def decrypt_token(action: str, token: str): """ Decrypts a token and returns the data in a list of strings Throws exception when the action does not fit or the token expired :param action: a unique identifier for the action associated with this token :param token: the crypted token :return: list of strings which contains the data given on creating the token """ # F**k you urlsafe_b64encode & padding and f**k you overzealous http implementations token = token.replace('%3d', '=') token = token.replace('%3D', '=') ciphertext = base64.urlsafe_b64decode(token.encode()) plaintext = Fernet(CRYPTO_KEY).decrypt(ciphertext).decode("utf-8") token_action, expiry, *result = plaintext.split(',') if token_action != action: raise ApiException([Error(ErrorCode.TOKEN_INVALID)]) if (float(expiry) < time.time()): raise ApiException([Error(ErrorCode.TOKEN_EXPIRED)]) return result
def decryptSingleImage(encryptedimagePath: str, password: str, single=True): encryptedimage = None with open(encryptedimagePath, 'r') as file: encryptedimage = file.read() passKey = keys.getPasswordGeneratedKey(password) try: image = Fernet(passKey).decrypt(encryptedimage.encode()) image = image.decode() # print(image[:20]) except InvalidToken: print("\tWrong Password! Try Again") sys.exit(0) shape, image = image.split(',') shape = list(map(int, shape.strip().split())) image = list(map(int, image.strip().split())) image = np.resize(np.array(image), shape) __writeDecryptedImage(encryptedimagePath, image, single)
def extractCredentials(self, request): # noqa camelCase """IExtractionPlugin implementation. Extracts login name from the request's "X-Queue-Auth-Token" header. This header contains an encrypted token with it's expiration date, together with the user name. Returns a dict with {'login': <username>} if: - current layer is ISenaiteQueueLayer, - the token can be decrypted, - the decrypted token contains both expiration and username and - the the token has not expired (expiration date) Returns an empty dict otherwise :param request: the HTTPRequest object to extract credentials from :return: a dict {"login": <username>} or empty dict """ # Check if request provides ISenaiteQueueLayer if not ISenaiteQueueLayer.providedBy(request): return {} # Read the magical header that contains the encrypted info auth_token = request.getHeader("X-Queue-Auth-Token") if not auth_token: return {} # Decrypt the auth_token key = api.get_registry_record("senaite.queue.auth_key") token = Fernet(str(key)).decrypt(auth_token) # Check if token is valid tokens = token.split(":") if len(tokens) < 2 or not api.is_floatable(tokens[0]): return {} # Check if token has expired expiration = api.to_float(tokens[0]) if expiration < time.time(): return {} user_id = "".join(tokens[1:]) return {"login": user_id}
coins = 7 user_credits_message = jsonpickle.encode({ 'Coins' : coins }).encode('utf-8') user_encrypted_message = Fernet(user.session_key).encrypt(user_credits_message) response = user.send_message_to(bank, user_encrypted_message) print('[MAIN] Response:', response) response = Fernet(user.session_key).decrypt(response) response = response.decode('utf-8') if 'success' in response: user.finalize_coins(coins, float(response.split(': ')[1])) elif 'failure' in response: print('[MAIN] Failure response from bank') # === if not user.has_first_payment_with(vendor): # Create new session key for new connection (this time with Vendor) and send it to him symmetric_key = Fernet.generate_key() user.set_vendor_session_key(symmetric_key) user.send_session_key_to(vendor, RSA.encrypt(vendor.public_key, symmetric_key)) # Also create new session key Bank - Vendor vendor.send_session_key_to(bank) # ack = vendor.send_message_to(bank, user_encrypted_payment_message)