 | with io.open(self.secret_file, 'wb') as f: | |
| 123 | f.write(secret) |
|
123 | f.write(secret) | |
| 124 | try: |
|
124 | try: | |
| 125 | os.chmod(self.secret_file, 0o600) |
|
125 | os.chmod(self.secret_file, 0o600) | |
| 126 | except OSError: |
|
126 | except OSError: | |
| 127 | self.log.warn( |
|
127 | self.log.warn( | |
| 128 | "Could not set permissions on %s", |
|
128 | "Could not set permissions on %s", | |
| 129 | self.secret_file |
|
129 | self.secret_file | |
| 130 | ) |
|
130 | ) | |
| 131 | return secret |
|
131 | return secret | |
| 132 |
|
132 | |||
| 133 | def compute_signature(self, nb): |
|
133 | def compute_signature(self, nb): | |
| 134 | """Compute a notebook's signature |
|
134 | """Compute a notebook's signature | |
| 135 |
|
135 | |||
| 136 | by hashing the entire contents of the notebook via HMAC digest. |
|
136 | by hashing the entire contents of the notebook via HMAC digest. | |
| 137 | """ |
|
137 | """ | |
| 138 | hmac = HMAC(self.secret, digestmod=self.digestmod) |
|
138 | hmac = HMAC(self.secret, digestmod=self.digestmod) | |
| 139 | # don't include the previous hash in the content to hash |
|
139 | # don't include the previous hash in the content to hash | |
| 140 | with signature_removed(nb): |
|
140 | with signature_removed(nb): | |
| 141 | # sign the whole thing |
|
141 | # sign the whole thing | |
| 142 | for b in yield_everything(nb): |
|
142 | for b in yield_everything(nb): | |
| 143 | hmac.update(b) |
|
143 | hmac.update(b) | |
| 144 |
|
144 | |||
| 145 | return hmac.hexdigest() |
|
145 | return hmac.hexdigest() | |
| 146 |
|
146 | |||
| 147 | def check_signature(self, nb): |
|
147 | def check_signature(self, nb): | |
| 148 | """Check a notebook's stored signature |
|
148 | """Check a notebook's stored signature | |
| 149 |
|
149 | |||
| 150 | If a signature is stored in the notebook's metadata, |
|
150 | If a signature is stored in the notebook's metadata, | |
| 151 | a new signature is computed and compared with the stored value. |
|
151 | a new signature is computed and compared with the stored value. | |
| 152 |
|
152 | |||
| 153 | Returns True if the signature is found and matches, False otherwise. |
|
153 | Returns True if the signature is found and matches, False otherwise. | |
| 154 |
|
154 | |||
| 155 | The following conditions must all be met for a notebook to be trusted: |
|
155 | The following conditions must all be met for a notebook to be trusted: | |
| 156 | - a signature is stored in the form 'scheme:hexdigest' |
|
156 | - a signature is stored in the form 'scheme:hexdigest' | |
| 157 | - the stored scheme matches the requested scheme |
|
157 | - the stored scheme matches the requested scheme | |
| 158 | - the requested scheme is available from hashlib |
|
158 | - the requested scheme is available from hashlib | |
| 159 | - the computed hash from notebook_signature matches the stored hash |
|
159 | - the computed hash from notebook_signature matches the stored hash | |
| 160 | """ |
|
160 | """ | |
| 161 | stored_signature = nb['metadata'].get('signature', None) |
|
161 | stored_signature = nb['metadata'].get('signature', None) | |
| 162 | if not stored_signature \ |
|
162 | if not stored_signature \ | |
| 163 | or not isinstance(stored_signature, string_types) \ |
|
163 | or not isinstance(stored_signature, string_types) \ | |
| 164 | or ':' not in stored_signature: |
|
164 | or ':' not in stored_signature: | |
| 165 | return False |
|
165 | return False | |
| 166 | stored_algo, sig = stored_signature.split(':', 1) |
|
166 | stored_algo, sig = stored_signature.split(':', 1) | |
| 167 | if self.algorithm != stored_algo: |
|
167 | if self.algorithm != stored_algo: | |
| 168 | return False |
|
168 | return False | |
| 169 | my_signature = self.compute_signature(nb) |
|
169 | my_signature = self.compute_signature(nb) | |
| 170 | return my_signature == sig |
|
170 | return my_signature == sig | |
| 171 |
|
171 | |||
