def test_validate_passphrase():
# Passphrase too short
passphrase = 'x' * 5
with pytest.raises(ValueError):
_keyring = NucypherKeyring.generate(passphrase=passphrase)
# Empty passphrase is provided
with pytest.raises(ValueError):
_keyring = NucypherKeyring.generate(passphrase="")
def test_validate_password():
# Password too short
password = '******' * 5
with pytest.raises(ValueError):
_keyring = NucypherKeyring.generate(password=password)
# Empty password is provided
with pytest.raises(ValueError):
_keyring = NucypherKeyring.generate(password="")
def write_keyring(
self,
passphrase: str,
encrypting: bool,
wallet: bool,
tls: bool,
host: str,
tls_curve,
) -> NucypherKeyring:
self.keyring = NucypherKeyring.generate(passphrase=passphrase,
encrypting=encrypting,
wallet=wallet,
tls=tls,
host=host,
curve=tls_curve,
keyring_root=self.keyring_dir)
# TODO: Operating mode switch
if self.federated_only or not wallet:
self.checksum_address = self.keyring.federated_address
else:
self.checksum_address = self.keyring.checksum_address
if tls:
self.certificate_filepath = self.keyring.certificate_filepath
return self.keyring
def write_keyring(self, password: str, checksum_address: str = None, **generation_kwargs) -> NucypherKeyring:
if self.federated_only:
checksum_address = FEDERATED_ADDRESS
elif not checksum_address:
# Note: It is assumed the blockchain interface is not yet connected.
if self.provider_process:
# Generate Geth's "datadir"
if not os.path.exists(self.provider_process.data_dir):
os.mkdir(self.provider_process.data_dir)
# Get or create wallet address
if not self.checksum_address:
self.checksum_address = self.provider_process.ensure_account_exists(password=password)
elif self.checksum_address not in self.provider_process.accounts():
raise self.ConfigurationError(f'Unknown Account {self.checksum_address}')
elif not self.checksum_address:
raise self.ConfigurationError(f'No checksum address provided for decentralized configuration.')
checksum_address = self.checksum_address
self.keyring = NucypherKeyring.generate(password=password,
keyring_root=self.keyring_root,
checksum_address=checksum_address,
**generation_kwargs)
if self.federated_only:
self.checksum_address = self.keyring.checksum_address
return self.keyring
def write_keyring(self,
password: str,
checksum_address: str = None,
**generation_kwargs) -> NucypherKeyring:
# Configure checksum address
checksum_address = checksum_address or self.checksum_address
if self.federated_only:
checksum_address = FEDERATED_ADDRESS
elif not checksum_address:
raise self.ConfigurationError(
f'No checksum address provided for decentralized configuration.'
)
# Generate new keys
self.keyring = NucypherKeyring.generate(
password=password,
keyring_root=self.keyring_root,
checksum_address=checksum_address,
**generation_kwargs)
# In the case of a federated keyring generation,
# the generated federated address must be set here.
if self.federated_only:
self.checksum_address = self.keyring.checksum_address
return self.keyring
def create_account(self, passphrase: str = None) -> str:
"""Creates a new local or hosted ethereum wallet"""
choice = click.prompt("Create a new Hosted or Local account?",
default='hosted',
type=click.STRING).strip().lower()
if choice not in ('hosted', 'local'):
click.echo("Invalid Input")
raise click.Abort()
if not passphrase:
message = "Enter a passphrase to encrypt your wallet's private key"
passphrase = click.prompt(message,
hide_input=True,
confirmation_prompt=True)
if choice == 'local':
keyring = NucypherKeyring.generate(
passphrase=passphrase,
keyring_root=self.node_configuration.keyring_dir,
encrypting=False,
wallet=True)
new_address = keyring.checksum_address
elif choice == 'hosted':
new_address = self.blockchain.interface.w3.personal.newAccount(
passphrase)
else:
raise click.BadParameter(
"Invalid choice; Options are hosted or local.")
