def main():
server_address = ('localhost', 9999) # authentication server address
ss_id = '1efeggrvv' # id of service server
ss_address = ('localhost', 5000) # address of service server
tgt_path = 'tgt'
data_path = 'data.json'
login = input('login: '******'password: '******'utf-8')
# create key from hash of password
m = hashlib.sha256()
m.update(password)
key_c = DesKey(m.digest()[:8])
with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as sock:
is_authenticated = is_auth(data_path, tgt_path)
# Loop while we are not authorized
while True:
# skip authentication if we already have tgt
if is_authenticated:
with open('data.json') as f1, open('tgt', 'rb') as f2:
data = json.load(f1)
tgt = f2.read()
else:
# AS_REQ
as_req(sock, server_address, login, key_c)
# AS_REP
data, tgt = as_rep(sock, key_c, tgt_path, data_path)
key_c_tgs, tgs_address, p1 = data
# key_c_tgs is a string key
key_c_tgs = DesKey(key_c_tgs.encode('utf-8'))
# tgs_address is a list (need a tuple)
tgs_address = tuple(tgs_address)
# TGS_REQ
tgs_req(sock, tgs_address, login, ss_id, tgt, key_c_tgs)
# TGS_REP
tgs_rep_data = tgs_rep(sock, key_c_tgs)
if tgs_rep_data:
break
else:
is_authenticated = False
data_tgs, st = tgs_rep_data
key_c_ss, ss, p2 = data_tgs
# key_c_ss is a string key
key_c_ss = DesKey(key_c_ss.encode('utf-8'))
# SS_REQ
t4 = int(dt.datetime.utcnow().timestamp())
ss_req(sock, ss_address, login, t4, st, key_c_ss)
# SS_REP
t_c1 = sock.recv(1024)
t_c1 = int(key_c_ss.decrypt(t_c1))
if t_c1 - t4 == 1:
print('Success authorization :)')
else:
print('Server is not authorized!')
def handle(self):
data = self.request[0].strip()
socket = self.request[1]
print("{} wrote:".format(self.client_address[0]))
print(data)
if data == b'TGS_REQ':
tgt = socket.recv(1024)
ss = socket.recv(1024).decode('utf-8')
aut1 = socket.recv(1024)
if ss not in services:
socket.sendto(b'Error: invalid ss_id', self.client_address)
return
tgt = K_TGS.decrypt(tgt)
c1, key_c_tgs, p1, t_kdc = json.loads(tgt)
key_c_tgs = DesKey(key_c_tgs.encode('utf-8'))
aut1 = key_c_tgs.decrypt(aut1)
aut1 = json.loads(aut1)
c2, t_c = aut1
t_c = dt.datetime.fromtimestamp(t_c)
t_kdc = dt.datetime.fromtimestamp(t_kdc)
delta = (t_c - t_kdc).total_seconds()
print(c1, c2, delta, p1)
# TGS_REP
if c1 == c2 and delta / 3600 < p1:
key_c_ss = ''.join(
secrets.choice(string.ascii_letters + string.digits)
for _ in range(8))
p2 = 10 # hours
data_c_tgs = json.dumps([key_c_ss, ss, p2]).encode('utf-8')
data_c_tgs = key_c_tgs.encrypt(data_c_tgs)
socket.sendto(data_c_tgs, self.client_address)
t3 = int(dt.datetime.utcnow().timestamp())
tgs = json.dumps([c1, ss, t3, p2, key_c_ss]).encode('utf-8')
tgs = K_SS.encrypt(tgs)
socket.sendto(tgs, self.client_address)
else:
socket.sendto(b'Error: Unauthorized', self.client_address)