def POST(self): client_cert_pem = cipherLib.cleanReceivedPEM(cherrypy.request.headers['Ssl-Client-Cert']) name = cherrypy.request.headers['Ssl-Client-S-Dn-Cn'] user_id = storage.get_user_identifier(client_cert_pem) if user_id == None: storage.create_new_user(name, client_cert_pem) user_id = storage.get_user_identifier(client_cert_pem) content_length = int(cherrypy.request.headers['Content-Length']) if content_length > 0: try: raw_body = cherrypy.request.body.read(content_length) body = json.loads(raw_body) if 'key' in body: if len(body['key']) != BLOCK_SIZE * 2: raise cherrypy.HTTPError(400, "Key is not valid") cherrypy.session[SESSION_DEVICE] = binascii.unhexlify(body['key']) storage.associate_device_to_user(user_id, cherrypy.session.get(SESSION_DEVICE)) except Exception: raise cherrypy.HTTPError(400, "Wrong format") if SESSION_PLAYER in cherrypy.session: storage.associate_player_to_user(user_id, cherrypy.session[SESSION_PLAYER]) cherrypy.session[SESSION_USERID] = user_id cherrypy.response.status = 200 return {"status": 200, "message": "Login successfully", "username": name}
def POST(self): salt = cherrypy.session[SESSION_CHALLENGE_SALT] cherrypy.session[SESSION_CHALLENGE_SALT] = None try: content_length = int(cherrypy.request.headers['Content-Length']) raw_body = cherrypy.request.body.read(content_length) body = json.loads(raw_body) cert_pem = binascii.unhexlify(body['cert_pem']) sign = binascii.unhexlify(body['sign']) cidadao_cn = binascii.unhexlify(body['cidadao_cn']) ec_aut = binascii.unhexlify(body['ec_aut']) dkey = binascii.unhexlify(body['key']) except Exception: raise cherrypy.HTTPError(400, "Parameters with wrong format") if not cipherLib.validateCertificate(cert_pem, cidadao_cn, ec_aut): raise cherrypy.HTTPError(400, "Certificate couldn't be validated") if not cipherLib.verifySignature(cert_pem, salt, sign): raise cherrypy.HTTPError(400, "User challenge failed") user_id = storage.get_user_identifier(cert_pem) if user_id == None: obj = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem) names = obj.get_subject().get_components() username = None for (name, value) in names: if 'CN' == name: username = value if username is None: raise cherrypy.HTTPError(400, "Certificate doesn't have CN property defined") storage.create_new_user(username, cert_pem) user_id = storage.get_user_identifier(cert_pem) # Associate device to the user cherrypy.session[SESSION_DEVICE] = dkey storage.associate_device_to_user(user_id, cherrypy.session.get(SESSION_DEVICE)) if SESSION_PLAYER in cherrypy.session: storage.associate_player_to_user(user_id, cherrypy.session[SESSION_PLAYER]) cherrypy.session[SESSION_USERID] = user_id cherrypy.session[SESSION_CHALLENGE_VALID] = True cherrypy.response.status = 200 return {"status": 200, "message": "User challenge validated with success."}