Exemple #1
0
    data = str(Random.get_random_bytes(64))

    enc_data = sid.encryptData(data, None)
    print enc_data

    print type(enc_data)

    dec_data = sid.decryptData(enc_data)
    print dec_data

    if dec_data == data:
        print "OK"

    print "Testing TicketManager: "

    tm = TicketManager(sid)
    t1 = tm.generateTicket(1, sid.pub_key.exportKey('PEM'))
    print type(t1)
    print t1
    #    print len(str(b64encode(t1[0])))
    #    t1 = str(b64encode(t1[0]))

    #client
    dec_t1 = sid.decryptData(str(t1))
    hash = SHA256.new(dec_t1)
    signer = PKCS1_v1_5.new(sid.priv_key)
    sig1 = signer.sign(hash)
    sig1_enc = sid.encryptData(sig1)
    #/client

    print tm.validateTicket(str(sig1_enc), 1, sid.pub_key.exportKey())
 def __init__(self, keys_dirname=0, password=0):
    self.server = ServerIdentity(keys_dirname, password)
    self.ticket_manager = TicketManager(self.server)
    self.session_manager = SessionManager(self.server, self.ticket_manager)
    self.storage = SafeBoxStorage(self.server)
Exemple #3
0
    enc_data = sid.encryptData(data, None)
    print enc_data

    print type(enc_data)

    dec_data = sid.decryptData(enc_data)
    print dec_data

    if dec_data == data:
        print "OK"



    print "Testing TicketManager: "

    tm = TicketManager(sid)
    t1 = tm.generateTicket(1, sid.pub_key.exportKey('PEM'))
    print type(t1)
    print t1
#    print len(str(b64encode(t1[0])))
#    t1 = str(b64encode(t1[0]))

#client
    dec_t1 = sid.decryptData(str(t1))
    hash = SHA256.new(dec_t1)
    signer = PKCS1_v1_5.new(sid.priv_key)
    sig1 = signer.sign(hash)
    sig1_enc = sid.encryptData(sig1)
#/client

    print tm.validateTicket(str(sig1_enc), 1, sid.pub_key.exportKey())
class AccessCtrlHandler(object):

    def __init__(self, keys_dirname=0, password=0):
       self.server = ServerIdentity(keys_dirname, password)
       self.ticket_manager = TicketManager(self.server)
       self.session_manager = SessionManager(self.server, self.ticket_manager)
       self.storage = SafeBoxStorage(self.server)

    # Handling Session resource related operations:
    #

    def handleGetKey(self):
        key = self.server.pub_key.exportKey('PEM')
        #print key
        reply_dict = { 'status': "OK", 'key': key }
        return json.dumps(reply_dict, sort_keys=True, encoding="utf-8")

    # handleGetNonce:
    def handleGetNonce(self, request):
        key_txt = request.content.read()
        if not key_txt:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "No key on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")

        #print key_txt
        cli_key = RSA.importKey(key_txt)
        if not cli_key.can_encrypt():
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "Invalid key on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")


        (nonce, nonceid) = self.session_manager.getNonce(key_txt)
        reply_dict = { 'status': "OK", 'nonce': nonce, 'nonceid': nonceid}

        return json.dumps(reply_dict, sort_keys=True, encoding="utf-8")

    # handleStartSession: handles start session requests.
    def handleStartSession(self, request, nonce=None, passwd=None, ccid=None):
        nonceid = strip_text(str(request.args['nonceid']))
        nonceid = int(nonceid)
        if nonceid > -1:
            if not nonce:
                nonce = request.content.read(NONCE_SIZE)

            if not nonce:
                reply_dict = { 'status': {'error': "Invalid Request",
                                          'message': "No challange nonce on request body."} }
                return json.dumps(reply_dict, encoding="utf-8")
        else:
            nonce = None

        if passwd == None:
            passwd = request.content.read(USR_PASSWD_SIZE)


        def handleStartSession_cb(data):
            if not data:
                reply_dict = { 'status': {'error': "Invalid Request",
                                          'message': 'User does not exist.'} }

