def getPublicKey(self, **kwargs): """Server Side get User Publick Key from DB""" username = kwargs['username'] userID = DBmodule.db_getUserId(str(username)) if userID is None: pub_key = DBmodule.db_getUserPubKey(0) else: pub_key = DBmodule.db_getUserPubKey(userID) return pub_key
def logInUser(self, **kwargs): """Server Side logIn User User sends his username (Unique Identifier) and his password Security: Message from user ciphered with Server Public Key Session Management: Create a Public Key with DiffieHellman""" # Decipher the Message with Server Private Key receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex')) print receivedData['userID'] # Verify if the user exists and has finished the regist process if DBmodule.db_registAuthenticate(receivedData['userID']) and \ DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1: # Create Session print receivedData['userID'] print receivedData['password'] serverSession = DiffieHellman.DiffieHellman() # Create challenge token = os.urandom(20) um.addSession(receivedData['userID'], serverSession, token) # Send to client the Token and the session public key tf = tempfile.NamedTemporaryFile(delete=True) pub_key = DBmodule.db_getUserPubKey( DBmodule.db_getUserID(receivedData['userID'])).decode('hex') security.encrypt_RSA(security.importkey_RSA(pub_key), token, tf) messageToSend = { 'token': tf.read().encode('hex'), 'session': serverSession.publicKey } return json.dumps(messageToSend) elif DBmodule.db_registNotAuthenticate(receivedData['userID']): return "REGIST_AGAIN" else: return "ERROR"
def share(self, **kwargs): """Server Side Share Initial Commnunication Gets user access file by his user id from the File System and the user destination public key, from the DB, by his ID and sends the information to client Security: Authenticate User Message Concurrency control""" username = kwargs['username'] sessionKey = um.getSessionKey(username) if sessionKey != -1: try: data = json.loads( security.decryptS_AES(kwargs['data'].decode('hex'), sessionKey.decode('hex'))) file_name = data['filename'] usr_dst_name = data['usrdstname'] usr_id = DBmodule.db_getUserID(username) file_id = DBmodule.db_getFileId(usr_id, file_name) # Concurrent Access while (DBmodule.db_fileStatus(file_id) is True): time.sleep(2) status = DBmodule.db_fileInUse(file_id) # Verify if the user is valid and have access to the file if status and um.validUser( username) and DBmodule.db_filePermission( usr_id, file_id): destination = os.path.join('storage', str(file_id) + '.file') # Get User Access File with open(destination + '.key' + str(usr_id)) as f: aes = f.read() usr_dst_id = DBmodule.db_getUserID(usr_dst_name) pub_key = DBmodule.db_getUserPubKey(usr_dst_id) message = {'aes': aes, 'pubkey': pub_key} messageToSend = security.encryptS_AES( json.dumps(message), sessionKey.decode('hex')).encode('hex') cherrypy.response.headers['data'] = messageToSend statusF = DBmodule.db_fileNotInUse(file_id) if statusF is True: return "Okay" else: raise cherrypy.HTTPError( 408, 'Request Timeout! Please Try Again\nSafeBox Team') else: raise cherrypy.HTTPError( 401, 'Currently, you are not a valid user!\nSafeBox Team') except: raise cherrypy.HTTPError( 401, 'Currently, you are not a valid user!\nSafeBox Team') else: raise cherrypy.HTTPError( 401, 'Currently, you are not a valid user!\nSafeBox Team')