def decrypt_secret(self, uuid, metaonly=False): '''retrieve secret from the database, decrypt and return tuple''' uuid = bytes(uuid.encode('ascii')) hasher = SHA256.new() hasher.update(uuid + uuid) uniqhash = hasher.hexdigest() # see if we can find such a secret try: result = DBSession.query(Secret).filter( Secret.uniqhash == uniqhash, Secret.expiry_time >= datetime.datetime.now(), or_( Secret.lifetime_reads > 0, Secret.lifetime_reads == -1 )).one() except NoResultFound: raise SecretExpiredException() # if we're not decrypting it, we can go ahead and consider it unviewed if metaonly: return (result, None) # excellent, decrement the views & immediately write to database if not result.flag_unlimited_reads: result.lifetime_reads -= 1 DBSession.flush() # decrypt the data in our secret, return them plaintext = self._decrypt(result, uuid) return (result, plaintext)
def main(argv=sys.argv): if len(argv) < 2: usage(argv) config_uri = argv[1] options = parse_vars(argv[2:]) setup_logging(config_uri) settings = get_appsettings(config_uri, options=options) engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.create_all(engine) with transaction.manager: model = Secret('asdf') DBSession.add(model)
def main(argv=None): if argv is None: argv = sys.argv if len(argv) < 2: usage(argv) config_uri = argv[1] options = parse_vars(argv[2:]) setup_logging(config_uri) settings = get_appsettings(config_uri, options=options) print(settings) engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.create_all(engine)
def create_secret(self, *args, **kwargs): '''create secret, encrypt, and return tuple''' self._secret = Secret() for key in ('expiry_time', 'snippet_type', 'lifetime_reads', 'early_delete'): if key == 'early_delete': self._secret.flag_delete_early = kwargs['early_delete'] continue if key == 'lifetime_reads': if kwargs['lifetime_reads'] < 0: self._secret.flag_unlimited_reads = True continue setattr(self._secret, key, kwargs[key]) session = DBSession() secret, uuid = self._encrypt(kwargs['plaintext']) DBSession.add(secret) DBSession.flush() return (secret, uuid)
def decrypt_secret(self, uuid): '''retrieve secret from the database, decrypt and return tuple''' session = DBSession() hasher = SHA256.new() hasher.update(bytes('{}{}'.format(uuid, uuid), encoding='utf-8')) uniqhash = hasher.hexdigest() # see if we can find such a secret try: result = session.query(Secret).filter( Secret.uniqhash == uniqhash, Secret.expiry_time >= datetime.datetime.now(), or_( Secret.lifetime_reads > 0, Secret.lifetime_reads == -1 )).one() except NoResultFound as e: raise SecretExpiredException() # excellent, decrement the views & immediately write to database if not result.flag_unlimited_reads: result.lifetime_reads -= 1 session.update(result) session.flush() # decrypt the data in our secret, return them plaintext = _decrypt(result, uniqhash) return (result, plaintext)