def dump_resource(request):
arch_pubkey = getattr(request.registry, 'arch_pubkey', None)
res_secretkey = SecretKey()
archive_box = Box(res_secretkey, arch_pubkey)
res_pubkey = res_secretkey.pk
del res_secretkey
data = request.context.serialize()
json_data = dumps(data)
encrypted_data = archive_box.encrypt(json_data)
return {'item': b64encode(encrypted_data), 'pubkey': b64encode(res_pubkey)}
def testBoxing():
msg = b'Hey there, a msg for you'
# Generate the key pairs for Alice and bob, if secret keys already exist
# they can be passed in, otherwise new keys will be automatically generated
bob = SecretKey()
alice = SecretKey()
"""
Alice: aA (a is alices private key, A is Alice's public key)
A = G*a
Bob: bB
B = G*b
hash(a*B) == hash(b*A) : hypothesis
hash(a*G*b) == hash(b*G*a) : substitution
hash(G*a*b) == hash(G*a*b) : commutative property of ECC math
True!
"""
# Create the boxes, this is an object which represents the combination of the
# sender's secret key and the receiver's public key
bob_box = Box(bob.sk, alice.pk)
alice_box = Box(alice.sk, bob.pk)
# Bob's box encrypts messages for Alice
bob_ctxt = bob_box.encrypt(msg)
# Alice's box decrypts messages from Bob
bclear = alice_box.decrypt(bob_ctxt)
# Alice can send encrypted messages which only Bob can decrypt
alice_ctxt = alice_box.encrypt(msg)
aclear = bob_box.decrypt(alice_ctxt)
print(bob.for_json())
print("bob's public key" + bob.hex_pk().hex())
print("bob's secret key" + bob.hex_sk().hex())
def testBoxing():
msg = b'Hey there, a msg for you'
# Generate the key pairs for Alice and bob, if secret keys already exist
# they can be passed in, otherwise new keys will be automatically generated
bob = SecretKey()
alice = SecretKey()
"""
Alice: aA (a is alices private key, A is Alice's public key)
A = G*a
Bob: bB
B = G*b
hash(a*B) == hash(b*A) : hypothesis
hash(a*G*b) == hash(b*G*a) : substitution
hash(G*a*b) == hash(G*a*b) : commutative property of ECC math
True!
"""
# Create the boxes, this is an object which represents the combination of the
# sender's secret key and the receiver's public key
bob_box = Box(bob.sk, alice.pk)
alice_box = Box(alice.sk, bob.pk)
# Bob's box encrypts messages for Alice
bob_ctxt = bob_box.encrypt(msg)
# Alice's box decrypts messages from Bob
bclear = alice_box.decrypt(bob_ctxt)
# Alice can send encrypted messages which only Bob can decrypt
alice_ctxt = alice_box.encrypt(msg)
aclear = bob_box.decrypt(alice_ctxt)
print(bob.for_json())
print("bob's public key" + bob.hex_pk().hex())
print("bob's secret key" + bob.hex_sk().hex())
def generate_keys(key_file):
"""generate keys in key_file"""
sk = SecretKey()
sk.save(key_file)
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditation)
config.add_renderer('json', JSON(serializer=simplejson.dumps))
config.add_renderer('prettyjson',
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
'jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_renderer(
'prettyjsonp',
JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
for entry_point in iter_entry_points('openprocurement.audit.api.plugins'):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
pass
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get(
'docservice_upload_url')
config.registry.docservice_key = dockey = Signer(
settings.get('dockey', '').decode('hex'))
config.registry.keyring = keyring = {}
dockeys = settings.get(
'dockeys') if 'dockeys' in settings else dockey.hex_vk()
for key in dockeys.split('\0'):
keyring[key[:8]] = Verifier(key)
# Archive keys
arch_pubkey = settings.get('arch_pubkey', None)
config.registry.arch_pubkey = PublicKey(
arch_pubkey.decode('hex') if arch_pubkey else SecretKey().pk)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
for entry_point in iter_entry_points(
'openprocurement.audit.api.migrations'):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get('id', '')
# search subscribers
subscribers_keys = [k for k in settings if k.startswith('subscribers.')]