| 172 | def sign(self, nb): |
|
172 | def sign(self, nb): | |
| 173 | """Sign a notebook, indicating that its output is trusted |
|
173 | """Sign a notebook, indicating that its output is trusted | |
| 174 |
|
174 | |||
| 175 | stores 'algo:hmac-hexdigest' in notebook.metadata.signature |
|
175 | stores 'algo:hmac-hexdigest' in notebook.metadata.signature | |
| 176 |
|
176 | |||
| 177 | e.g. 'sha256:deadbeef123...' |
|
177 | e.g. 'sha256:deadbeef123...' | |
| 178 | """ |
|
178 | """ | |
| 179 | signature = self.compute_signature(nb) |
|
179 | signature = self.compute_signature(nb) | |
| 180 | nb['metadata']['signature'] = "%s:%s" % (self.algorithm, signature) |
|
180 | nb['metadata']['signature'] = "%s:%s" % (self.algorithm, signature) | |
| 181 |
|
181 | |||
| 182 | def mark_cells(self, nb, trusted): |
|
182 | def mark_cells(self, nb, trusted): | |
| 183 | """Mark cells as trusted if the notebook's signature can be verified |
|
183 | """Mark cells as trusted if the notebook's signature can be verified | |
| 184 |
|
184 | |||
| 185 | Sets ``cell.trusted = True | False`` on all code cells, |
|
185 | Sets ``cell.trusted = True | False`` on all code cells, | |
| 186 | depending on whether the stored signature can be verified. |
|
186 | depending on whether the stored signature can be verified. | |
| 187 |
|
187 | |||
| 188 | This function is the inverse of check_cells |
|
188 | This function is the inverse of check_cells | |
| 189 | """ |
|
189 | """ | |
| 190 | if not nb['worksheets']: |
|
190 | if not nb['worksheets']: | |
| 191 | # nothing to mark if there are no cells |
|
191 | # nothing to mark if there are no cells | |
| 192 | return |
|
192 | return | |
| 193 | for cell in nb['worksheets'][0]['cells']: |
|
193 | for cell in nb['worksheets'][0]['cells']: | |
| 194 | if cell['cell_type'] == 'code': |
|
194 | if cell['cell_type'] == 'code': | |
| 195 | cell['trusted'] = trusted |
|
195 | cell['trusted'] = trusted | |
| 196 |
|
196 | |||
| 197 | def check_cells(self, nb): |
|
197 | def check_cells(self, nb): | |
| 198 | """Return whether all code cells are trusted |
|
198 | """Return whether all code cells are trusted | |
| 199 |
|
199 | |||
| 200 | If there are no code cells, return True. |
|
200 | If there are no code cells, return True. | |
| 201 |
|
201 | |||
| 202 | This function is the inverse of mark_cells. |
|
202 | This function is the inverse of mark_cells. | |
| 203 | """ |
|
203 | """ | |
| 204 | if not nb['worksheets']: |
|
204 | if not nb['worksheets']: | |
| 205 | return True |
|
205 | return True | |
| 206 | for cell in nb['worksheets'][0]['cells']: |
|
206 | for cell in nb['worksheets'][0]['cells']: | |
| 207 | if cell['cell_type'] != 'code': |
|
207 | if cell['cell_type'] != 'code': | |
| 208 | continue |
|
208 | continue | |
| 209 | if not cell.get('trusted', False): |
|
209 | if not cell.get('trusted', False): | |
| 210 | return False |
|
210 | return False | |
| 211 | return True |
|
211 | return True | |
| 212 |
|
212 | |||
| 213 |
|
213 | |||
| 214 | trust_flags = { |
|
214 | trust_flags = { | |
| 215 | 'reset' : ( |
|
215 | 'reset' : ( | |
| 216 | {'TrustNotebookApp' : { 'reset' : True}}, |
|
216 | {'TrustNotebookApp' : { 'reset' : True}}, | |
| 217 | """Generate a new key for notebook signature. |
|
217 | """Generate a new key for notebook signature. | |
| 218 | All previously signed notebooks will become untrusted. |
|
218 | All previously signed notebooks will become untrusted. | |
| 219 | """ |
|
219 | """ | |
| 220 | ), |
|
220 | ), | |
| 221 | } |
|
221 | } | |
| 222 | trust_flags.update(base_flags) |
|
222 | trust_flags.update(base_flags) | |
| 223 | trust_flags.pop('init') |
|
223 | trust_flags.pop('init') | |
| 224 |
|
224 | |||
| 225 |
|
225 | |||
| 226 | class TrustNotebookApp(BaseIPythonApplication): |
|
226 | class TrustNotebookApp(BaseIPythonApplication): | |
| 227 |
|
227 | |||
| 228 | description="""Sign one or more IPython notebooks with your key, |
|
