summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko (leap communications) <kali@leap.se>2016-03-04 01:26:58 -0400
committerKali Kaneko (leap communications) <kali@leap.se>2016-03-04 01:26:58 -0400
commit05a15eb66ce7912094361e78e81d073e88cae21b (patch)
treeeaabed069b065c49f6d479dbe59b75611e7c8eab
parent4cb031e3de822e95d1d16105e786329c686b91c4 (diff)
hide srpauth implementation details
-rw-r--r--bonafide/src/leap/bonafide/_srp.py48
-rw-r--r--bonafide/src/leap/bonafide/session.py25
2 files changed, 37 insertions, 36 deletions
diff --git a/bonafide/src/leap/bonafide/_srp.py b/bonafide/src/leap/bonafide/_srp.py
index 1c711f3..38f657b 100644
--- a/bonafide/src/leap/bonafide/_srp.py
+++ b/bonafide/src/leap/bonafide/_srp.py
@@ -31,41 +31,45 @@ class SRPAuthMechanism(object):
Implement a protocol-agnostic SRP Authentication mechanism.
"""
- def initialize(self, username, password):
- srp_user = srp.User(username, password,
- srp.SHA256, srp.NG_1024)
- _, A = srp_user.start_authentication()
- return srp_user, A
-
- def get_handshake_params(self, username, A):
- return {'login': bytes(username), 'A': binascii.hexlify(A)}
-
- def process_handshake(self, srp_user, handshake_response):
+ def __init__(self, username, password):
+ self.username = username
+ self.srp_user = srp.User(username, password,
+ srp.SHA256, srp.NG_1024)
+ _, A = self.srp_user.start_authentication()
+ self.A = A
+ self.M = None
+ self.M2 = None
+
+ def get_handshake_params(self):
+ return {'login': bytes(self.username),
+ 'A': binascii.hexlify(self.A)}
+
+ def process_handshake(self, handshake_response):
challenge = json.loads(handshake_response)
self._check_for_errors(challenge)
salt = challenge.get('salt', None)
B = challenge.get('B', None)
unhex_salt, unhex_B = self._unhex_salt_B(salt, B)
- M = srp_user.process_challenge(unhex_salt, unhex_B)
- return M
+ self.M = self.srp_user.process_challenge(unhex_salt, unhex_B)
- def get_authentication_params(self, M, A):
+ def get_authentication_params(self):
# It looks A is not used server side
- return {'client_auth': binascii.hexlify(M), 'A': binascii.hexlify(A)}
+ return {'client_auth': binascii.hexlify(self.M),
+ 'A': binascii.hexlify(self.A)}
def process_authentication(self, authentication_response):
auth = json.loads(authentication_response)
self._check_for_errors(auth)
uuid = auth.get('id', None)
token = auth.get('token', None)
- M2 = auth.get('M2', None)
- self._check_auth_params(uuid, token, M2)
- return uuid, token, M2
-
- def verify_authentication(self, srp_user, M2):
- unhex_M2 = _safe_unhexlify(M2)
- srp_user.verify_session(unhex_M2)
- assert srp_user.authenticated()
+ self.M2 = auth.get('M2', None)
+ self._check_auth_params(uuid, token, self.M2)
+ return uuid, token
+
+ def verify_authentication(self):
+ unhex_M2 = _safe_unhexlify(self.M2)
+ self.srp_user.verify_session(unhex_M2)
+ assert self.srp_user.authenticated()
def _check_for_errors(self, response):
if 'errors' in response:
diff --git a/bonafide/src/leap/bonafide/session.py b/bonafide/src/leap/bonafide/session.py
index 547f0dd..ec1587f 100644
--- a/bonafide/src/leap/bonafide/session.py
+++ b/bonafide/src/leap/bonafide/session.py
@@ -61,9 +61,10 @@ class Session(object):
def _initialize_session(self):
self._agent = cookieAgentFactory(self._provider_cert)
- self._srp_auth = _srp.SRPAuthMechanism()
+ username = self.username or ''
+ password = self.password or ''
+ self._srp_auth = _srp.SRPAuthMechanism(username, password)
self._srp_signup = _srp.SRPSignupMechanism()
- self._srp_user = None
self._token = None
self._uuid = None
@@ -79,36 +80,30 @@ class Session(object):
@property
def is_authenticated(self):
- if not self._srp_user:
- return False
- return self._srp_user.authenticated()
+ return self._srp_auth.srp_user.authenticated()
@defer.inlineCallbacks
def authenticate(self):
- srpuser, A = self._srp_auth.initialize(
- self.username, self.password)
- self._srp_user = srpuser
-
uri = self._api.get_handshake_uri()
met = self._api.get_handshake_method()
log.msg("%s to %s" % (met, uri))
- params = self._srp_auth.get_handshake_params(self.username, A)
+ params = self._srp_auth.get_handshake_params()
handshake = yield self._request(self._agent, uri, values=params,
method=met)
- M = self._srp_auth.process_handshake(srpuser, handshake)
+ self._srp_auth.process_handshake(handshake)
uri = self._api.get_authenticate_uri(login=self.username)
met = self._api.get_authenticate_method()
log.msg("%s to %s" % (met, uri))
- params = self._srp_auth.get_authentication_params(M, A)
+ params = self._srp_auth.get_authentication_params()
auth = yield self._request(self._agent, uri, values=params,
method=met)
- uuid, token, M2 = self._srp_auth.process_authentication(auth)
- self._srp_auth.verify_authentication(srpuser, M2)
+ uuid, token = self._srp_auth.process_authentication(auth)
+ self._srp_auth.verify_authentication()
self._uuid = uuid
self._token = token
@@ -120,6 +115,8 @@ class Session(object):
uri = self._api.get_logout_uri()
met = self._api.get_logout_method()
auth = yield self._request(self._agent, uri, method=met)
+ print 'AUTH', auth
+ print 'resetting user/pass'
self.username = None
self.password = None
self._initialize_session()