def revoke_arrangement(id_as_hex):
"""
REST endpoint for revoking/deleting a KFrag from a node.
"""
from nucypher.policy.collections import Revocation
revocation = Revocation.from_bytes(request.data)
log.info("Received revocation: {} -- for arrangement {}".format(bytes(revocation).hex(), id_as_hex))
try:
with ThreadedSession(db_engine) as session:
# Verify the Notice was signed by Alice
policy_arrangement = datastore.get_policy_arrangement(
id_as_hex.encode(), session=session)
alice_pubkey = UmbralPublicKey.from_bytes(
policy_arrangement.alice_verifying_key.key_data)
# Check that the request is the same for the provided revocation
if id_as_hex != revocation.arrangement_id.hex():
log.debug("Couldn't identify an arrangement with id {}".format(id_as_hex))
return Response(status_code=400)
elif revocation.verify_signature(alice_pubkey):
datastore.del_policy_arrangement(
id_as_hex.encode(), session=session)
except (NotFound, InvalidSignature) as e:
log.debug("Exception attempting to revoke: {}".format(e))
return Response(response='KFrag not found or revocation signature is invalid.', status=404)
else:
log.info("KFrag successfully removed.")
return Response(response='KFrag deleted!', status=200)
def test_revocation(federated_alice, federated_bob):
m, n = 2, 3
policy_end_datetime = maya.now() + datetime.timedelta(days=5)
label = b"revocation test"
policy = federated_alice.grant(federated_bob,
label,
m=m,
n=n,
expiration=policy_end_datetime)
# Test that all arrangements are included in the RevocationKit
for node_id, arrangement_id in policy.treasure_map:
assert policy.revocation_kit[node_id].arrangement_id == arrangement_id
# Test revocation kit's signatures
for revocation in policy.revocation_kit:
assert revocation.verify_signature(
federated_alice.stamp.as_umbral_pubkey())
# Test Revocation deserialization
revocation = policy.revocation_kit[node_id]
revocation_bytes = bytes(revocation)
deserialized_revocation = Revocation.from_bytes(revocation_bytes)
assert deserialized_revocation == revocation
# Attempt to revoke the new policy
failed_revocations = federated_alice.revoke(policy)
assert len(failed_revocations) == 0
# Try to revoke the already revoked policy
already_revoked = federated_alice.revoke(policy)
assert len(already_revoked) == 3
def revoke_arrangement(id_as_hex):
"""
REST endpoint for revoking/deleting a KFrag from a node.
"""
from nucypher.policy.collections import Revocation
revocation = Revocation.from_bytes(request.data)
log.info("Received revocation: {} -- for arrangement {}".format(
bytes(revocation).hex(), id_as_hex))
# Check that the request is the same for the provided revocation
if not id_as_hex == revocation.arrangement_id.hex():
log.debug("Couldn't identify an arrangement with id {}".format(
id_as_hex))
return Response(status_code=400)
try:
with datastore.describe(PolicyArrangement,
id_as_hex,
writeable=True) as policy_arrangement:
if revocation.verify_signature(
policy_arrangement.alice_verifying_key):
policy_arrangement.delete()
except (DatastoreTransactionError, InvalidSignature) as e:
log.debug("Exception attempting to revoke: {}".format(e))
return Response(
response='KFrag not found or revocation signature is invalid.',
status=404)
else:
log.info("KFrag successfully removed.")
return Response(response='KFrag deleted!', status=200)
def __init__(self, policy: 'Policy', signer: 'SignatureStamp'):
from nucypher.policy.collections import Revocation
self.revocations = dict()
for node_id, arrangement_id in policy.treasure_map:
self.revocations[node_id] = Revocation(arrangement_id,
signer=signer)