228 | description="""Sign one or more IPython notebooks with your key, | |
| 229 | to trust their dynamic (HTML, Javascript) output. |
|
229 | to trust their dynamic (HTML, Javascript) output. | |
| 230 |
|
230 | |||
| 231 | Otherwise, you will have to re-execute the notebook to see output. |
|
231 | Otherwise, you will have to re-execute the notebook to see output. | |
| 232 | """ |
|
232 | """ | |
| 233 |
|
233 | |||
| 234 | examples = """ipython trust mynotebook.ipynb and_this_one.ipynb""" |
|
234 | examples = """ipython trust mynotebook.ipynb and_this_one.ipynb""" | |
| 235 |
|
235 | |||
| 236 | flags = trust_flags |
|
236 | flags = trust_flags | |
| 237 |
|
237 | |||
| 238 | reset = Bool(False, config=True, |
|
238 | reset = Bool(False, config=True, | |
| 239 | help="""If True, generate a new key for notebook signature. |
|
239 | help="""If True, generate a new key for notebook signature. | |
| 240 | After reset, all previously signed notebooks will become untrusted. |
|
240 | After reset, all previously signed notebooks will become untrusted. | |
| 241 | """ |
|
241 | """ | |
| 242 | ) |
|
242 | ) | |
| 243 |
|
243 | |||
| 244 | notary = Instance(NotebookNotary) |
|
244 | notary = Instance(NotebookNotary) | |
| 245 | def _notary_default(self): |
|
245 | def _notary_default(self): | |
| 246 | return NotebookNotary(parent=self, profile_dir=self.profile_dir) |
|
246 | return NotebookNotary(parent=self, profile_dir=self.profile_dir) | |
| 247 |
|
247 | |||
| 248 | def sign_notebook(self, notebook_path): |
|
248 | def sign_notebook(self, notebook_path): | |
| 249 | if not os.path.exists(notebook_path): |
|
249 | if not os.path.exists(notebook_path): | |
| 250 | self.log.error("Notebook missing: %s" % notebook_path) |
|
250 | self.log.error("Notebook missing: %s" % notebook_path) | |
| 251 | self.exit(1) |
|
251 | self.exit(1) | |
| 252 | with io.open(notebook_path, encoding='utf8') as f: |
|
252 | with io.open(notebook_path, encoding='utf8') as f: | |
| 253 | nb = read(f, 'json') |
|
253 | nb = read(f, 'json') | |
| 254 | if self.notary.check_signature(nb): |
|
254 | if self.notary.check_signature(nb): | |
| 255 | print("Notebook already signed: %s" % notebook_path) |
|
255 | print("Notebook already signed: %s" % notebook_path) | |
| 256 | else: |
|
256 | else: | |
| 257 | print("Signing notebook: %s" % notebook_path) |
|
257 | print("Signing notebook: %s" % notebook_path) | |
| 258 | self.notary.sign(nb) |
|
258 | self.notary.sign(nb) | |
| 259 | with io.open(notebook_path, 'w', encoding='utf8') as f: |
|
259 | with io.open(notebook_path, 'w', encoding='utf8') as f: | |
| 260 | write(nb, f, 'json') |
|
260 | write(nb, f, 'json') | |
| 261 |
|
261 | |||
| 262 | def generate_new_key(self): |
|
262 | def generate_new_key(self): | |
| 263 | """Generate a new notebook signature key""" |
|
263 | """Generate a new notebook signature key""" | |
| 264 | print("Generating new notebook key: %s" % self.notary.secret_file) |
|
264 | print("Generating new notebook key: %s" % self.notary.secret_file) | |
| 265 | self.notary._write_secret_file(os.urandom(1024)) |
|
265 | self.notary._write_secret_file(os.urandom(1024)) | |
| 266 |
|
266 | |||
| 267 | def start(self): |
|
267 | def start(self): | |
| 268 | if self.reset: |
|
268 | if self.reset: | |
| 269 | self.generate_new_key() |
|
269 | self.generate_new_key() | |
| 270 | return |
|
270 | return | |
| 271 | if not self.extra_args: |
|
271 | if not self.extra_args: | |
| 272 | self.log.critical("Specify at least one notebook to sign.") |
|
272 | self.log.critical("Specify at least one notebook to sign.") | |
| 273 | self.exit(1) |
|
273 | self.exit(1) | |
| 274 |
|
274 | |||
| 275 | for notebook_path in self.extra_args: |
|
275 | for notebook_path in self.extra_args: | |
| 276 | self.sign_notebook(notebook_path) |
|
276 | self.sign_notebook(notebook_path) | |
| 277 |
|
277 | |||
General Comments 0
You need to be logged in to leave comments.
Login now