def run(args):
"""This function return the status and service info
Args:
args (dict): Dictionary containing challenge information
Returns:
dict: containing information about the service
"""
try:
challenge = args["challenge"]
fingerprint = args["fingerprint"]
except:
challenge = None
response = None
if challenge:
service = get_this_service(need_private_access=True)
service.assert_unlocked()
key = service.get_key(fingerprint)
response = key.decrypt(string_to_bytes(challenge))
else:
service = get_this_service(need_private_access=False)
return_value = {"service_info": service.to_data()}
if response is not None:
return_value["response"] = response
return return_value
def run(args):
"""Call this function to register a new service with this registry"""
service = Service.from_data(args["service"])
challenge = string_to_bytes(args["challenge"])
fingerprint = args["fingerprint"]
try:
force_new_uid = args["force_new_uid"]
except:
force_new_uid = False
if force_new_uid:
force_new_uid = True
# respond to the challenge from the service to be registered
this_service = get_this_service(need_private_access=True)
key = this_service.get_key(fingerprint)
response = key.decrypt(challenge)
# ok - we can respond to its challenge, so now challenge
# it, and if it passes, register the service
registry = Registry()
service_uid = registry.register_service(service=service,
force_new_uid=force_new_uid)
return {"service_uid": service_uid,
"response": response}
def run(args):
"""Upload a new chunk of data to a file"""
drive_uid = str(args["drive_uid"])
file_uid = str(args["file_uid"])
chunk_idx = int(args["chunk_index"])
secret = str(args["secret"])
data = string_to_bytes(args["data"])
checksum = str(args["checksum"])
drive = DriveInfo(drive_uid=drive_uid)
drive.upload_chunk(file_uid=file_uid,
chunk_index=chunk_idx,
secret=secret,
chunk=data,
checksum=checksum)
return True
async def handler(ctx, data=None, loop=None):
"""This function just reflects back the json that is supplied.
This is useful for debugging clients that are calling this
server
"""
result = {}
try:
data = json.loads(data)
privkey = get_service_private_key()
encrypted = string_to_bytes(data["data"])
decrypted = privkey.decrypt(encrypted).decode("utf-8")
data = json.loads(decrypted)
pem = data["encryption_public_key"]
key = PublicKey.from_data(pem)
result["key"] = str(key.to_data())
result["status"] = -1
except Exception as e:
message = {"status": -1, "message": "Error packing results: %s" % e}
return json.dumps(message)
except:
message = {
"status": -1,
"message": "Error packing results: Unknown error"
}
return json.dumps(message)
return json.dumps(result)
def run(args):
"""This function will allow the current user to authorise
a logout from the current session - this will be authorised
by signing the request to logout"""
status = 0
message = None
session_uid = args["session_uid"]
username = args["username"]
permission = args["permission"]
signature = string_to_bytes(args["signature"])
# generate a sanitised version of the username
user_account = UserAccount(username)
# now log into the central identity account to query
# the current status of this login session
bucket = login_to_service_account()
user_session_key = "sessions/%s/%s" % \
(user_account.sanitised_name(), session_uid)
request_session_key = "requests/%s/%s" % (session_uid[:8], session_uid)
login_session = LoginSession.from_data(
ObjectStore.get_object_from_json(bucket, user_session_key))
if login_session:
# get the signing certificate from the login session and
# validate that the permission object has been signed by
# the user requesting the logout
cert = login_session.public_certificate()
cert.verify(signature, permission)
# the signature was correct, so log the user out. For record
# keeping purposes we change the loginsession to a logout state
# and move it to another part of the object store
if login_session.is_approved():
login_session.logout()
# only save sessions that were successfully approved
if login_session:
if login_session.is_logged_out():
expired_session_key = "expired_sessions/%s/%s" % \
(user_account.sanitised_name(),
session_uid)
ObjectStore.set_object_from_json(bucket, expired_session_key,
login_session.to_data())
try:
ObjectStore.delete_object(bucket, user_session_key)
except:
pass
try:
ObjectStore.delete_object(bucket, request_session_key)
except:
pass
status = 0
message = "Successfully logged out"
return_value = create_return_value(status, message)
return return_value
def test_pack_unpack_args_returnvals():
privkey = get_private_key("testing")
pubkey = privkey.public_key()
args = {"message": "Hello, this is a message",
"status": 0,
"long": [random.random() for _ in range(2)]}
func = "test_function"
packed = pack_arguments(function=func, args=args)
crypted = pubkey.encrypt(packed)
uncrypted = privkey.decrypt(crypted)
(f, unpacked, keys) = unpack_arguments(args=uncrypted)
print(keys)
assert(args == unpacked)
assert(f == func)
packed = pack_arguments(function=func, args=args,
key=pubkey, response_key=pubkey,
public_cert=pubkey)
data = json.loads(packed.decode("utf-8"))
assert(data["encrypted"])
assert(data["fingerprint"] == privkey.fingerprint())
payload = privkey.decrypt(string_to_bytes(data["data"]))
payload = json.loads(payload)
assert(payload["sign_with_service_key"] == privkey.fingerprint())
assert(payload["encryption_public_key"] == bytes_to_string(pubkey.bytes()))
assert(payload["payload"] == args)
(f, unpacked, keys) = unpack_arguments(function=func, args=packed,
key=privkey)
message = {"message": "OK"}
return_value = create_return_value(message)
packed_result = pack_return_value(function=func,
payload=return_value, key=keys,
private_cert=privkey)
result = json.loads(packed_result.decode("utf-8"))
assert(result["fingerprint"] == privkey.fingerprint())
assert(result["encrypted"])
data = string_to_bytes(result["data"])
sig = string_to_bytes(result["signature"])
pubkey.verify(signature=sig, message=data)
data = json.loads(privkey.decrypt(data))
assert(data["payload"]["return"] == message)
result = unpack_return_value(return_value=packed_result,
key=privkey, public_cert=pubkey)
assert(result == message)
try:
return_value = create_return_value(_foo())
except Exception as e:
return_value = create_return_value(e)
packed_result = pack_return_value(function=func,
payload=return_value, key=keys,
private_cert=privkey)
with pytest.raises(PermissionError):
result = unpack_return_value(function=func, return_value=packed_result,
key=privkey, public_cert=pubkey)
service_salt = service_info["salt"]
while True:
password = getpass.getpass(
prompt="Please enter the service primary password: "******"key"],
passphrase=password)
break
except:
print("Password incorrect. Try again.")
old_config = service_key.decrypt(string_to_bytes(service_info["config"]))
old_config = json.loads(old_config)
keep = True
else:
while True:
password = getpass.getpass(
prompt="Please enter the service primary password: "******"Please enter the password again: ")
if password == password2:
break
print("Passwords not equal - please try again")
service_salt = PrivateKey.random_passphrase()
password = Hash.multi_md5(password, service_salt)