async def do_get_claim_requests(self) -> "UserGreetInProgress4Ctx":
rep = await self._cmds.invite_4_greeter_communicate(token=self.token,
payload=b"")
if rep["status"] in ("not_found", "already_deleted"):
raise InviteNotAvailableError()
elif rep["status"] == "invalid_state":
raise InvitePeerResetError()
elif rep["status"] != "ok":
raise InviteError(
f"Backend error during step 4 (data exchange): {rep}")
if rep["payload"] is None:
raise InviteError("Missing InviteUserData payload")
try:
data = InviteUserData.decrypt_and_load(rep["payload"],
key=self._shared_secret_key)
except DataError as exc:
raise InviteError(
"Invalid InviteUserData payload provided by peer") from exc
return UserGreetInProgress4Ctx(
token=self.token,
requested_device_label=data.requested_device_label,
requested_human_handle=data.requested_human_handle,
public_key=data.public_key,
verify_key=data.verify_key,
shared_secret_key=self._shared_secret_key,
cmds=self._cmds,
)
async def do_claim_user(
self,
requested_device_label: Optional[DeviceLabel],
requested_human_handle: Optional[HumanHandle],
) -> LocalDevice:
# User&device keys are generated here and kept in memory until the end of
# the enrollment process. This mean we can lost it if something goes wrong.
# This has no impact until step 4 (somewhere between data exchange and
# confirmation exchange steps) where greeter upload our certificates in
# the server.
# This is considered acceptable given 1) the error window is small and
# 2) if this occurs the inviter can revoke the user and retry the
# enrollment process to fix this
private_key = PrivateKey.generate()
signing_key = SigningKey.generate()
try:
payload = InviteUserData(
requested_device_label=requested_device_label,
requested_human_handle=requested_human_handle,
public_key=private_key.public_key,
verify_key=signing_key.verify_key,
).dump_and_encrypt(key=self._shared_secret_key)
except DataError as exc:
raise InviteError(
"Cannot generate InviteUserData payload") from exc
rep = await self._cmds.invite_4_claimer_communicate(payload=payload)
_check_rep(rep, step_name="step 4 (data exchange)")
rep = await self._cmds.invite_4_claimer_communicate(payload=b"")
_check_rep(rep, step_name="step 4 (confirmation exchange)")
try:
confirmation = InviteUserConfirmation.decrypt_and_load(
rep["payload"], key=self._shared_secret_key)
except DataError as exc:
raise InviteError(
"Invalid InviteUserConfirmation payload provided by peer"
) from exc
organization_addr = BackendOrganizationAddr.build(
backend_addr=self._cmds.addr.get_backend_addr(),
organization_id=self._cmds.addr.organization_id,
root_verify_key=confirmation.root_verify_key,
)
new_device = generate_new_device(
organization_addr=organization_addr,
device_id=confirmation.device_id,
device_label=confirmation.device_label,
human_handle=confirmation.human_handle,
profile=confirmation.profile,
private_key=private_key,
signing_key=signing_key,
)
return new_device
async def do_claim_user(
self, requested_device_label: Optional[str],
requested_human_handle: Optional[HumanHandle]) -> LocalDevice:
private_key = PrivateKey.generate()
signing_key = SigningKey.generate()
try:
payload = InviteUserData(
requested_device_label=requested_device_label,
requested_human_handle=requested_human_handle,
public_key=private_key.public_key,
verify_key=signing_key.verify_key,
).dump_and_encrypt(key=self._shared_secret_key)
except DataError as exc:
raise InviteError(
"Cannot generate InviteUserData payload") from exc
rep = await self._cmds.invite_4_claimer_communicate(payload=payload)
if rep["status"] == "invalid_state":
raise InvitePeerResetError()
elif rep["status"] != "ok":
raise InviteError(
f"Backend error during step 4 (data exchange): {rep}")
rep = await self._cmds.invite_4_claimer_communicate(payload=b"")
if rep["status"] == "invalid_state":
raise InvitePeerResetError()
elif rep["status"] != "ok":
raise InviteError(
f"Backend error during step 4 (confirmation exchange): {rep}")
try:
confirmation = InviteUserConfirmation.decrypt_and_load(
rep["payload"], key=self._shared_secret_key)
except DataError as exc:
raise InviteError(
"Invalid InviteUserConfirmation payload provided by peer"
) from exc
organization_addr = BackendOrganizationAddr.build(
backend_addr=self._cmds.addr,
organization_id=self._cmds.addr.organization_id,
root_verify_key=confirmation.root_verify_key,
)
new_device = generate_new_device(
organization_addr=organization_addr,
device_id=confirmation.device_id,
device_label=confirmation.device_label,
human_handle=confirmation.human_handle,
profile=confirmation.profile,
private_key=private_key,
signing_key=signing_key,
)
return new_device
async def do_get_claim_requests(self) -> "UserGreetInProgress4Ctx":
rep = await self._cmds.invite_4_greeter_communicate(token=self.token, payload=b"")
_check_rep(rep, step_name="step 4 (data exchange)")
if rep["payload"] is None:
raise InviteError("Missing InviteUserData payload")
try:
data = InviteUserData.decrypt_and_load(rep["payload"], key=self._shared_secret_key)
except DataError as exc:
raise InviteError("Invalid InviteUserData payload provided by peer") from exc
return UserGreetInProgress4Ctx(
token=self.token,
requested_device_label=data.requested_device_label,
requested_human_handle=data.requested_human_handle,
public_key=data.public_key,
verify_key=data.verify_key,
shared_secret_key=self._shared_secret_key,
cmds=self._cmds,
)