Example #1
0
    def POST(self):
        client_cert_pem = cipherLib.cleanReceivedPEM(cherrypy.request.headers['Ssl-Client-Cert'])
        name = cherrypy.request.headers['Ssl-Client-S-Dn-Cn']

        user_id = storage.get_user_identifier(client_cert_pem)
        if user_id == None:
            storage.create_new_user(name, client_cert_pem)
            user_id = storage.get_user_identifier(client_cert_pem)

        content_length = int(cherrypy.request.headers['Content-Length'])
        if content_length > 0:
            try:
                raw_body = cherrypy.request.body.read(content_length)
                body = json.loads(raw_body)
                if 'key' in body:
                    if len(body['key']) != BLOCK_SIZE * 2:
                        raise cherrypy.HTTPError(400, "Key is not valid")
                    cherrypy.session[SESSION_DEVICE] = binascii.unhexlify(body['key'])
                    storage.associate_device_to_user(user_id, cherrypy.session.get(SESSION_DEVICE))
            except Exception:
                raise cherrypy.HTTPError(400, "Wrong format")

        if SESSION_PLAYER in cherrypy.session:
            storage.associate_player_to_user(user_id, cherrypy.session[SESSION_PLAYER])

        cherrypy.session[SESSION_USERID] = user_id
        cherrypy.response.status = 200
        return {"status": 200, "message": "Login successfully", "username": name}
Example #2
0
    def POST(self):
        salt = cherrypy.session[SESSION_CHALLENGE_SALT]
        cherrypy.session[SESSION_CHALLENGE_SALT] = None

        try:
            content_length = int(cherrypy.request.headers['Content-Length'])
            raw_body = cherrypy.request.body.read(content_length)
            body = json.loads(raw_body)

            cert_pem = binascii.unhexlify(body['cert_pem'])
            sign = binascii.unhexlify(body['sign'])
            cidadao_cn = binascii.unhexlify(body['cidadao_cn'])
            ec_aut = binascii.unhexlify(body['ec_aut'])
            dkey = binascii.unhexlify(body['key'])
        except Exception:
            raise cherrypy.HTTPError(400, "Parameters with wrong format")

        if not cipherLib.validateCertificate(cert_pem, cidadao_cn, ec_aut):
            raise cherrypy.HTTPError(400, "Certificate couldn't be validated")

        if not cipherLib.verifySignature(cert_pem, salt, sign):
            raise cherrypy.HTTPError(400, "User challenge failed")

        user_id = storage.get_user_identifier(cert_pem)
        if user_id == None:
            obj = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem)
            names = obj.get_subject().get_components()
            username = None
            for (name, value) in names:
                if 'CN' == name:
                    username = value
            if username is None:
                raise cherrypy.HTTPError(400, "Certificate doesn't have CN property defined")
            storage.create_new_user(username, cert_pem)
            user_id = storage.get_user_identifier(cert_pem)

        # Associate device to the user
        cherrypy.session[SESSION_DEVICE] = dkey
        storage.associate_device_to_user(user_id, cherrypy.session.get(SESSION_DEVICE))

        if SESSION_PLAYER in cherrypy.session:
            storage.associate_player_to_user(user_id, cherrypy.session[SESSION_PLAYER])

        cherrypy.session[SESSION_USERID] = user_id
        cherrypy.session[SESSION_CHALLENGE_VALID] = True
        cherrypy.response.status = 200
        return {"status": 200, "message": "User challenge validated with success."}