for k in subscribers_keys:
subscribers = settings[k].split(',')
for subscriber in subscribers:
for entry_point in iter_entry_points(
'openprocurement.{}'.format(k), subscriber):
if entry_point:
plugin = entry_point.load()
plugin(config)
config.registry.health_threshold = float(
settings.get('health_threshold', 512))
config.registry.health_threshold_func = settings.get(
'health_threshold_func', 'all')
config.registry.update_after = asbool(settings.get('update_after', True))
config.registry.disable_opt_fields_filter = asbool(
settings.get('disable_opt_fields_filter', False))
return config.make_wsgi_app()
def main(global_config, **settings):
dsn = settings.get("sentry.dsn", None)
if dsn:
LOGGER.info("Init sentry sdk for {}".format(dsn))
sentry_sdk.init(
dsn=dsn,
integrations=[
LoggingIntegration(level=None, event_level=None),
PyramidIntegration()
],
send_default_pii=True,
request_bodies="always",
environment=settings.get("sentry.environment", None),
debug=settings.get("sentry.debug", False),
)
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings["auth.file"],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include("pyramid_exclog")
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_view(precondition, context=HTTPPreconditionFailed)
config.add_request_method(request_params, "params", reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditations)
config.add_request_method(get_currency_rates,
name="currency_rates",
reify=True)
config.add_renderer("json", JSON(serializer=simplejson.dumps))
config.add_renderer("prettyjson",
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
"jsonp", JSONP(param_name="opt_jsonp", serializer=simplejson.dumps))
config.add_renderer(
"prettyjsonp",
JSONP(indent=4, param_name="opt_jsonp", serializer=simplejson.dumps))
# search for plugins
plugins = settings.get("plugins") and [
plugin.strip() for plugin in settings["plugins"].split(",")
]
for entry_point in iter_entry_points("openprocurement.api.plugins"):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get("docservice_url")
config.registry.docservice_username = settings.get("docservice_username")
config.registry.docservice_password = settings.get("docservice_password")
config.registry.docservice_upload_url = settings.get(
"docservice_upload_url")
config.registry.docservice_key = dockey = Signer(
settings.get("dockey", "").decode("hex"))
config.registry.keyring = keyring = {}
dockeys = settings.get(
"dockeys") if "dockeys" in settings else dockey.hex_vk()
for key in dockeys.split("\0"):
keyring[key[:8]] = Verifier(key)
# Archive keys
arch_pubkey = settings.get("arch_pubkey", None)
config.registry.arch_pubkey = PublicKey(
arch_pubkey.decode("hex") if arch_pubkey else SecretKey().pk)
# migrate data
if not os.environ.get("MIGRATION_SKIP"):
for entry_point in iter_entry_points("openprocurement.api.migrations"):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get("id", "")
# search subscribers
subscribers_keys = [k for k in settings if k.startswith("subscribers.")]
for k in subscribers_keys:
subscribers = settings[k].split(",")
for subscriber in subscribers:
for entry_point in iter_entry_points(
"openprocurement.{}".format(k), subscriber):
if entry_point:
plugin = entry_point.load()
plugin(config)
config.registry.health_threshold = float(
settings.get("health_threshold", 512))
config.registry.health_threshold_func = settings.get(
"health_threshold_func", "all")
config.registry.update_after = asbool(settings.get("update_after", True))
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=route_prefix(settings),
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(extract_tender, 'tender', reify=True)
config.add_request_method(check_accreditation)
config.add_renderer('prettyjson', JSON(indent=4))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
config.add_subscriber(beforerender, BeforeRender)
config.scan("openprocurement.api.views.spore")
config.scan("openprocurement.api.views.health")
# tender procurementMethodType plugins support
config.add_route_predicate('procurementMethodType', isTender)
config.registry.tender_procurementMethodTypes = {}
config.add_request_method(tender_from_data)
config.add_directive('add_tender_procurementMethodType',
register_tender_procurementMethodType)
