def logInUser(self, **kwargs): """Server Side logIn User User sends his username (Unique Identifier) and his password Security: Message from user ciphered with Server Public Key Session Management: Create a Public Key with DiffieHellman""" # Decipher the Message with Server Private Key receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex')) print receivedData['userID'] # Verify if the user exists and has finished the regist process if DBmodule.db_registAuthenticate(receivedData['userID']) and \ DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1: # Create Session print receivedData['userID'] print receivedData['password'] serverSession = DiffieHellman.DiffieHellman() # Create challenge token = os.urandom(20) um.addSession(receivedData['userID'], serverSession, token) # Send to client the Token and the session public key tf = tempfile.NamedTemporaryFile(delete=True) pub_key = DBmodule.db_getUserPubKey( DBmodule.db_getUserID(receivedData['userID'])).decode('hex') security.encrypt_RSA(security.importkey_RSA(pub_key), token, tf) messageToSend = { 'token': tf.read().encode('hex'), 'session': serverSession.publicKey } return json.dumps(messageToSend) elif DBmodule.db_registNotAuthenticate(receivedData['userID']): return "REGIST_AGAIN" else: return "ERROR"
def registUser(self, **kwargs): """Server Side Regist User User sends his username (Unique Identifier) and his Smart Card Public Key information (MOD and EXP). Security: Message from user ciphered with Server Public Key""" # Decipher the Message with Server Private Key receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex')) # Verify if the user exists or has not finished the regist process if not DBmodule.db_existingUserBI(receivedData['userID']) or \ DBmodule.db_registNotAuthenticate(receivedData['userID']): # Save User Public Key in a File destination = os.path.join('publicKey', str(receivedData['userID']) + '.pub') with open(destination, 'wb') as f: f.write("%s:%s" % (str(kwargs['exp']), str(kwargs['mod']))) # Update DB if not DBmodule.db_existingUserBI(receivedData['userID']): DBmodule.db_addNewUser(receivedData['username'], receivedData['userID'], pw.make_hash(receivedData['password']), kwargs['pub_key']) else: DBmodule.db_UserInfoUpdate( receivedData['username'], receivedData['userID'], pw.make_hash(receivedData['password']), kwargs['pub_key']) # Ask PAM what it needs to validate the user identity """ ----------------- PAM -------------------- """ token = os.urandom(20) um.addRegist(receivedData['userID'], token) """ ----------------- PAM -------------------- """ # Send to client the Token encrypted by User Public Key tf = tempfile.NamedTemporaryFile(delete=True) security.encrypt_RSA( security.importkey_RSA(kwargs['pub_key'].decode('hex')), token, tf) return tf.read().encode('hex') else: return "ERROR"