def __init__(self, filename, realm=None):
"""
:param str filename: Config file with users and their password hashes
:param str realm: ZODB's default permissions realm
"""
self.storage_filename = path.splitext(filename)[0] + ".db"
self.storage = FileStorage.FileStorage(self.storage_filename)
self.db = ZODB.DB(self.storage)
self.db_conn = self.db.open()
self.db_root = self.db_conn.root()
root = self.db_root
with transaction.manager:
if not "users" in root:
root["users"] = IdStore() # uid -> user
if not "usernames" in root:
root["usernames"] = self.family.OI.BTree() # username -> uid
self.filename = filename
self.load()
# Frankly speaking, this realm-based security is questionable
# Keep it here for now
if realm:
if self.realm and self.realm != realm:
raise ValueError("Specified realm %r differs from database "
"realm %r" % (realm or '', self.realm))
else:
self.realm = realm
self.noncekey = rand(32)
def __init__(self, filename, realm=None):
"""
:param str filename: Config file with users and their password hashes
:param str realm: ZODB's default permissions realm
"""
self.storage_filename = path.splitext(filename)[0] + ".db"
self.storage = FileStorage.FileStorage(self.storage_filename)
self.db = ZODB.DB(self.storage)
self.db_conn = self.db.open()
self.db_root = self.db_conn.root()
root = self.db_root
with transaction.manager:
if not "users" in root:
root["users"] = IdStore() # uid -> user
if not "usernames" in root:
root["usernames"] = self.family.OI.BTree() # username -> uid
self.filename = filename
self.load()
# Frankly speaking, this realm-based security is questionable
# Keep it here for now
if realm:
if self.realm and self.realm != realm:
raise ValueError("Specified realm %r differs from database "
"realm %r" % (realm or '', self.realm))
else:
self.realm = realm
self.noncekey = rand(32)
def test_aes_rand():
key = rand(32)
cipher1 = AES(key=key)
ciphertext = cipher1.encrypt(TEST_TEXT)
cipher2 = AES(key=key)
assert cipher2.decrypt(ciphertext) == TEST_TEXT
def _encrypt(self, data):
"""
:param str data: Data to encrypt
:return: Encrypted data with hash inside and IV outside
:rtype: str
"""
iv = rand(self.iv_size)
cipher = AES.new(self.key, self.mode, iv)
h = sha256(data).digest()
return cipher.encrypt(data + h) + iv
def auth_get_challenge(self):
"""Return realm, challenge, and nonce."""
self._challenge = rand(32)
self._key_nonce = self._get_nonce()
return self.auth_realm, self._challenge, self._key_nonce
def auth_get_challenge(self):
"""Return realm, challenge, and nonce."""
self._challenge = rand(32)
self._key_nonce = self._get_nonce()
return self.auth_realm, self._challenge, self._key_nonce