def create_ticket():
logger.log_access(request)
message = messaging.get_request_data(request)
encrypted_data = cryptography.strip_clear_signed_message(message)
decrypted_data = cryptography.two_layer_sym_asym_decrypt(
encrypted_data, data.private_key)
client_identity, transactor_id, timestamp, symmetric_key = decrypted_data.split(
SEP)
if data.identifier != transactor_id:
warn_message = 'transactor id does not match.'
logger.log_warn(warn_message)
return warn_message, 403
client_access_symmetric_key = cryptography.generate_symmetric_key()
client_address = request.remote_addr.encode('utf-8')
ticket_start_timestamp, ticket_end_timestamp = generator.get_ticket_life_span(
)
ticket_unencrypted = SEP.join([
client_access_symmetric_key, client_identity, client_address,
ticket_start_timestamp, ticket_end_timestamp
])
ticket = cryptography.encrypt_asym(ticket_unencrypted, data.public_key)
response = cryptography.encrypt_sym(
SEP.join([ticket, client_access_symmetric_key]), symmetric_key)
logger.log_info(
'generated access ticket and key for client id `{}`'.format(
client_identity))
return response, 200
def register_merchant():
logger.log_access(request)
message_enc = messaging.get_request_data(request)
message = cryptography.two_layer_sym_asym_decrypt(message_enc,
data.private_key)
merchant_identifier, merchant_public_key, transactor_identifier = message.split(
SEP)
warn_message = None
if transactor_identifier != data.identifier:
warn_message = 'invalid transactor identifier.'
elif merchant_identifier in data.public_keychain:
warn_message = 'merchant exists. aborting.'
if warn_message is not None:
logger.log_warn(warn_message)
return warn_message, 403
data.public_keychain[merchant_identifier] = merchant_public_key
account_number = generator.generate_random_account_number()
nonce = generator.generate_nonce()
account_receipt = SEP.join([account_number, nonce])
account_receipt_enc = cryptography.two_layer_sym_asym_encrypt(
account_receipt, merchant_public_key)
data.credit_accounts[merchant_identifier] = ((
account_number, nonce), config.INITIAL_MERCHANT_CREDIT)
return account_receipt_enc, 200
def create_psudonym():
logger.log_access(request)
message = messaging.get_request_data(request)
two_layer_enc_message, encrypted_key, nonce, timestamp, signature = message.split(
SEP)
plain_message = cryptography.two_layer_sym_asym_decrypt(
SEP.join([two_layer_enc_message, encrypted_key]), data.private_key)
true_identity, merchant_identifier, timestamp, offered_symmetric_key, type_ = plain_message.split(
SEP)
warn_message = None
if true_identity not in data.public_keychain:
warn_message = 'client unknown'
elif merchant_identifier not in data.public_keychain:
warn_message = 'merchant unknown'
elif not cryptography.verify_clear_signature(
message, data.public_keychain[true_identity]):
warn_message = 'clear signature not verified.'
elif type_ not in [
PsudonymTypes.PER_MERCHANT.value, PsudonymTypes.PER_SESSION.value
]:
warn_message = 'invalid psudonym type.'
elif type_ == PsudonymTypes.PER_SESSION:
warn_message = 'psudonym type not implemented.'
if warn_message is not None:
logger.log_warn(warn_message)
return warn_message, 403
psudonym_symmetric_key = cryptography.generate_symmetric_key()
psudonym = generator.generate_random_identity()
timestamp = generator.get_timestamp()
psudonym_ticket = SEP.join(
[psudonym, merchant_identifier, timestamp, psudonym_symmetric_key])
psudonym_ticket_two_layer_enc = \
cryptography.two_layer_sym_asym_encrypt(psudonym_ticket, data.public_keychain[merchant_identifier])
psudonym_ticket_two_layer_enc_clear_signed = cryptography.clear_sign(
psudonym_ticket_two_layer_enc, data.private_key)
psudonym_receipt = SEP.join(
[true_identity, merchant_identifier, psudonym, timestamp])
psudonym_receipt_clear_signed = cryptography.clear_sign(
psudonym_receipt, data.private_key)
final_message_to_encrypt = SEP.join([
psudonym_symmetric_key, psudonym_ticket_two_layer_enc_clear_signed,
psudonym_receipt_clear_signed
])
final_encrypted_message = cryptography.encrypt_sym(
final_message_to_encrypt, offered_symmetric_key)
return final_encrypted_message, 200
def register_on_transactor():
transactor_id, transactor_public_key = data.get_transactor_contact()
message = SEP.join([data.identifier, data.public_key, transactor_id])
message_encrypted = cryptography.two_layer_sym_asym_encrypt(
message, transactor_public_key)
response = messaging.transmit_message_and_get_response(
config.ADDRESS_BOOK[config.TRANSACTOR_ID], static.REGISTER_MERCHANT,
message_encrypted)
response_plain = cryptography.two_layer_sym_asym_decrypt(
response, data.private_key)
account_number, nonce = response_plain.split(SEP)
data.account = (account_number, nonce)
def register_group():
logger.log_access(request)
message_enc = messaging.get_request_data(request)
message = cryptography.two_layer_sym_asym_decrypt(message_enc,
data.private_key)
group_identifier, group_public_key, transactor_identifier = message.split(
SEP)
warn_message = None
if transactor_identifier != data.identifier:
warn_message = 'invalid transactor identifier.'
elif group_identifier in data.public_keychain:
warn_message = 'group exists. aborting.'
if warn_message is not None:
logger.log_warn(warn_message)
return warn_message, 403
data.public_keychain[group_identifier] = group_public_key
return 'success', 200