def getPublicKey(self, **kwargs):
"""Server Side get User Publick Key from DB"""
username = kwargs['username']
userID = DBmodule.db_getUserId(str(username))
if userID is None:
pub_key = DBmodule.db_getUserPubKey(0)
else:
pub_key = DBmodule.db_getUserPubKey(userID)
return pub_key
def logInUser(self, **kwargs):
"""Server Side logIn User
User sends his username (Unique Identifier) and his password
Security: Message from user ciphered with Server Public Key
Session Management: Create a Public Key with DiffieHellman"""
# Decipher the Message with Server Private Key
receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex'))
print receivedData['userID']
# Verify if the user exists and has finished the regist process
if DBmodule.db_registAuthenticate(receivedData['userID']) and \
DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1:
# Create Session
print receivedData['userID']
print receivedData['password']
serverSession = DiffieHellman.DiffieHellman()
# Create challenge
token = os.urandom(20)
um.addSession(receivedData['userID'], serverSession, token)
# Send to client the Token and the session public key
tf = tempfile.NamedTemporaryFile(delete=True)
pub_key = DBmodule.db_getUserPubKey(
DBmodule.db_getUserID(receivedData['userID'])).decode('hex')
security.encrypt_RSA(security.importkey_RSA(pub_key), token, tf)
messageToSend = {
'token': tf.read().encode('hex'),
'session': serverSession.publicKey
}
return json.dumps(messageToSend)
elif DBmodule.db_registNotAuthenticate(receivedData['userID']):
return "REGIST_AGAIN"
else:
return "ERROR"
def share(self, **kwargs):
"""Server Side Share Initial Commnunication
Gets user access file by his user id from the File System and the
user destination public key, from the DB, by his ID and sends the
information to client
Security: Authenticate User Message
Concurrency control"""
username = kwargs['username']
sessionKey = um.getSessionKey(username)
if sessionKey != -1:
try:
data = json.loads(
security.decryptS_AES(kwargs['data'].decode('hex'),
sessionKey.decode('hex')))
file_name = data['filename']
usr_dst_name = data['usrdstname']
usr_id = DBmodule.db_getUserID(username)
file_id = DBmodule.db_getFileId(usr_id, file_name)
# Concurrent Access
while (DBmodule.db_fileStatus(file_id) is True):
time.sleep(2)
status = DBmodule.db_fileInUse(file_id)
# Verify if the user is valid and have access to the file
if status and um.validUser(
username) and DBmodule.db_filePermission(
usr_id, file_id):
destination = os.path.join('storage',
str(file_id) + '.file')
# Get User Access File
with open(destination + '.key' + str(usr_id)) as f:
aes = f.read()
usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
pub_key = DBmodule.db_getUserPubKey(usr_dst_id)
message = {'aes': aes, 'pubkey': pub_key}
messageToSend = security.encryptS_AES(
json.dumps(message),
sessionKey.decode('hex')).encode('hex')
cherrypy.response.headers['data'] = messageToSend
statusF = DBmodule.db_fileNotInUse(file_id)
if statusF is True:
return "Okay"
else:
raise cherrypy.HTTPError(
408,
'Request Timeout! Please Try Again\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401,
'Currently, you are not a valid user!\nSafeBox Team')
except:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
else:
raise cherrypy.HTTPError(
401, 'Currently, you are not a valid user!\nSafeBox Team')