return new_address
def post(self):
if not request.data["account"] or not request.data["password"]:
response = {'message': "User data missing"}
return make_response(jsonify(response)), 404
user = request.data["account"]
password = request.data["password"]
try:
keyring = NucypherKeyring.generate(
checksum_address=user,
password=password, # used to encrypt nucypher private keys
keyring_root="//home/ghard/.local/share/nucypher/keyring")
keyring.unlock(password=password)
masterfile_contract.functions.RegisterUser(
user, keyring.signing_public_key.to_bytes(),
keyring.encrypting_public_key.to_bytes()).transact(
{"from": w3.eth.accounts[0]})
response = {'message': "Registration Accepted"}
keyring.lock()
return make_response(jsonify(response)), 200
except:
try:
keyring = NucypherKeyring(account=user)
keyring.unlock(password=password)
# Double check user has keys
keys = masterfile_contract.functions.userKeys(user).call()
print(keys)
if not keys[0]:
masterfile_contract.functions.RegisterUser(
user, keyring.signing_public_key.to_bytes(),
keyring.encrypting_public_key.to_bytes()).transact(
{"from": w3.eth.accounts[0]})
response = {'message': "Login Successful"}
keyring.lock()
return make_response(jsonify(response)), 200
except:
response = {'message': "Invalid Login"}
return make_response(jsonify(response)), 404
def write_keyring(self, password: str, **generation_kwargs) -> NucypherKeyring:
self.keyring = NucypherKeyring.generate(password=password,
keyring_root=self.keyring_dir,
**generation_kwargs)
# Operating mode switch TODO: #466
if self.federated_only:
self.checksum_public_address = self.keyring.federated_address
else:
self.checksum_public_address = self.keyring.checksum_address
return self.keyring
def _generate_keyring(root,
checksum_address=FEDERATED_ADDRESS,
password=INSECURE_DEVELOPMENT_PASSWORD,
encrypting=True,
rest=True,
host=LOOPBACK_ADDRESS):
keyring = NucypherKeyring.generate(checksum_address=checksum_address,
password=password,
encrypting=encrypting,
rest=rest,
host=host,
keyring_root=root)
return keyring
def test_tls_hosting_certificate_remains_the_same(tmpdir, mocker):
keyring = NucypherKeyring.generate(checksum_address=FEDERATED_ADDRESS,
password=INSECURE_DEVELOPMENT_PASSWORD,
encrypting=True,
rest=True,
host=LOOPBACK_ADDRESS,
keyring_root=tmpdir)
keyring.unlock(password=INSECURE_DEVELOPMENT_PASSWORD)
rest_port = 12345
db_filepath = tempfile.mkdtemp()
ursula = Ursula(federated_only=True,
start_learning_now=False,
keyring=keyring,
rest_host=LOOPBACK_ADDRESS,
rest_port=rest_port,
db_filepath=db_filepath,
domain=TEMPORARY_DOMAIN)
assert ursula.keyring is keyring
assert ursula.certificate == ursula._crypto_power.power_ups(
TLSHostingPower).keypair.certificate
original_certificate_bytes = ursula.certificate.public_bytes(
encoding=Encoding.PEM)
ursula.disenchant()
del ursula
spy_rest_server_init = mocker.spy(ProxyRESTServer, '__init__')
recreated_ursula = Ursula(federated_only=True,
start_learning_now=False,
keyring=keyring,
rest_host=LOOPBACK_ADDRESS,
rest_port=rest_port,
db_filepath=db_filepath,
domain=TEMPORARY_DOMAIN)
assert recreated_ursula.keyring is keyring
assert recreated_ursula.certificate.public_bytes(
encoding=Encoding.PEM) == original_certificate_bytes
tls_hosting_power = recreated_ursula._crypto_power.power_ups(
TLSHostingPower)
spy_rest_server_init.assert_called_once_with(
ANY, # self
rest_host=LOOPBACK_ADDRESS,
rest_port=rest_port,
rest_app=IsType(Flask),
datastore=IsType(Datastore),
hosting_power=tls_hosting_power)
recreated_ursula.disenchant()
def test_characters_use_keyring(tmpdir):
keyring = NucypherKeyring.generate(checksum_address=FEDERATED_ADDRESS,
password=INSECURE_DEVELOPMENT_PASSWORD,
encrypting=True,
rest=False,
keyring_root=tmpdir)
keyring.unlock(password=INSECURE_DEVELOPMENT_PASSWORD)
Alice(federated_only=True, start_learning_now=False, keyring=keyring)
Bob(federated_only=True, start_learning_now=False, keyring=keyring)
Ursula(federated_only=True,
start_learning_now=False,
keyring=keyring,
rest_host='127.0.0.1',
rest_port=12345)
def post(self):
password = request.json['password']
address = request.json['address']
passwd = PBKDF2(password,
address.encode(),
20,
count=30000,
hmac_hash_module=SHA256).hex()
keyring = NucypherKeyring.generate(checksum_address=address,
password=passwd,
keyring_root="./keys")
keyring.unlock(password=passwd)
keyring.lock()
json = self.readAndDeleteKeys(address, keyring)
return json
def write_keyring(self, password: str, wallet: bool = True, **generation_kwargs) -> NucypherKeyring:
checksum_address = None
#
# Decentralized
#
if wallet:
