Ejemplo n.º 1
0
def test():
  print "DATABASE TESTS\n"
  conn = auth.initDB("test.db")
  random_number = random.randint(0, 500)
  print "Set salt: %d" % random_number
  auth.setHex(conn, auth.SALT, "Mr. Mustafa", random_number)
  retrieved_random_number = auth.getHex(conn, auth.SALT, "Mr. Mustafa")
  print "Got salt: %d" % retrieved_random_number
  assert (retrieved_random_number == random_number), "setHex/getHex do not match"
  
  print "\n\nKEY GENERATION TESTS\n"
  keydict = auth.generateKey(conn, "Mr. Mustafa", random.randint(0, 500))
  print "Generated session key %s" % auth.hexify(keydict["K"])
  print "Verification hash is %d" % keydict["M"]

  print "\n\nENCRYPTION TESTS\n"
  message = """
    And Aaron would have to explain
    about the modular design of the coffins
    and how they could be folded up
    and put inside one another
    "They are not one use only", he would say
    "They are recyclable"
  """
  
  print "\nTrue encryption\n"
  
  encrypted = auth.encrypt(keydict["K"], message)
  print "Encrypted to \"%s\"" % encrypted
  decrypted = auth.decrypt(keydict["K"], encrypted)
  print "Decrypted to \"%s\"" % decrypted
  assert (decrypted == message), "encrypt/decrypt do not match"
  
  print "\nFalse encryption\n"

  encrypted = auth.encrypt("Incorrect keyIncorrect keyIncorr", message)
  print "False encrypted to \"%s\"" % encrypted
  decrypted = auth.decrypt(keydict["K"], encrypted)
  assert (decrypted == None), "Accepted false information"
  if (decrypted == None):
    print "Rejected false information"
Ejemplo n.º 2
0
if __name__ == "__main__":
    #Declare our content-type
    print "Content-Type: application/json"
    print ""

    #Parse the path and such
    path = os.environ["PATH_INFO"].split("/")
    qwargs = urlparse.parse_qs(os.environ["QUERY_STRING"])

    #Enforce one value per query string argument
    for key in qwargs:
        qwargs[key] = qwargs[key][0]

    #Connect to the users database
    conn = auth.initDB("/home/daemon/ecc-index/db/users.db")
    c = conn.cursor()

    c.execute("""
    CREATE TABLE IF NOT EXISTS keys (id INTEGER PRIMARY KEY ASC, uname TEXT, key TEXT)
  """)

    c.execute("""
    SELECT * FROM keys WHERE uname=?
  """, (qwargs["uname"], ))

    keyrow = c.fetchone()

    if keyrow is not None:
        key = base64.b64decode(keyrow[2])
        info = json.loads(auth.decrypt(key, qwargs["info"]))
Ejemplo n.º 3
0
  for key in qwargs:
    qwargs[key] = qwargs[key][0]

  for key in pargs:
    pargs[key] = pargs[key][0]

  nconn = sqlite3.connect("/home/daemon/ecc-index/db/news.db")
  n = nconn.cursor()

  #Make sure that this table exists
  n.execute("""
    CREATE TABLE IF NOT EXISTS news (id INTEGER PRIMARY KEY ASC, title TEXT, body TEXT, timestamp INTEGER)
  """)

  #Connect to the users database
  uconn = auth.initDB("/home/daemon/ecc-index/db/users.db")
  
  #Create the session key table if it's not there yet, and delete any old session keys
  u = uconn.cursor()
  u.execute("""
    CREATE TABLE IF NOT EXISTS keys (id INTEGER PRIMARY KEY ASC, uname TEXT, key TEXT);
  """)
  u.execute("""
    SELECT * FROM keys WHERE uname=?
  """, (qwargs["uname"],))
  
  keyrow = u.fetchone()

  if keyrow is not None:
    key = base64.b64decode(keyrow[2])
    info = json.loads(auth.decrypt(key, pargs["info"]))
Ejemplo n.º 4
0
  def do_GET(self):
    conn = auth.initDB("test.db")
    parsed_url = urlparse.urlparse(self.path)
    path = parsed_url.path.split("/")
    qwargs = urlparse.parse_qs(parsed_url.query)
      
    #Enforce one value per query string arg
    for key in qwargs:
      qwargs[key] = qwargs[key][0]
    
    if (len(path) == 0 or path[1] == "index.html"):
      self.send_response(200)
      self.send_header("Content-Type", "text/html")
      self.end_headers()
      
      index_file = open("test.html", "r")
      self.wfile.write(index_file.read())
      index_file.close()
    elif (path[1] == "jslib"):
      self.send_response(200)
      self.send_header("Content-Type", "text/html")
      self.end_headers()
      
      js_file = open("/".join(path), "r")
      self.wfile.write(js_file.read())
      js_file.close()
    elif (path[1] == "register"):
      self.send_response(200)
      self.send_header("Content-Type", "application/json")
      self.end_headers()
      
      self.wfile.write(json.dumps({
        "success": auth.createUser(conn, qwargs["uname"], qwargs["verifier"], qwargs["salt"])
      }))
    elif (path[1] == "authenticate"):
      self.send_response(200)
      self.send_header("Content-Type", "application/json")
      self.end_headers()

      kdict = auth.generateKey(conn, qwargs["uname"], int(qwargs["A"], 16))
      session_keys[qwargs["uname"]] = kdict["K"]
      key_verifiers[qwargs["uname"]] = kdict["M"]

      print "Generated sesssion key %s." % auth.hexify(kdict["K"])

      self.wfile.write(json.dumps({
        "s": kdict["s"],
        "B": kdict["B"]
      }))
    elif (path[1] == "echo"):
      self.send_response(200)
      self.send_header("Content-Type", "application/json")
      self.end_headers()

      self.wfile.write(json.dumps({
        "cleartext":auth.decrypt(session_keys[qwargs["uname"]], qwargs["message"])
      }))
    else:
      self.send_response(404)
      self.send_header("Content-Type", "text/plain")
      self.end_headers()

      self.wfile.write("What are you talking about")