def decrypt_secret(self, uuid, metaonly=False):
'''retrieve secret from the database, decrypt and return tuple'''
uuid = bytes(uuid.encode('ascii'))
hasher = SHA256.new()
hasher.update(uuid + uuid)
uniqhash = hasher.hexdigest()
# see if we can find such a secret
try:
result = DBSession.query(Secret).filter(
Secret.uniqhash == uniqhash,
Secret.expiry_time >= datetime.datetime.now(),
or_(
Secret.lifetime_reads > 0,
Secret.lifetime_reads == -1
)).one()
except NoResultFound:
raise SecretExpiredException()
# if we're not decrypting it, we can go ahead and consider it unviewed
if metaonly:
return (result, None)
# excellent, decrement the views & immediately write to database
if not result.flag_unlimited_reads:
result.lifetime_reads -= 1
DBSession.flush()
# decrypt the data in our secret, return them
plaintext = self._decrypt(result, uuid)
return (result, plaintext)
def main(argv=sys.argv):
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri, options=options)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
with transaction.manager:
model = Secret('asdf')
DBSession.add(model)
def main(argv=None):
if argv is None:
argv = sys.argv
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri, options=options)
print(settings)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
def create_secret(self, *args, **kwargs):
'''create secret, encrypt, and return tuple'''
self._secret = Secret()
for key in ('expiry_time', 'snippet_type', 'lifetime_reads', 'early_delete'):
if key == 'early_delete':
self._secret.flag_delete_early = kwargs['early_delete']
continue
if key == 'lifetime_reads':
if kwargs['lifetime_reads'] < 0:
self._secret.flag_unlimited_reads = True
continue
setattr(self._secret, key, kwargs[key])
session = DBSession()
secret, uuid = self._encrypt(kwargs['plaintext'])
DBSession.add(secret)
DBSession.flush()
return (secret, uuid)
def decrypt_secret(self, uuid):
'''retrieve secret from the database, decrypt and return tuple'''
session = DBSession()
hasher = SHA256.new()
hasher.update(bytes('{}{}'.format(uuid, uuid), encoding='utf-8'))
uniqhash = hasher.hexdigest()
# see if we can find such a secret
try:
result = session.query(Secret).filter(
Secret.uniqhash == uniqhash,
Secret.expiry_time >= datetime.datetime.now(),
or_(
Secret.lifetime_reads > 0,
Secret.lifetime_reads == -1
)).one()
except NoResultFound as e:
raise SecretExpiredException()
# excellent, decrement the views & immediately write to database
if not result.flag_unlimited_reads:
result.lifetime_reads -= 1
session.update(result)
session.flush()
# decrypt the data in our secret, return them
plaintext = _decrypt(result, uniqhash)
return (result, plaintext)