# Note: It is assumed the blockchain is not yet available.
if not self.federated_only and not self.checksum_address:
# "Casual Geth"
if self.provider_process:
if not os.path.exists(self.provider_process.data_dir):
os.mkdir(self.provider_process.data_dir)
# Get or create wallet address (geth etherbase)
checksum_address = self.provider_process.ensure_account_exists(password=password)
# "Formal Geth" - Manual Web3 Provider, We assume is already running and available
else:
self.connect_to_blockchain()
if not self.blockchain.interface.client.accounts:
raise self.ConfigurationError(f'Web3 provider "{self.provider_uri}" does not have any accounts')
checksum_address = self.blockchain.interface.client.etherbase
# Addresses read from some node keyrings (clients) are *not* returned in checksum format.
checksum_address = to_checksum_address(checksum_address)
# Use explicit address
elif self.checksum_address:
checksum_address = self.checksum_address
self.keyring = NucypherKeyring.generate(password=password,
keyring_root=self.keyring_dir,
checksum_address=checksum_address,
**generation_kwargs)
# Operating mode switch
if self.federated_only or not wallet:
self.checksum_address = self.keyring.federated_address
else:
self.checksum_address = self.keyring.account
return self.keyring
def test_characters_use_keyring(tmpdir):
keyring = NucypherKeyring.generate(checksum_address=FEDERATED_ADDRESS,
password=INSECURE_DEVELOPMENT_PASSWORD,
encrypting=True,
rest=False,
keyring_root=tmpdir)
keyring.unlock(password=INSECURE_DEVELOPMENT_PASSWORD)
a = Alice(federated_only=True, start_learning_now=False, keyring=keyring)
Bob(federated_only=True, start_learning_now=False, keyring=keyring)
Ursula(federated_only=True,
start_learning_now=False,
keyring=keyring,
rest_host='127.0.0.1',
rest_port=12345,
db_filepath=tempfile.mkdtemp())
a.disenchant(
) # To stop Alice's publication threadpool. TODO: Maybe only start it at first enactment?
def write_keyring(self, password: str, **generation_kwargs) -> NucypherKeyring:
if not self.federated_only and not self.checksum_public_address:
checksum_address = self.blockchain.interface.w3.eth.accounts[0] # etherbase
else:
checksum_address = self.checksum_public_address
self.keyring = NucypherKeyring.generate(password=password,
keyring_root=self.keyring_dir,
checksum_address=checksum_address,
**generation_kwargs)
# Operating mode switch TODO: #466
if self.federated_only:
self.checksum_public_address = self.keyring.federated_address
else:
self.checksum_public_address = self.keyring.account
return self.keyring
async def onRequestBuy(event):
SEEDNODE_URI = os.getenv("SEEDNODE_URI")
ursula = Ursula.from_seed_and_stake_info(seed_uri="localhost:11500",
federated_only=True,
minimum_stake=0)
NEW_PASSWORD = "******"
try:
keyring = NucypherKeyring.generate(
checksum_address='0xf61DBAbF5Ac0A3F99e91b663A590cF4cB58563D9',
password=NEW_PASSWORD, # used to encrypt nucypher private keys
keyring_root="//home/ghard/.local/share/nucypher/keyring")
except:
# Restore an existing Alice keyring
keyring = NucypherKeyring(
account='0xf61DBAbF5Ac0A3F99e91b663A590cF4cB58563D9')
keyring.unlock(password=NEW_PASSWORD)
alice = Alice(keyring=keyring,
known_nodes=[ursula],
federated_only=True,
learn_on_same_thread=True,
domain=TEMPORARY_DOMAIN)
user = event.args["buyer"]
keys = masterfile_contract.functions.userKeys(user).call()
print(user)
print(keys)
bob = Bob.from_public_keys(verifying_key=keys[0],
encrypting_key=keys[1],
federated_only=True)
policy = alice.grant(bob,
label=(str(event.args["tokenId"]) +
os.urandom(4).hex()).encode(),
m=2,
n=3,
expiration=maya.now() + timedelta(days=5))
policy.treasure_map_publisher.block_until_complete()
print("done")
