Kraken-fetch.py now has functioning auth system and added RSA key stuff for servers public/private setup, to be used to encrypt the responses. Made the demo-client.py work with current state of kraken-fetch.py.

This commit is contained in:
kalzu 2022-12-29 17:59:25 +02:00
parent ab3327464c
commit 0454d945c1
2 changed files with 63 additions and 49 deletions

View File

@ -1,11 +1,11 @@
#!/usr/bin/python3 #!/usr/bin/python3
import krakenex, math import krakenex, math
import json, sqlite3, binascii import json, sqlite3, rsa
import requests, os, time import requests, os, time
import threading, ecdsa import threading, ecdsa
from hashlib import sha256 from hashlib import sha256
from flask import Flask, request from flask import Flask, jsonify, request
database = "btc_ohlc.db" database = "btc_ohlc.db"
app = Flask(__name__) app = Flask(__name__)
@ -15,6 +15,11 @@ user_publickeys = {
"kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88' "kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
} }
## Generate the RSA keys for this instance
print("Generating RSA keys for this instance... just wait a bit...")
(server_public_key, server_private_key) = rsa.newkeys(4096)
server_public_key_string = server_public_key.save_pkcs1().decode('utf-8')
database_lock = threading.Lock() database_lock = threading.Lock()
# Empty response json # Empty response json
@ -232,20 +237,19 @@ def get_the_data():
time.sleep(290) time.sleep(290)
def check_auth(text, signature): def check_auth(text, signature):
print(text) ## Make bytes-object from given signature
print(signature)
sig_bytes = bytes.fromhex(signature) sig_bytes = bytes.fromhex(signature)
access_granted = 0
## We will iterate over all user keys to determ who is we are talking to and should they have access ## We will iterate over all user keys to determ who is we are talking to and should they have access
for key, value in user_publickeys.items(): for key, value in user_publickeys.items():
## What f*ck even is this? ## Create bytes-object from the public in 'value' variable
vk = ecdsa.VerifyingKey.from_string(sig_bytes.fromhex(value), curve=ecdsa.SECP256k1) ## and use it to create VerifyingKey (vk)
if vk.verify(sig_bytes, text): public_key_bytes = bytes.fromhex(value)
vk = ecdsa.VerifyingKey.from_string(public_key_bytes, curve=ecdsa.SECP256k1)
try:
vk.verify(sig_bytes, bytes(text, 'utf-8'))
print('user is', key) print('user is', key)
access_granted = 1
if access_granted != 0:
return True return True
else: except ecdsa.BadSignatureError:
return False return False
@app.route('/') @app.route('/')
@ -259,7 +263,7 @@ def get_data():
signature = request.headers.get('auth') signature = request.headers.get('auth')
get_url = request.url get_url = request.url
if not check_auth(get_url, signature): if not check_auth(get_url, signature):
return 'Error with Authentication', 403 return 'Access denied! Check your keys, maybe.', 403
database_lock.acquire() database_lock.acquire()
db = sqlite3.connect(database) db = sqlite3.connect(database)
@ -288,6 +292,17 @@ def get_data():
return response, 200, {'Content-Type': 'application/json'} return response, 200, {'Content-Type': 'application/json'}
@app.route('/serverkey')
def give_serverkey():
## This endpoint also under Authentication?
signature = request.headers.get('auth')
get_url = request.url
if not check_auth(get_url, signature):
return 'Access denied! Check your keys, maybe.', 403
return jsonify({'public_key': server_public_key_string})
if __name__ == '__main__': if __name__ == '__main__':
# Make sanity checks for the database # Make sanity checks for the database
Checkthedatabase() Checkthedatabase()

View File

@ -4,57 +4,56 @@ import requests
from hashlib import sha256 from hashlib import sha256
import ecdsa import ecdsa
private_key = '03486537091ceb021fb313e5cf3eb04d44ca2f19f72112a1' #private_key = '03486537091ceb021fb313e5cf3eb04d44ca2f19f72112a1'
# we need to send server: private_key = '039e1c137aa296d7af0cd55b468018ad1020949c2731e5141d032b8371490f48'
# the question: domain.tld/get/<id>
# the checksum: ?sum=sha256
# the signed data: header 'auth'
id = 123
url = 'localhost:5000/get/'
url_id = url + str(id)
sum = sha256(url_id.encode('ascii')).hexdigest()
reg_url = 'http://' + url_id + '?sum=' + sum
unsigned_data = url_id + '?' + 'sum=' + sum
# Generate SK from the private key # Generate SK from the private key
private_key_int = int(private_key, 16) private_key_int = int(private_key, 16)
sk = ecdsa.SigningKey.from_secret_exponent(private_key_int, curve=ecdsa.SECP256k1) sk = ecdsa.SigningKey.from_secret_exponent(private_key_int, curve=ecdsa.SECP256k1)
## Get the server public key
url = 'http://localhost:5000/serverkey'
# sign the message # sign the message
signature = sk.sign(unsigned_data.encode('utf-8')) signature = sk.sign(url.encode('utf-8'))
signature_hex = signature.hex() signature_hex = signature.hex()
print('we signed: ', unsigned_data) response = requests.get(url, headers={"auth":signature_hex})
print('We will send:')
print('to: ', reg_url)
print('sum: ', sum)
print('auth: ', signature_hex)
print('------------------------')
response = requests.get(reg_url, headers={"auth":signature_hex})
print('>>> ', response.status_code) print('>>> ', response.status_code)
print('>>> ', response.content) print('>>> ', response.content)
#ecdsa_public_key = '8716c78c09a4e4571a3112eca1c7ddce41289e20da446894b621f2a11ba91bc963f2e9fb9ddd5552c26faf814bc582b4'
ecdsa_public_key = '068716c78c09a4e4571a3112eca1c7ddce41289e20da446894b621f2a11ba91bc963f2e9fb9ddd5552c26faf814bc582b4'
bytes_public_key = bytes.fromhex(ecdsa_public_key)
bytes_signed_data = signature_hex.encode('utf-8')
vk = ecdsa.VerifyingKey.from_string(bytes_public_key, curve=ecdsa.SECP256k1) ## Get some kline data from the server
url = 'http://localhost:5000/?t=1672259440'
if vk.verify(signature_hex, unsigned_data):
response = "YES"
else:
response = "NO"
# sign the message
signature = sk.sign(url.encode('utf-8'))
signature_hex = signature.hex()
print('we signed: ', url)
print('We will send:')
print('to: ', url)
print('auth: ', signature_hex)
print('------------------------')
response = requests.get(url, headers={"auth":signature_hex})
print('>>> ', response.status_code)
print('>>> ', response.content)
##
##bytes_public_key = bytes.fromhex(ecdsa_public_key)
##
##bytes_signed_data = signature_hex.encode('utf-8')
##
##
##vk = ecdsa.VerifyingKey.from_string(bytes_public_key, curve=ecdsa.SECP256k1)
##
##if vk.verify(signature_hex, unsigned_data):
## response = "YES"
##else:
## response = "NO"
##
##
exit(0) exit(0)