            else:
                pboxid = data[0][0]
                pubkey = data[0][1]
                salt = self.server.decryptData(data[0][2]) #TODO: STORE THIS ENCRYPTED
                #print pubkey
                #print "StartSession salt:" , salt
                #print "encripted nonce: ", nonce
                if self.session_manager.startSession(nonce, nonceid, pubkey, pboxid, salt, passwd):
                    #print "Valid Nonce!"
                    reply_dict = { 'status': "OK" }
                    ticket = self.ticket_manager.generateTicket(pboxid, pubkey)
                    request.addCookie('ticket', ticket)
                else:
                    #print "Invalid Nonce!"
                    if request.args['method'] == ['retister']:
                        self.storage.deletePBox(pboxid)
                        reply_dict = { 'status': {'error': "Invalid Ticket",
                                        'message': 'Could not start session registeration dropped.'} }
                    else:
                        reply_dict = { 'status': {'error': "Invalid Nonce",
                                          'message': 'N/A'} }

            request.write( json.dumps(reply_dict, sort_keys=True, encoding="utf-8") )
            request.finish()

        d = self.storage.getClientData(request, ccid)
        d.addCallback(handleStartSession_cb)
        return NOT_DONE_YET

    # handleValidation: handles the validation process for a given method
    # only calls method if the provided ticket is valid.
    def handleValidation(self, request, method):
        #print "TICKET_FROM_COOKIE:", request.getCookie('ticket')
        ticket = request.getCookie('ticket')
        #print str(ticket)
        if not ticket:
            reply_dict = { 'status': {'error': "Invalid Request",
                        'message': "No ticket on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")


        def handleValidation_cb(data):
            if not data:
                reply_dict = { 'status': {'error': "Invalid Request",
                                          'message': 'User does not exist.'} }
            else:
                pboxid = data[0][0]
                pubkey = data[0][1]
                #print pubkey

                if self.ticket_manager.validateTicket(ticket, pboxid, pubkey):
                    print "Valid Ticket!"
                    self.session_manager.refreshSession(int(pboxid))
                    #Validatind argumen Integrity:
                    hashed = request.content.read(HASH_SIZE)
                    #print hashed
                    if not hash:
                        reply_dict = { 'status': {'error': "Invalid Request",
                        'message': "No argument data  hash on request body."} }
                        return json.dumps(reply_dict, encoding="utf-8")

                    list = []
                    for k in request.args.keys():
                        list.append(strip_text(str(request.args[k])))
                    if self.server.validateArgs(self.ticket_manager.getTicketRaw(pboxid), list, hashed) == True:
                        print "Args Validated"
                    else:
                        print "Args Corrupted"
                        reply_dict = { 'status': {'error': "Invalid Request",
                        'message': "No argument data  hash on request body."} }
                        return json.dumps(reply_dict, encoding="utf-8")


                    d = method(request, pboxid, pubkey)
                    return NOT_DONE_YET

                else:
                    print "Invalid Ticket!"
                    reply_dict = { 'status': {'error': "Invalid Ticket",
                                    'message': 'N/A'} }

            request.write( json.dumps(reply_dict, sort_keys=True, encoding="utf-8") )
            request.finish()

        d = self.storage.getClientData(request)
        d.addCallback(handleValidation_cb)
        return NOT_DONE_YET

    # Handling PBoxes resource related operations:
    #

    #handle ListPBoxes
    def handleListPBoxes(self, request):
        return self.handleValidation(request, self.storage.listPBoxes)

    def handleGetPBoxMData(self, request):
        return self.handleValidation(request, self.storage.getPBoxMData)

    # handleRegisterPBox: Checks if client exists, if so returns error, else registers the client.
    def handleRegisterPBox(self, request):
        def handleGetSession(data, request, nonce, passwd):
            if len(data) != 0:
                reply_dict = { 'status': {'error': "Unsuccessful db transaction", 'message': "N/A"} }
                request.write(json.dumps(reply_dict, encoding="utf-8"));
                request.finish()
            else:
                return self.handleStartSession(request, nonce, passwd, ccid)

