1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# -*- coding: utf-8 -*-
# session.py
# Copyright (C) 2015 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
LEAP Session management.
"""
from twisted.internet import defer, reactor
from twisted.python import log
from leap.bonafide import srp_auth
from leap.bonafide._decorators import needs_authentication
from leap.bonafide._http import httpRequest, cookieAgentFactory
class LeapSession(object):
def __init__(self, credentials, api, provider_cert):
# TODO check if an anonymous credentials is passed.
# TODO move provider_cert to api object.
# On creation, it should be able to retrieve all the info it needs
# (calling bootstrap).
# TODO could get a "provider" object instead.
# this provider can have an api attribute,
# and a "autoconfig" attribute passed on initialization.
# TODO get a file-descriptor for password if not in credentials
self.username = credentials.username
self.password = credentials.password
self._api = api
self._agent = cookieAgentFactory(provider_cert)
self._srp_auth = srp_auth.SRPAuthMechanism()
self._srp_user = None
self._token = None
self._uuid = None
@defer.inlineCallbacks
def authenticate(self):
srpuser, A = self._srp_auth.initialize(
self.username, self.password)
self._srp_user = srpuser
uri, method = self._api.get_uri_and_method('handshake')
log.msg("%s to %s" % (method, uri))
params = self._srp_auth.get_handshake_params(self.username, A)
handshake = yield httpRequest(self._agent, uri, values=params,
method=method)
M = self._srp_auth.process_handshake(srpuser, handshake)
uri, method = self._api.get_uri_and_method(
'authenticate', login=self.username)
log.msg("%s to %s" % (method, uri))
params = self._srp_auth.get_authentication_params(M, A)
auth = yield httpRequest(self._agent, uri, values=params,
method=method)
uuid, token, M2 = self._srp_auth.process_authentication(auth)
self._srp_auth.verify_authentication(srpuser, M2)
self._uuid = uuid
self._token = token
defer.returnValue('[OK] Credentias Authenticated through SRP')
@needs_authentication
def logout(self):
print "Should logout..."
@property
def is_authenticated(self):
if not self._srp_user:
return False
return self._srp_user.authenticated()
if __name__ == "__main__":
from leap.bonafide import provider
from twisted.cred.credentials import UsernamePassword
api = provider.LeapProviderApi('api.cdev.bitmask.net:4430', 1)
credentials = UsernamePassword('test_deb_090', 'lalalala')
cdev_pem = '/home/kali/.config/leap/providers/cdev.bitmask.net/keys/ca/cacert.pem'
session = LeapSession(credentials, api, cdev_pem)
def print_result(result):
print result
return result
def cbShutDown(ignored):
reactor.stop()
def auth_eb(failure):
print "[ERROR!]", failure.getErrorMessage()
d = session.authenticate()
d.addCallback(print_result)
d.addErrback(auth_eb)
d.addCallback(lambda _: session.logout())
d.addBoth(cbShutDown)
reactor.run()
|
