# <center> Tornado Server Example
## <center> ENGR 580A2: Secure Vehicle and Industrial Networking
## <center> <img src="https://www.engr.colostate.edu/~jdaily/Systems-EN-CSU-1-C357.svg" width="400" /> 
### <center> Instructor: Dr. Jeremy Daily<br>Fall 2021

This notebook is a complete server. Once the program is running, you have to restart the Kernel to modify the code.

## HTTP Request Methods
https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods

Most internet traffic is taken care of using GET and POST commands. We will write a small server to accomodate those commands. This server, using the tornado framework, will reply to post and get requests.

Also, we'll add an endpoint that will use the Fernet recipe to send encyrpted traffic. However, we don't want to send the key over the socket, so we'll have to use an ECDH key exchange to get the symmetric session key.

## Tornado Server
Use `pip install tornado` to get things going if your version of Python doesn't have the tornado site package. 

In [1]:
import tornado.ioloop
import tornado.web
import time
import json
import os

### Main Handler
The GET handler for the root of the endpoint will send back a time stamp. This could be used as a nonce.

The POST response will echo the data it receives with a time stamp.

In [2]:
class MainHandler(tornado.web.RequestHandler):
    def get(self):
        self.write(json.dumps(
            {'message': "The current time is {}".format(time.time())}
        ))
    def post(self):
        data = json.loads(self.request.body.decode('utf-8'))
        print('Got JSON data: ', data)
        self.write(json.dumps({ 'data': data, 'time': time.time()}))

### Encrypted Handler
We'll assume we have a closed ecosystem with some known users. Each known user will have a known public key.

To secure these communications, we'll need to have a user database (i.e. a dictionary), and some methods for key exchange.

In [3]:
#Use this to generate a private key
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
from cryptography.hazmat.primitives import serialization
private_key = X25519PrivateKey.generate()
pem_bytes = private_key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.PKCS8,
                encryption_algorithm=serialization.NoEncryption()
           )
with open('private_ed25519key.pem','wb') as f:
    f.write(pem_bytes) 
print(pem_bytes.decode('ascii'))

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIAjnHh4MIDm9hzV7RIiZoXjMvIQr240a4CGUwSn/p85Y
-----END PRIVATE KEY-----



In [4]:
#use this to print out the public key
with open('private_ed25519key.pem','rb') as f:
    private_pem = f.read()
private_key = serialization.load_pem_private_key(private_pem, password=None)
pub_key  = private_key.public_key()
public_bytes = pub_key.public_bytes(
     encoding=serialization.Encoding.PEM,
     format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
print(public_bytes)

b'-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEAVDIB4f2hbUmXtDnew9hPEsaY6iOvK0B7R+PCKTSR1Qs=\n-----END PUBLIC KEY-----\n'


In [5]:
users = {
    1:{'name':'jeremy',
       'role':'instructor',
       'pub_key':b'-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEATSTNN872D1ElB9pbpyKFsPBfg9fFIzHe12Ga3XvHunc=\n-----END PUBLIC KEY-----\n'},
    2:{'name':'tom',
       'role':'chairman',
       'pub_key':''},
    3:{'name':'steve',
       'role':'advisor',
       'pub_key':''}
}

In [6]:
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
from cryptography.hazmat.primitives import serialization
import base64 

key = Fernet.generate_key()
f = Fernet(key)

class EncryptedHandler(tornado.web.RequestHandler):    
    def get(self):
        #Write the public key data out
        self.write(json.dumps({'pub':public_bytes.decode('utf-8')}))
        # This is still subject to a middleperson attack. The key should be signed.
    def post(self):
        try:
            data = json.loads(self.request.body.decode('utf-8'))
        except:
            self.write(json.dumps({'message':'Not able to load JSON data.'}))
            print('Got JSON data: ', data)
        if 'cipher_text' in data:
            cipher_text = data['cipher_text'].encode('utf-8')
            print(f.decrypt(cipher_text))
            self.write(json.dumps({'decrypted message':f.decrypt(cipher_text).decode('utf-8')}))
        elif 'pub_key' in data:
            user_pub_key = serialization.load_pem_public_key(data['pub_key'].encode('utf-8'))
            shared_key = private_key.exchange(user_pub_key)
            f_shared = Fernet(base64.urlsafe_b64encode(shared_key))
            self.write(json.dumps({'encrypted_session_key':f_shared.encrypt(key).decode('utf-8')}))
        else:
            self.write(json.dumps({ 'data received': data }))
        
        

In [7]:
#try:
port = 8080
app = tornado.web.Application([
    (r"/", MainHandler),
    (r"/encrypted/", EncryptedHandler)
   ], debug = True) #turn off debugging for production

app.listen(port)
print("Listening on port {}".format(port))
    #Restart Kernel in Jupyter to stop
##except OSError:
#    os._exit(0)

#Be sure to run all cells in order for everything to work correctly. 

Listening on port 8080
b'I have a dream that my four little children will one day live in a nation where they will not be judged by the color of their skin but by the content of their character.'
