def handle(self):
global STARTED_SERVICES
while 1:
try:
command = self.request.recv(1024)
except:
break
if command == COMM_CREATE:
try:
user = self.request.recv(1024)
except:
break
user = json.loads(user)
key = os.urandom(24).encode('hex')
fake_test = self.isdb.get_user_key(user['username'])
if fake_test == None:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED}))
continue
if len(fake_test) != 0:
log.info('user already exists: %s' % user['username'])
self.request.sendall(json.dumps({'err': ERR_USER_ALREADY_EXISTS}))
continue
if isdb.insert_user(user['username'], calculate_md5(user['password']), user['security_level'], key) == False:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED}))
continue
services = isdb.get_all_services()
if services == None:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED}))
continue
control_access_matrix = isdb.get_control_access_matrix()
if control_access_matrix == None:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED}))
continue
control_access_matrix = json.loads(control_access_matrix[0]['matrix'])
for service in services:
if user['security_level'] == service['security_level']:
val = rand.randrange(4)
if val == 0:
control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'na'
elif val == 1:
control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'r'
elif val == 2:
control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'w'
else:
control_access_matrix['%s_%s' % (user['username'], service['name'])] = 'rw'
if isdb.update_control_access_matrix(json.dumps(control_access_matrix)) == False:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED}))
continue
self.request.sendall(json.dumps({'key': key}))
elif command == COMM_GET_SERVICES:
self.request.sendall(json.dumps(STARTED_SERVICES))
elif command == COMM_ACCESS_SERVICE:
user_data = json.loads(self.request.recv(1024))
database_user = isdb.get_user(user_data['user']['username'])
if database_user == None:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_INVALID_COMBINATION}))
continue
if len(database_user) == 0:
self.request.sendall(json.dumps({'err': ERR_USER_NOT_EXISTS}))
continue
service = isdb.get_service(user_data['service']['name'])
if service == None:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_INVALID_COMBINATION}))
continue
service = service[0]
database_user = database_user[0]
password = database_user['password'].replace('-', '')
print 'user key: %s' % database_user['key'].decode('hex')
user_aes_cipher = AESCipher(database_user['key'].decode('hex'))
service_aes_cipher = AESCipher(service['key'].decode('hex'))
if calculate_md5(user_data['user']['password']) != password:
self.request.sendall(json.dumps({'err': ERR_INVALID_COMBINATION}))
continue
control_access_matrix = isdb.get_control_access_matrix()
if control_access_matrix == None:
log.info(db.get_last_error())
self.request.sendall(json.dumps({'err': ERR_DB_OPERATION_FAILED}))
continue
control_access_matrix = json.loads(control_access_matrix[0]['matrix'])
has_right = False
matrix_key = '%s_%s' % (user_data['user']['username'], service['name'])
if matrix_key not in control_access_matrix:
if database_user['security_level'] > service['security_level']:
if user_data['right'] == 'r':
has_right = True
elif database_user['security_level'] < service['security_level']:
if user_data['right'] == 'w':
has_right = True
elif user_data['right'] in control_access_matrix[matrix_key]:
has_right = True
response = {}
if has_right == True:
des_key1 = os.urandom(8)
des_key2 = os.urandom(8)
tdes_key = (des_key1 + des_key2).encode('hex')
print 'k: %s' % tdes_key
tdes_key_lifetime = int(time.time()) + 2 * 60 * 60
response['for_user'] = {}
response['for_service'] = {}
response_for_user = {}
response_for_user['key'] = tdes_key
response_for_user['nonce'] = user_data['nonce']
response_for_user['service'] = user_data['service']
response_for_user['lifetime'] = tdes_key_lifetime
response['for_user'] = user_aes_cipher.encrypt_data(json.dumps(response_for_user)).encode('hex')
response_for_service = {}
response_for_service['key'] = tdes_key
user = {}
user['username'] = user_data['user']['username']
user['password'] = user_data['user']['password']
response_for_service['user'] = user
response_for_service['lifetime'] = tdes_key_lifetime
response['for_service'] = service_aes_cipher.encrypt_data(json.dumps(response_for_service)).encode('hex')
else:
response = {'err': ERR_FORBIDDEN}
self.request.sendall(json.dumps(response))
elif command == COMM_EXIT:
break
self.request.close()