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
for entry_point in iter_entry_points('openprocurement.api.plugins'):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
server = Server(settings.get('couchdb.url'),
session=Session(retry_delays=range(10)))
if 'couchdb.admin_url' not in settings and server.resource.credentials:
try:
server.version()
except Unauthorized:
server = Server(
extract_credentials(settings.get('couchdb.url'))[0])
config.registry.couchdb_server = server
if 'couchdb.admin_url' in settings and server.resource.credentials:
aserver = Server(settings.get('couchdb.admin_url'),
session=Session(retry_delays=range(10)))
config.registry.admin_couchdb_server = aserver
users_db = aserver['_users']
if SECURITY != users_db.security:
LOGGER.info("Updating users db security",
extra={'MESSAGE_ID': 'update_users_security'})
users_db.security = SECURITY
username, password = server.resource.credentials
user_doc = users_db.get(
'org.couchdb.user:{}'.format(username),
{'_id': 'org.couchdb.user:{}'.format(username)})
if not user_doc.get(
'derived_key', '') or PBKDF2(password, user_doc.get(
'salt', ''), user_doc.get('iterations', 10)).hexread(
int(len(user_doc.get('derived_key', '')) /
2)) != user_doc.get('derived_key', ''):
user_doc.update({
"name": username,
"roles": [],
"type": "user",
"password": password
})
LOGGER.info("Updating api db main user",
extra={'MESSAGE_ID': 'update_api_main_user'})
users_db.save(user_doc)
security_users = [
username,
]
if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
reader_username = settings.get('couchdb.reader_username')
reader = users_db.get(
'org.couchdb.user:{}'.format(reader_username),
{'_id': 'org.couchdb.user:{}'.format(reader_username)})
if not reader.get('derived_key', '') or PBKDF2(
settings.get('couchdb.reader_password'),
reader.get('salt', ''), reader.get(
'iterations', 10)).hexread(
int(len(reader.get('derived_key', '')) /
2)) != reader.get('derived_key', ''):
reader.update({
"name":
reader_username,
"roles": ['reader'],
"type":
"user",
"password":
settings.get('couchdb.reader_password')
})
LOGGER.info("Updating api db reader user",
extra={'MESSAGE_ID': 'update_api_reader_user'})
users_db.save(reader)
security_users.append(reader_username)
if db_name not in aserver:
aserver.create(db_name)
db = aserver[db_name]
SECURITY[u'members'][u'names'] = security_users
if SECURITY != db.security:
LOGGER.info("Updating api db security",
extra={'MESSAGE_ID': 'update_api_security'})
db.security = SECURITY
auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
if auth_doc.get(
'validate_doc_update') != VALIDATE_DOC_UPDATE % username:
auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
LOGGER.info("Updating api db validate doc",
extra={'MESSAGE_ID': 'update_api_validate_doc'})
db.save(auth_doc)
# sync couchdb views
sync_design(db)
db = server[db_name]
else:
if db_name not in server:
server.create(db_name)
db = server[db_name]
# sync couchdb views
sync_design(db)
config.registry.db = db
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get(
'docservice_upload_url')
config.registry.docservice_key = dockey = Signer(
settings.get('dockey', '').decode('hex'))
config.registry.keyring = keyring = {}
dockeys = settings.get(
'dockeys') if 'dockeys' in settings else dockey.hex_vk()
for key in dockeys.split('\0'):
keyring[key[:8]] = Verifier(key)
# Archive keys
arch_pubkey = settings.get('arch_pubkey', None)
config.registry.arch_pubkey = PublicKey(
arch_pubkey.decode('hex') if arch_pubkey else SecretKey().pk)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
for entry_point in iter_entry_points('openprocurement.api.migrations'):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get('id', '')
config.registry.health_threshold = float(
settings.get('health_threshold', 512))
config.registry.health_threshold_func = settings.get(
'health_threshold_func', 'all')
config.registry.update_after = asbool(settings.get('update_after', True))
return config.make_wsgi_app()
def generate_public_key(self, key):
return self.encode(hex_decode(SecretKey(self.decode(key)).hex_pk()))
def generate_private_key(self, key):
sponge = shake()
sponge.update(strings.encode(key))
return self.encode(
hex_decode(
SecretKey(sponge.digest(crypto_box_SECRETKEYBYTES)).hex_sk()))
