def logInUser(self, **kwargs):
"""Server Side logIn User
User sends his username (Unique Identifier) and his password
Security: Message from user ciphered with Server Public Key
Session Management: Create a Public Key with DiffieHellman"""
# Decipher the Message with Server Private Key
receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex'))
print receivedData['userID']
# Verify if the user exists and has finished the regist process
if DBmodule.db_registAuthenticate(receivedData['userID']) and \
DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1:
# Create Session
print receivedData['userID']
print receivedData['password']
serverSession = DiffieHellman.DiffieHellman()
# Create challenge
token = os.urandom(20)
um.addSession(receivedData['userID'], serverSession, token)
# Send to client the Token and the session public key
tf = tempfile.NamedTemporaryFile(delete=True)
pub_key = DBmodule.db_getUserPubKey(
DBmodule.db_getUserID(receivedData['userID'])).decode('hex')
security.encrypt_RSA(security.importkey_RSA(pub_key), token, tf)
messageToSend = {
'token': tf.read().encode('hex'),
'session': serverSession.publicKey
}
return json.dumps(messageToSend)
elif DBmodule.db_registNotAuthenticate(receivedData['userID']):
return "REGIST_AGAIN"
else:
return "ERROR"
def registUser(self, **kwargs):
"""Server Side Regist User
User sends his username (Unique Identifier) and his Smart Card
Public Key information (MOD and EXP).
Security: Message from user ciphered with Server Public Key"""
# Decipher the Message with Server Private Key
receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex'))
# Verify if the user exists or has not finished the regist process
if not DBmodule.db_existingUserBI(receivedData['userID']) or \
DBmodule.db_registNotAuthenticate(receivedData['userID']):
# Save User Public Key in a File
destination = os.path.join('publicKey',
str(receivedData['userID']) + '.pub')
with open(destination, 'wb') as f:
f.write("%s:%s" % (str(kwargs['exp']), str(kwargs['mod'])))
# Update DB
if not DBmodule.db_existingUserBI(receivedData['userID']):
DBmodule.db_addNewUser(receivedData['username'],
receivedData['userID'],
pw.make_hash(receivedData['password']),
kwargs['pub_key'])
else:
DBmodule.db_UserInfoUpdate(
receivedData['username'], receivedData['userID'],
pw.make_hash(receivedData['password']), kwargs['pub_key'])
# Ask PAM what it needs to validate the user identity
""" ----------------- PAM -------------------- """
token = os.urandom(20)
um.addRegist(receivedData['userID'], token)
""" ----------------- PAM -------------------- """
# Send to client the Token encrypted by User Public Key
tf = tempfile.NamedTemporaryFile(delete=True)
security.encrypt_RSA(
security.importkey_RSA(kwargs['pub_key'].decode('hex')), token,
tf)
return tf.read().encode('hex')
else:
return "ERROR"