def write_keyring(self, password: str,
**generation_kwargs) -> NucypherKeyring:
# Note: It is assumed the blockchain is not yet available.
if not self.federated_only:
if self.provider_process:
# Generate Geth's "datadir"
if not os.path.exists(self.provider_process.data_dir):
os.mkdir(self.provider_process.data_dir)
# Get or create wallet address
if not self.checksum_address:
self.checksum_address = self.provider_process.ensure_account_exists(
password=password)
elif self.checksum_address not in self.provider_process.accounts(
):
raise self.ConfigurationError(
f'Unknown Account {self.checksum_address}')
# Determine etherbase (web3)
elif not self.checksum_address:
self.connect_to_blockchain()
if not self.blockchain.client.accounts:
raise self.ConfigurationError(
f'Web3 provider "{self.provider_uri}" does not have any accounts'
)
self.checksum_address = self.blockchain.client.etherbase
self.keyring = NucypherKeyring.generate(
password=password,
keyring_root=self.keyring_root,
checksum_address=self.checksum_address,
federated=self.federated_only,
**generation_kwargs)
self.checksum_address = self.keyring.account
return self.keyring
def test_generate_alice_keyring(tmpdir):
keyring = NucypherKeyring.generate(
checksum_address=FEDERATED_ADDRESS,
password=INSECURE_DEVELOPMENT_PASSWORD,
encrypting=True,
rest=False,
keyring_root=tmpdir
)
enc_pubkey = keyring.encrypting_public_key
assert enc_pubkey is not None
with pytest.raises(NucypherKeyring.KeyringLocked):
_dec_keypair = keyring.derive_crypto_power(DecryptingPower).keypair
keyring.unlock(password=INSECURE_DEVELOPMENT_PASSWORD)
dec_keypair = keyring.derive_crypto_power(DecryptingPower).keypair
assert enc_pubkey == dec_keypair.pubkey
label = b'test'
delegating_power = keyring.derive_crypto_power(DelegatingPower)
delegating_pubkey = delegating_power.get_pubkey_from_label(label)
bob_pubkey = SecretKey.random().public_key()
signer = Signer(SecretKey.random())
delegating_pubkey_again, _kfrags = delegating_power.generate_kfrags(
bob_pubkey, signer, label, m=2, n=3
)
assert delegating_pubkey == delegating_pubkey_again
another_delegating_power = keyring.derive_crypto_power(DelegatingPower)
another_delegating_pubkey = another_delegating_power.get_pubkey_from_label(label)
assert delegating_pubkey == another_delegating_pubkey
def test_generate_alice_keyring(tmpdir):
password = '******' * 16
keyring = NucypherKeyring.generate(password=password,
encrypting=True,
wallet=False,
rest=False,
keyring_root=tmpdir)
enc_pubkey = keyring.encrypting_public_key
assert enc_pubkey is not None
with pytest.raises(NucypherKeyring.KeyringLocked):
_dec_keypair = keyring.derive_crypto_power(DecryptingPower).keypair
keyring.unlock(password)
dec_keypair = keyring.derive_crypto_power(DecryptingPower).keypair
assert enc_pubkey == dec_keypair.pubkey
label = b'test'
delegating_power = keyring.derive_crypto_power(DelegatingPower)
delegating_pubkey = delegating_power.get_pubkey_from_label(label)
bob_pubkey = UmbralPrivateKey.gen_key().get_pubkey()
signer = Signer(UmbralPrivateKey.gen_key())
delegating_pubkey_again, _kfrags = delegating_power.generate_kfrags(
bob_pubkey, signer, label, m=2, n=3)
assert delegating_pubkey == delegating_pubkey_again
another_delegating_power = keyring.derive_crypto_power(DelegatingPower)
another_delegating_pubkey = another_delegating_power.get_pubkey_from_label(
label)
assert delegating_pubkey == another_delegating_pubkey
from nucypher.crypto.kits import UmbralMessageKit
SESSION_ID = os.getenv("SESSION_ID")
BUCKET_ID = os.getenv("BUCKET_ID")
# "localhost:11500"
SEEDNODE_URI = os.getenv("SEEDNODE_URI")
ursula = Ursula.from_seed_and_stake_info(seed_uri=SEEDNODE_URI,
federated_only=True,
minimum_stake=0)
NEW_PASSWORD = "******"
try:
keyring = NucypherKeyring.generate(
checksum_address='0xf61DBAbF5Ac0A3F99e91b663A590cF4cB58563D9',
password=NEW_PASSWORD, # used to encrypt nucypher private keys
keyring_root="//home/ghard/.local/share/nucypher/keyring")
except:
# Restore an existing Alice keyring
keyring = NucypherKeyring(
account='0xf61DBAbF5Ac0A3F99e91b663A590cF4cB58563D9')
keyring.unlock(password=NEW_PASSWORD)
alice = Alice(keyring=keyring,
known_nodes=[ursula],
federated_only=True,
learn_on_same_thread=True,
domain=TEMPORARY_DOMAIN)
alice_sig_pubkey = alice.stamp