def handle(self): global STARTED_SERVICES while 1: try: command = self.request.recv(1024) except: break if command == COMM_CREATE: try: user = self.request.recv(1024) except: break user = json.loads(user) key = os.urandom(24).encode('hex') fake_test = self.isdb.get_user_key(user['username']) if fake_test == None: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED})) continue if len(fake_test) != 0: log.info('user already exists: %s' % user['username']) self.request.sendall(json.dumps({'err': ERR_USER_ALREADY_EXISTS})) continue if isdb.insert_user(user['username'], calculate_md5(user['password']), user['security_level'], key) == False: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED})) continue services = isdb.get_all_services() if services == None: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED})) continue control_access_matrix = isdb.get_control_access_matrix() if control_access_matrix == None: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED})) continue control_access_matrix = json.loads(control_access_matrix[0]['matrix']) for service in services: if user['security_level'] == service['security_level']: val = rand.randrange(4) if val == 0: control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'na' elif val == 1: control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'r' elif val == 2: control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'w' else: control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'rw' if isdb.update_control_access_matrix(json.dumps(control_access_matrix)) == False: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED})) continue self.request.sendall(json.dumps({'key': key})) elif command == COMM_GET_SERVICES: self.request.sendall(json.dumps(STARTED_SERVICES)) elif command == COMM_ACCESS_SERVICE: user_data = json.loads(self.request.recv(1024)) database_user = isdb.get_user(user_data['user']['username']) if database_user == None: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_INVALID_COMBINATION})) continue if len(database_user) == 0: self.request.sendall(json.dumps({'err': ERR_USER_NOT_EXISTS})) continue service = isdb.get_service(user_data['service']['name']) if service == None: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_INVALID_COMBINATION})) continue service = service[0] database_user = database_user[0] password = database_user['password'].replace('-', '') print 'user key: %s' % database_user['key'].decode('hex') user_aes_cipher = AESCipher(database_user['key'].decode('hex')) service_aes_cipher = AESCipher(service['key'].decode('hex')) if calculate_md5(user_data['user']['password']) != password: self.request.sendall(json.dumps({'err': ERR_INVALID_COMBINATION})) continue control_access_matrix = isdb.get_control_access_matrix() if control_access_matrix == None: log.info(db.get_last_error()) self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED})) continue control_access_matrix = json.loads(control_access_matrix[0]['matrix']) has_right = False matrix_key = '%s_%s' % (user_data['user']['username'], service['name']) if matrix_key not in control_access_matrix: if database_user['security_level'] > service['security_level']: if user_data['right'] == 'r': has_right = True elif database_user['security_level'] < service['security_level']: if user_data['right'] == 'w': has_right = True elif user_data['right'] in control_access_matrix[matrix_key]: has_right = True response = {} if has_right == True: des_key1 = os.urandom(8) des_key2 = os.urandom(8) tdes_key = (des_key1 + des_key2).encode('hex') print 'k: %s' % tdes_key tdes_key_lifetime = int(time.time()) + 2 * 60 * 60 response['for_user'] = {} response['for_service'] = {} response_for_user = {} response_for_user['key'] = tdes_key response_for_user['nonce'] = user_data['nonce'] response_for_user['service'] = user_data['service'] response_for_user['lifetime'] = tdes_key_lifetime response['for_user'] = user_aes_cipher.encrypt_data(json.dumps(response_for_user)).encode('hex') response_for_service = {} response_for_service['key'] = tdes_key user = {} user['username'] = user_data['user']['username'] user['password'] = user_data['user']['password'] response_for_service['user'] = user response_for_service['lifetime'] = tdes_key_lifetime response['for_service'] = service_aes_cipher.encrypt_data(json.dumps(response_for_service)).encode('hex') else: response = {'err': ERR_FORBIDDEN} self.request.sendall(json.dumps(response)) elif command == COMM_EXIT: break self.request.close()