Exemplo n.º 1
0
 def uploadExistingFile(self):
     """Server Side Upload Function for existing files
         Creates a new ciphertext and new access files to all
         users who have access to the file. DB File Information updated
         Security: Authenticate User Message by users session key
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             usr_id = DBmodule.db_getUserID(username)
             fn = data['filename']
             iv = data['iv']
             aes = lcHDRS['aes']
             sign = data['sign']
             files = DBmodule.db_listMyFiles(usr_id)
             filenames = [x.encode('latin-1') for x in files]
             if fn in filenames:
                 file_id = DBmodule.db_getFileId(usr_id, fn)
                 # Concurrent Access
                 while (DBmodule.db_fileStatus(file_id) is True):
                     time.sleep(2)
                 status = DBmodule.db_fileInUse(file_id)
                 if status:
                     destination = os.path.join('storage',
                                                str(file_id) + '.file')
                     # Save Ciphertext
                     with open(destination, 'wb') as f:
                         shutil.copyfileobj(cherrypy.request.body, f)
                     userList = DBmodule.db_whoHasAccess(file_id)
                     # Save FILE Encrypted by RSA for every user
                     for i in range(0, len(userList)):
                         with open(destination + '.key' + str(userList[i]),
                                   'wb') as f:
                             f.write(aes[i])
                     # Add File Information to DB
                     uni = iv.decode('hex').decode('latin-1')
                     DBmodule.db_fileInfoUpdate(file_id, usr_id, sign, uni)
                     statusF = DBmodule.db_fileNotInUse(file_id)
                     if statusF is True:
                         return 'Okay, File Updated'
                     else:
                         raise cherrypy.HTTPError(
                             408,
                             'Request Timeout! Please Try Again\nSafeBox Team'
                         )
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 2
0
 def shareFile(self):
     """Server Side Share Final Commnunication
         Saves the access file of the new user and update
         Database Information of the AccessManagement Table
         Security: Authenticate User Message
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             filename = data['filename']
             usr_dst_name = data['usrdstname']
             file_key = data['filekey']
             usr_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(usr_id, filename)
             # Concurrent Access
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and has permission to access the file
             if status and um.validUser(
                     username) and DBmodule.db_filePermission(
                         usr_id, file_id):
                 usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
                 destination = os.path.join('storage',
                                            str(file_id) + '.file')
                 # Save FILE Encrypted by RSA
                 with open(destination + '.key' + str(usr_dst_id),
                           'wb') as f:
                     f.write(file_key)
                     # Add information to the Database
                 DBmodule.db_fileNewAccess(file_id, usr_dst_id, usr_id,
                                           data['permission'])
                 statusF = DBmodule.db_fileNotInUse(file_id)
                 if statusF is True:
                     return 'Okay'
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 3
0
 def share(self, **kwargs):
     """Server Side Share Initial Commnunication
         Gets user access file by his user id from the File System and the
         user destination public key, from the DB, by his ID and sends the
         information to client
         Security: Authenticate User Message
         Concurrency control"""
     username = kwargs['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(kwargs['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             file_name = data['filename']
             usr_dst_name = data['usrdstname']
             usr_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(usr_id, file_name)
             # Concurrent Access
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and have access to the file
             if status and um.validUser(
                     username) and DBmodule.db_filePermission(
                         usr_id, file_id):
                 destination = os.path.join('storage',
                                            str(file_id) + '.file')
                 # Get User Access File
                 with open(destination + '.key' + str(usr_id)) as f:
                     aes = f.read()
                 usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
                 pub_key = DBmodule.db_getUserPubKey(usr_dst_id)
                 message = {'aes': aes, 'pubkey': pub_key}
                 messageToSend = security.encryptS_AES(
                     json.dumps(message),
                     sessionKey.decode('hex')).encode('hex')
                 cherrypy.response.headers['data'] = messageToSend
                 statusF = DBmodule.db_fileNotInUse(file_id)
                 if statusF is True:
                     return "Okay"
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 4
0
 def unShare(self, **kwargs):
     """Server Side Unshare
         Remove user AccessFile to the File by its ID and update Database
         AccessManagement Table
         Security: Authenticate User Message
         Concurrency control"""
     username = kwargs['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(kwargs['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             filename = data['filename']
             user_id = DBmodule.db_getUserID(username)
             # Concurrent Access
             file_id = DBmodule.db_getFileId(user_id, filename)
