def _restore_master_secret(self, backup_file, encrypt_master_secret, passphrase, salt):
"""Restore secret from file.
Decode secret if encrypted.
"""
try:
with open(backup_file) as json_file:
backup = json.load(json_file)
except ValueError:
raise SecretsError('Master Secret backup file is corrupted.')
if encrypt_master_secret:
tag, plaintext = crypto.aes_gcm_decrypt(
aes_key=generate_aes_key(passphrase, salt),
iv=str(backup['IV'].decode('hex')),
header=str(backup['startTime']),
ciphertext=str(backup['ciphertext'].decode('hex')))
# Check authentication tag
if backup['tag'] != tag:
raise SecretsError('AES-GSM Decryption Failed. Authentication tag is not correct')
self.start_time = Time.ISOtoDateTime(str(backup['startTime']))
master_secret = plaintext.decode('hex')
else:
self.start_time = Time.ISOtoDateTime(backup['startTime'])
master_secret = backup['master_secret_hex'].decode('hex')
return master_secret, self.start_time
def _verifySignature(self):
identity = self.get_argument("i", default="")
expires = self.get_argument("e", default="")
signature = self.get_argument("s", default="")
log.debug("/mpinActivate request for identity: {0}".format(identity))
try:
data = json.loads(identity.decode("hex"))
userid = data["userID"]
issued = data["issued"]
sIssued = Time.DateTimetoHuman(Time.ISOtoDateTime(issued))
mobile = int(data.get("mobile") or 0)
except Exception as E:
log.error("Error parsing the verification email: {0}".format(E))
userid, issued, sIssued = None, None, None
if userid:
if expires < datetime.datetime.utcnow().isoformat(b"T").split(
".")[0] + "Z":
isValid = False
info = "Link expired"
else:
isValid = True
info = ""
deviceName = mobile and "Mobile" or "PC"
else:
log.error("/mpinActivate: Invalid IDENTITY: {0}".format(identity))
isValid, info = False, "Invalid identity"
deviceName, issued = "", ""
params = {
"isValid": isValid,
"identity": identity,
"errorMessage": info,
"userid": userid,
"issued": issued,
"humanIssued": sIssued,
"activated": False,
"deviceName": deviceName,
"activateKey": signature
}
return params
def __init__(self, storage, expire_time, **kwargs):
'''expireTime should be in ISO format'''
self.__fields = ["_id", "_active", "_expires"]
self.__storage = storage
self._id = uuid.uuid1().hex
if isinstance(expire_time, datetime.datetime):
self._expires = expire_time.isoformat()
else:
self._expires = expire_time
self._update_item(**kwargs)
self._expiration_datetime = None
if self._expires:
self._expiration_datetime = Time.ISOtoDateTime(self._expires)
self.__storage.update_index(self)