data = str(Random.get_random_bytes(64))
enc_data = sid.encryptData(data, None)
print enc_data
print type(enc_data)
dec_data = sid.decryptData(enc_data)
print dec_data
if dec_data == data:
print "OK"
print "Testing TicketManager: "
tm = TicketManager(sid)
t1 = tm.generateTicket(1, sid.pub_key.exportKey('PEM'))
print type(t1)
print t1
# print len(str(b64encode(t1[0])))
# t1 = str(b64encode(t1[0]))
#client
dec_t1 = sid.decryptData(str(t1))
hash = SHA256.new(dec_t1)
signer = PKCS1_v1_5.new(sid.priv_key)
sig1 = signer.sign(hash)
sig1_enc = sid.encryptData(sig1)
#/client
print tm.validateTicket(str(sig1_enc), 1, sid.pub_key.exportKey())
def __init__(self, keys_dirname=0, password=0):
self.server = ServerIdentity(keys_dirname, password)
self.ticket_manager = TicketManager(self.server)
self.session_manager = SessionManager(self.server, self.ticket_manager)
self.storage = SafeBoxStorage(self.server)
enc_data = sid.encryptData(data, None)
print enc_data
print type(enc_data)
dec_data = sid.decryptData(enc_data)
print dec_data
if dec_data == data:
print "OK"
print "Testing TicketManager: "
tm = TicketManager(sid)
t1 = tm.generateTicket(1, sid.pub_key.exportKey('PEM'))
print type(t1)
print t1
# print len(str(b64encode(t1[0])))
# t1 = str(b64encode(t1[0]))
#client
dec_t1 = sid.decryptData(str(t1))
hash = SHA256.new(dec_t1)
signer = PKCS1_v1_5.new(sid.priv_key)
sig1 = signer.sign(hash)
sig1_enc = sid.encryptData(sig1)
#/client
print tm.validateTicket(str(sig1_enc), 1, sid.pub_key.exportKey())
class AccessCtrlHandler(object):
def __init__(self, keys_dirname=0, password=0):
self.server = ServerIdentity(keys_dirname, password)
self.ticket_manager = TicketManager(self.server)
self.session_manager = SessionManager(self.server, self.ticket_manager)
self.storage = SafeBoxStorage(self.server)
# Handling Session resource related operations:
#
def handleGetKey(self):
key = self.server.pub_key.exportKey('PEM')
#print key
reply_dict = { 'status': "OK", 'key': key }
return json.dumps(reply_dict, sort_keys=True, encoding="utf-8")
# handleGetNonce:
def handleGetNonce(self, request):
key_txt = request.content.read()
if not key_txt:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No key on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
#print key_txt
cli_key = RSA.importKey(key_txt)
if not cli_key.can_encrypt():
reply_dict = { 'status': {'error': "Invalid Request",
'message': "Invalid key on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
(nonce, nonceid) = self.session_manager.getNonce(key_txt)
reply_dict = { 'status': "OK", 'nonce': nonce, 'nonceid': nonceid}
return json.dumps(reply_dict, sort_keys=True, encoding="utf-8")
# handleStartSession: handles start session requests.
def handleStartSession(self, request, nonce=None, passwd=None, ccid=None):
nonceid = strip_text(str(request.args['nonceid']))
nonceid = int(nonceid)
if nonceid > -1:
if not nonce:
nonce = request.content.read(NONCE_SIZE)
if not nonce:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No challange nonce on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
else:
nonce = None
if passwd == None:
passwd = request.content.read(USR_PASSWD_SIZE)
def handleStartSession_cb(data):
if not data:
reply_dict = { 'status': {'error': "Invalid Request",
'message': 'User does not exist.'} }
else:
pboxid = data[0][0]
pubkey = data[0][1]
salt = self.server.decryptData(data[0][2]) #TODO: STORE THIS ENCRYPTED
#print pubkey
#print "StartSession salt:" , salt
#print "encripted nonce: ", nonce
if self.session_manager.startSession(nonce, nonceid, pubkey, pboxid, salt, passwd):
#print "Valid Nonce!"
reply_dict = { 'status': "OK" }
ticket = self.ticket_manager.generateTicket(pboxid, pubkey)
request.addCookie('ticket', ticket)
else:
#print "Invalid Nonce!"
if request.args['method'] == ['retister']:
self.storage.deletePBox(pboxid)
reply_dict = { 'status': {'error': "Invalid Ticket",
'message': 'Could not start session registeration dropped.'} }
else:
reply_dict = { 'status': {'error': "Invalid Nonce",
'message': 'N/A'} }
request.write( json.dumps(reply_dict, sort_keys=True, encoding="utf-8") )
request.finish()
d = self.storage.getClientData(request, ccid)
d.addCallback(handleStartSession_cb)
return NOT_DONE_YET
# handleValidation: handles the validation process for a given method
# only calls method if the provided ticket is valid.
def handleValidation(self, request, method):
#print "TICKET_FROM_COOKIE:", request.getCookie('ticket')
ticket = request.getCookie('ticket')
#print str(ticket)
if not ticket:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No ticket on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
def handleValidation_cb(data):
if not data:
reply_dict = { 'status': {'error': "Invalid Request",
'message': 'User does not exist.'} }
else:
pboxid = data[0][0]
pubkey = data[0][1]
#print pubkey
if self.ticket_manager.validateTicket(ticket, pboxid, pubkey):
print "Valid Ticket!"
