def __init__(self, process_name=None):
self.process_name = self.__class__.__name__ if process_name is None else process_name
with open(f"{WORK_DIR}/config.yaml", 'r') as stream:
config = yaml.safe_load(stream)
self.config = config
self.config['bot']['token'] = AESCipher('1029384756123456').decrypt(
self.config['bot']['token'])
self.logger = logger_init(self.process_name,
config['logging']['level'].upper())
def begin_auth(self):
# Deal with the beginning authentication
try:
self.read += self.recv(2048)
if self.split in self.read:
authdata = self.read.split(b'\r\n')
signature = authdata[0]
# TODO: fix an error in int(signature,16)
try:
verify = self.ctl.serverpub.verify(
self.ctl.main_pw, (int(signature, 36), None))
except ValueError:
logging.debug("ValueError captured at server.py line 165")
verify = False
if not verify:
logging.warning("Authentication failed, socket closing")
self.close()
else:
try:
self.cipher = AESCipher(
self.ctl.clientpri.decrypt(authdata[1]),
self.ctl.main_pw)
self.full = False
idchar = authdata[2].decode('utf-8')
self.i = int(idchar)
self.ctl.newconn(self)
logging.debug(
"Authentication succeed, connection established")
self.send(
self.cipher.encrypt(
b"2AUTHENTICATED" + authdata[2] +
repr(self.ctl.server_recv_max_idx[
self.i]).encode()) + self.split)
self.send_legacy(
eval(authdata[3].rstrip(
self.split).decode('utf-8')))
self.read = None
except ValueError:
# TODO: figure out why
logging.warning(
"Authentication failed, socket closing")
self.handle_close()
else:
if len(self.read) == 0:
self.no_data_count += 1
except BlockingIOError:
pass
except socket.error:
logging.info("empty recv error")
except Exception as err:
raise err
logging.error(
"Authentication failed, due to error, socket closing")
self.close()
import json
import os
import base64
import logging
import OpenSSL.crypto
from tornado import web, gen
from OpenSSL.crypto import load_certificate_request, FILETYPE_PEM
from tornado_mysql import pools
from config import *
from gencert import gencert
from revoke import revokeFromCert, revokeFromSerial
from common import jsonMessage, gencrl, AESCipher, paramFormat, logRequestInfo
# 使用aes-256-cfb算法解密csr_body,如果是解密失败(非法请求)则后续验证肯定出错
aesCipher = AESCipher(VALIDATE_SECRET)
class GetCACertHandler(web.RequestHandler):
@gen.coroutine
def get(self):
# 打印请求者日志
logRequestInfo(self.request)
cacert_path = os.path.join(CA_ROOT, CA_CERT_FILE)
# 校验根证书是否存在
if not os.path.exists(cacert_path):
self.set_status(404)
return
# 设置http_header为pem格式的证书
self.set_header("Content-Type", "application/x-pem-file")
self.set_header('Content-Disposition',
def begin_auth(self):
# Deal with the beginning authentication
try:
self.read += self.recv(2048)
print("CALL AUTH")
if b'\r\n' in self.read:
authdata = self.read.split(b'\r\n')
#print (authdata)
# print(self.ctl.main_pw)
signature = authdata[0]
# TODO: fix an error in int(signature,16)
try:
signer = PKCS1_v1_5.new(self.ctl.serverpub)
h = SHA256.new(self.ctl.main_pw)
verify = signer.verify(h, signature)
except ValueError:
logging.debug("ValueError captured at server.py line 165")
verify = False
if not verify:
logging.warning(
"Authentication failed, socket closing, case 1")
self.close()
else:
try:
auth_cipher = PKCS_Cipher.new(self.ctl.clientpri)
sentinel = Random.new().read(32)
message = auth_cipher.decrypt(authdata[1], sentinel)
if len(message) != 16:
raise ValueError
self.cipher = AESCipher(message, self.ctl.main_pw)
self.full = False
idchar = authdata[2].decode('utf-8')
self.i = int(idchar)
self.ctl.newconn(self)
logging.debug(
"Authentication succeed, connection established")
self.send(
self.cipher.encrypt(
b"2AUTHENTICATED" + authdata[2] # +
# repr(
# self.ctl.server_recv_max_idx[self.i]).encode()
)
#+ self.split
)
# self.send_legacy(
# eval(authdata[3].rstrip(self.split).decode('utf-8')))
self.read = None
except IOError:
# TODO: figure out why
logging.warning(
"Authentication failed, socket closing, , case 2")
self.handle_close()
else:
if len(self.read) == 0:
self.no_data_count += 1
except BlockingIOError:
pass
except socket.error:
logging.info("empty recv error")
except Exception as err:
raise err
logging.error(
"Authentication failed, due to error, socket closing")
self.close()