        # Checking if the client exists.
        def checkClientExists_cb(data, nonce, key_txt, passwd_hash, salt, passwd):
            if data:
                reply_dict = { 'status': {'error': "Invalid Request",
                                          'message': 'User already exists.'} }
                request.write( json.dumps(reply_dict, sort_keys=True, encoding="utf-8") )
                request.finish()
            else:
                #TODO: validate certificates and keys here
                d = self.storage.registerPBox(name, ccid, key_txt, cli_cc_key, passwd_hash, salt)
                d.addCallback(handleGetSession, request, nonce, passwd)
                return NOT_DONE_YET

        #TODO: integrate this with content integrity validation
        nonce = request.content.read(NONCE_SIZE)
        if not nonce:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "No challange nonce on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")

        # Hashing password:
        cry_passwd = request.content.read(USR_PASSWD_SIZE)
        #print "Password:"******"LEN:",len(passwd)
        cli_passwd = self.server.decryptData(cry_passwd)
        if not cli_passwd:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "Invalid format for password on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")
        (passwd_hash, salt) = self.server.genHash(cli_passwd)

        #print "Register Salt:", salt

        # Extracting cc certificate
        cli_cert = b64decode(request.content.read(USR_CERT_SIZE))
        if not cli_cert:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "No CC certificate on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")
        #print "Client Certificate:", cli_cert

        # Extracting cc subca
        cli_subca = b64decode(request.content.read(USR_SUBCA_SIZE))
        if not cli_subca:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "No CC subca on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")
        #print "Client SubCA:", cli_subca

        # Validating certificate:
        (name, ccid) = get_subjdata_from_cert_str(cli_cert)
        print "NAME: ", name
        print "CCID: ", ccid
        if validate_cert(cli_cert, cli_subca) == False:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "Invalid CC subca on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")
        print "Certificate Valid"

        # Extracting CC public Key
        cli_cc_key = get_cckey(cli_cert)

        # Validating key:
        key_txt = request.content.read(RSA_KEY_SIZE)
        if not key_txt:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "No key on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")

        cli_key = RSA.importKey(key_txt)
        if not cli_key.can_encrypt():
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "Invalid key on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")

        key_sig =  request.content.read(KEY_SIG_SIZE)
        if not key_sig:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "No external key signature on request body."} }
            return json.dumps(reply_dict, encoding="utf-8")

        if verify_signature(key_txt, b64decode(key_sig), cli_cert) == False:
            reply_dict = { 'status': {'error': "Invalid Request",
                                      'message': "Invalid external key signature."} }
            return json.dumps(reply_dict, encoding="utf-8")

        print "Valid External Key"
        d = self.storage.getClientData(request, ccid)
        d.addCallback(checkClientExists_cb, nonce, key_txt, passwd_hash, salt, cry_passwd)

        return NOT_DONE_YET

    # Handling Files resource related operations:
    #
    def handleListFiles(self, request):
        return self.handleValidation(request, self.storage.listFiles)

    def handleGetFileMData(self, request):
        return self.handleValidation(request, self.storage.getFileMData)

    def handleGetFile(self, request):
        return self.handleValidation(request, self.storage.getFile)

    def handlePutFile(self, request):
        return self.handleValidation(request, self.storage.putFile)

    def handleUpdateFile(self, request):
       return self.handleValidation(request, self.storage.updateFile)

    def handleDeleteFile(self, request):
        return self.handleValidation(request, self.storage.deleteFile)

    # Handling Share resource related operations:
    #

    def handleShareFile(self, request):
        return self.handleValidation(request, self.storage.shareFile)

    def handleGetShareMData(self, request):
        return self.handleValidation(request, self.storage.getShareMData)

    def handleGetShared(self, request):
        return self.handleValidation(request, self.storage.getShared)

    def handleListShares(self, request):
        return self.handleValidation(request, self.storage.listShares)

    def handleUpdateShared(self, request):
        return self.handleValidation(request, self.storage.updateShared)

    def handleUpdateSharePerm(self, request):
        return self.handleValidation(request, self.storage.updateSharePerm)

    def handleDeleteShare(self, request):
        return self.handleValidation(request, self.storage.deleteShare)