self.session_manager.refreshSession(int(pboxid))
#Validatind argumen Integrity:
hashed = request.content.read(HASH_SIZE)
#print hashed
if not hash:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No argument data hash on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
list = []
for k in request.args.keys():
list.append(strip_text(str(request.args[k])))
if self.server.validateArgs(self.ticket_manager.getTicketRaw(pboxid), list, hashed) == True:
print "Args Validated"
else:
print "Args Corrupted"
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No argument data hash on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
d = method(request, pboxid, pubkey)
return NOT_DONE_YET
else:
print "Invalid Ticket!"
reply_dict = { 'status': {'error': "Invalid Ticket",
'message': 'N/A'} }
request.write( json.dumps(reply_dict, sort_keys=True, encoding="utf-8") )
request.finish()
d = self.storage.getClientData(request)
d.addCallback(handleValidation_cb)
return NOT_DONE_YET
# Handling PBoxes resource related operations:
#
#handle ListPBoxes
def handleListPBoxes(self, request):
return self.handleValidation(request, self.storage.listPBoxes)
def handleGetPBoxMData(self, request):
return self.handleValidation(request, self.storage.getPBoxMData)
# handleRegisterPBox: Checks if client exists, if so returns error, else registers the client.
def handleRegisterPBox(self, request):
def handleGetSession(data, request, nonce, passwd):
if len(data) != 0:
reply_dict = { 'status': {'error': "Unsuccessful db transaction", 'message': "N/A"} }
request.write(json.dumps(reply_dict, encoding="utf-8"));
request.finish()
else:
return self.handleStartSession(request, nonce, passwd, ccid)
# Checking if the client exists.
def checkClientExists_cb(data, nonce, key_txt, passwd_hash, salt, passwd):
if data:
reply_dict = { 'status': {'error': "Invalid Request",
'message': 'User already exists.'} }
request.write( json.dumps(reply_dict, sort_keys=True, encoding="utf-8") )
request.finish()
else:
#TODO: validate certificates and keys here
d = self.storage.registerPBox(name, ccid, key_txt, cli_cc_key, passwd_hash, salt)
d.addCallback(handleGetSession, request, nonce, passwd)
return NOT_DONE_YET
#TODO: integrate this with content integrity validation
nonce = request.content.read(NONCE_SIZE)
if not nonce:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No challange nonce on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
# Hashing password:
cry_passwd = request.content.read(USR_PASSWD_SIZE)
#print "Password:"******"LEN:",len(passwd)
cli_passwd = self.server.decryptData(cry_passwd)
if not cli_passwd:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "Invalid format for password on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
(passwd_hash, salt) = self.server.genHash(cli_passwd)
#print "Register Salt:", salt
# Extracting cc certificate
cli_cert = b64decode(request.content.read(USR_CERT_SIZE))
if not cli_cert:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No CC certificate on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
#print "Client Certificate:", cli_cert
# Extracting cc subca
cli_subca = b64decode(request.content.read(USR_SUBCA_SIZE))
if not cli_subca:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No CC subca on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
#print "Client SubCA:", cli_subca
# Validating certificate:
(name, ccid) = get_subjdata_from_cert_str(cli_cert)
print "NAME: ", name
print "CCID: ", ccid
if validate_cert(cli_cert, cli_subca) == False:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "Invalid CC subca on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
print "Certificate Valid"
# Extracting CC public Key
cli_cc_key = get_cckey(cli_cert)
# Validating key:
key_txt = request.content.read(RSA_KEY_SIZE)
if not key_txt:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No key on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
cli_key = RSA.importKey(key_txt)
if not cli_key.can_encrypt():
reply_dict = { 'status': {'error': "Invalid Request",
'message': "Invalid key on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
key_sig = request.content.read(KEY_SIG_SIZE)
if not key_sig:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "No external key signature on request body."} }
return json.dumps(reply_dict, encoding="utf-8")
if verify_signature(key_txt, b64decode(key_sig), cli_cert) == False:
reply_dict = { 'status': {'error': "Invalid Request",
'message': "Invalid external key signature."} }
return json.dumps(reply_dict, encoding="utf-8")
print "Valid External Key"
d = self.storage.getClientData(request, ccid)
d.addCallback(checkClientExists_cb, nonce, key_txt, passwd_hash, salt, cry_passwd)
return NOT_DONE_YET
# Handling Files resource related operations:
#
def handleListFiles(self, request):
return self.handleValidation(request, self.storage.listFiles)
def handleGetFileMData(self, request):
return self.handleValidation(request, self.storage.getFileMData)
def handleGetFile(self, request):
return self.handleValidation(request, self.storage.getFile)
def handlePutFile(self, request):
return self.handleValidation(request, self.storage.putFile)
def handleUpdateFile(self, request):
return self.handleValidation(request, self.storage.updateFile)
def handleDeleteFile(self, request):
return self.handleValidation(request, self.storage.deleteFile)
# Handling Share resource related operations:
#
def handleShareFile(self, request):
return self.handleValidation(request, self.storage.shareFile)
def handleGetShareMData(self, request):
return self.handleValidation(request, self.storage.getShareMData)
def handleGetShared(self, request):
return self.handleValidation(request, self.storage.getShared)
def handleListShares(self, request):
return self.handleValidation(request, self.storage.listShares)
def handleUpdateShared(self, request):
return self.handleValidation(request, self.storage.updateShared)
def handleUpdateSharePerm(self, request):
return self.handleValidation(request, self.storage.updateSharePerm)
def handleDeleteShare(self, request):
return self.handleValidation(request, self.storage.deleteShare)