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and have access to the file
             if status and um.validUser(
                     kwargs['username']) and DBmodule.db_filePermission(
                         user_id, file_id):
                 unsharename = data['unshare']
                 unshareid = DBmodule.db_getUserID(unsharename)
                 userlist = [unshareid
                             ] + DBmodule.db_getAllShareDependencies(
                                 unshareid, file_id)
                 # Remove access permission from the database
                 DBmodule.db_removeShare(user_id, file_id, unshareid)
                 # Remoce user access file from the server
                 for usr in userlist:
                     os.remove('storage/' + str(file_id) + '.file.key' +
                               str(usr))
                 statusF = DBmodule.db_fileNotInUse(file_id)
                 if statusF is True:
                     return 'Okay'
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 5
0
 def removeFile(self):
     """Server Side Remove
         Remove ciphertext of the file and all user AccessFiles to it
         by its ID and update Database AccessManagement Table
         Security: Authenticate User Message
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             filename = data['filename']
             user_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(user_id, filename)
             # Concurrent Access
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and has access to the file
             if status and um.validUser(
                     username) and DBmodule.db_filePermission(
                         user_id, file_id):
                 # If the user is the owner of the file, all the users loose the file
                 if DBmodule.db_isOwner(user_id, file_id) == 1:
                     DBmodule.db_removeFile(file_id)
                     pattern = '^' + str(file_id) + '.file'
                     mypath = 'storage'
                     for root, dirs, files in os.walk(mypath):
                         for fileFound in filter(
                                 lambda x: re.match(pattern, x), files):
                             os.remove(os.path.join(root, fileFound))
                 # If the user is not the owner, only removes it's access to the file
                 else:
                     userlist = [user_id
                                 ] + DBmodule.db_getAllShareDependencies(
                                     user_id, file_id)
                     for usr in userlist:
                         DBmodule.db_removeAccess(file_id, usr)
                         os.remove('storage/' + str(file_id) + '.file.key' +
                                   str(usr))
                     statusF = DBmodule.db_fileNotInUse(file_id)
                     if statusF is True:
                         return 'Okay'
                     else:
                         raise cherrypy.HTTPError(
                             408,
                             'Request Timeout! Please Try Again\nSafeBox Team'
                         )
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 6
0
    def download(self, **kwargs):
        """Server Side Download a file
            Gets the ciphertext of the file by file ID, user access file by his
            user id from the File System and the IV from the DB
            Security: Authenticate User Message
            Concurrency control"""

        # Multipart aux function
        def read(i_file, chunk_size=16 * 1024):
            while True:
                ret = i_file.read(chunk_size)
                if not ret:
                    break
                yield ret

        username = kwargs['username']
        sessionKey = um.getSessionKey(username)
        if sessionKey != -1:
            try:
                data = json.loads(
                    security.decryptS_AES(kwargs['data'].decode('hex'),
                                          sessionKey.decode('hex')))
                usr_id = DBmodule.db_getUserID(username)
                filename = data['filename']
                file_id = DBmodule.db_getFileId(usr_id, filename)
                # Concurrent Access
                while (DBmodule.db_fileStatus(file_id) is True):
                    time.sleep(2)
                status = DBmodule.db_fileInUse(file_id)
                # Verify if the user is valid and have permission to access the file
                if (status and um.validUser(username)
                        and DBmodule.db_filePermission(usr_id, file_id)):
                    destination = os.path.join('storage',
                                               str(file_id) + '.file')
                    # Get User Access File
                    with open(destination + '.key' + str(usr_id)) as f:
                        aes = f.read()
                    iv = DBmodule.db_getFileIV(file_id).encode(
                        'latin-1').encode('hex')
                    sign = DBmodule.db_getFileHash(file_id)
                    message = {'iv': iv, 'sign': sign}
                    messageToSend = security.encryptS_AES(
                        json.dumps(message),
                        sessionKey.decode('hex')).encode('hex')
                    cherrypy.response.headers['data'] = messageToSend
                    cherrypy.response.headers['aes'] = aes
                    statusF = DBmodule.db_fileNotInUse(file_id)
                    if statusF is True:
                        return read(open(destination, 'rb'))
                    else:
                        raise cherrypy.HTTPError(
                            408,
                            'Request Timeout! Please Try Again\nSafeBox Team')
                else:
                    raise cherrypy.HTTPError(
                        401,
                        'Currently, you are not a valid user!\nSafeBox Team')
            except:
                raise cherrypy.HTTPError(
                    401, 'Currently, you are not a valid user!\nSafeBox Team')
        else:
            raise cherrypy.HTTPError(
                401, 'Currently, you are not a valid user!\nSafeBox Team')