def test():
print "DATABASE TESTS\n"
conn = auth.initDB("test.db")
random_number = random.randint(0, 500)
print "Set salt: %d" % random_number
auth.setHex(conn, auth.SALT, "Mr. Mustafa", random_number)
retrieved_random_number = auth.getHex(conn, auth.SALT, "Mr. Mustafa")
print "Got salt: %d" % retrieved_random_number
assert (retrieved_random_number == random_number), "setHex/getHex do not match"
print "\n\nKEY GENERATION TESTS\n"
keydict = auth.generateKey(conn, "Mr. Mustafa", random.randint(0, 500))
print "Generated session key %s" % auth.hexify(keydict["K"])
print "Verification hash is %d" % keydict["M"]
print "\n\nENCRYPTION TESTS\n"
message = """
And Aaron would have to explain
about the modular design of the coffins
and how they could be folded up
and put inside one another
"They are not one use only", he would say
"They are recyclable"
"""
print "\nTrue encryption\n"
encrypted = auth.encrypt(keydict["K"], message)
print "Encrypted to \"%s\"" % encrypted
decrypted = auth.decrypt(keydict["K"], encrypted)
print "Decrypted to \"%s\"" % decrypted
assert (decrypted == message), "encrypt/decrypt do not match"
print "\nFalse encryption\n"
encrypted = auth.encrypt("Incorrect keyIncorrect keyIncorr", message)
print "False encrypted to \"%s\"" % encrypted
decrypted = auth.decrypt(keydict["K"], encrypted)
assert (decrypted == None), "Accepted false information"
if (decrypted == None):
print "Rejected false information"
if __name__ == "__main__":
#Declare our content-type
print "Content-Type: application/json"
print ""
#Parse the path and such
path = os.environ["PATH_INFO"].split("/")
qwargs = urlparse.parse_qs(os.environ["QUERY_STRING"])
#Enforce one value per query string argument
for key in qwargs:
qwargs[key] = qwargs[key][0]
#Connect to the users database
conn = auth.initDB("/home/daemon/ecc-index/db/users.db")
c = conn.cursor()
c.execute("""
CREATE TABLE IF NOT EXISTS keys (id INTEGER PRIMARY KEY ASC, uname TEXT, key TEXT)
""")
c.execute("""
SELECT * FROM keys WHERE uname=?
""", (qwargs["uname"], ))
keyrow = c.fetchone()
if keyrow is not None:
key = base64.b64decode(keyrow[2])
info = json.loads(auth.decrypt(key, qwargs["info"]))
for key in qwargs:
qwargs[key] = qwargs[key][0]
for key in pargs:
pargs[key] = pargs[key][0]
nconn = sqlite3.connect("/home/daemon/ecc-index/db/news.db")
n = nconn.cursor()
#Make sure that this table exists
n.execute("""
CREATE TABLE IF NOT EXISTS news (id INTEGER PRIMARY KEY ASC, title TEXT, body TEXT, timestamp INTEGER)
""")
#Connect to the users database
uconn = auth.initDB("/home/daemon/ecc-index/db/users.db")
#Create the session key table if it's not there yet, and delete any old session keys
u = uconn.cursor()
u.execute("""
CREATE TABLE IF NOT EXISTS keys (id INTEGER PRIMARY KEY ASC, uname TEXT, key TEXT);
""")
u.execute("""
SELECT * FROM keys WHERE uname=?
""", (qwargs["uname"],))
keyrow = u.fetchone()
if keyrow is not None:
key = base64.b64decode(keyrow[2])
info = json.loads(auth.decrypt(key, pargs["info"]))
def do_GET(self):
conn = auth.initDB("test.db")
parsed_url = urlparse.urlparse(self.path)
path = parsed_url.path.split("/")
qwargs = urlparse.parse_qs(parsed_url.query)
#Enforce one value per query string arg
for key in qwargs:
qwargs[key] = qwargs[key][0]
if (len(path) == 0 or path[1] == "index.html"):
self.send_response(200)
self.send_header("Content-Type", "text/html")
self.end_headers()
index_file = open("test.html", "r")
self.wfile.write(index_file.read())
index_file.close()
elif (path[1] == "jslib"):
self.send_response(200)
self.send_header("Content-Type", "text/html")
self.end_headers()
js_file = open("/".join(path), "r")
self.wfile.write(js_file.read())
js_file.close()
elif (path[1] == "register"):
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.end_headers()
self.wfile.write(json.dumps({
"success": auth.createUser(conn, qwargs["uname"], qwargs["verifier"], qwargs["salt"])
}))
elif (path[1] == "authenticate"):
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.end_headers()
kdict = auth.generateKey(conn, qwargs["uname"], int(qwargs["A"], 16))
session_keys[qwargs["uname"]] = kdict["K"]
key_verifiers[qwargs["uname"]] = kdict["M"]
print "Generated sesssion key %s." % auth.hexify(kdict["K"])
self.wfile.write(json.dumps({
"s": kdict["s"],
"B": kdict["B"]
}))
elif (path[1] == "echo"):
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.end_headers()
self.wfile.write(json.dumps({
"cleartext":auth.decrypt(session_keys[qwargs["uname"]], qwargs["message"])
}))
else:
self.send_response(404)
self.send_header("Content-Type", "text/plain")
self.end_headers()
self.wfile.write("What are you talking about")