def decrypt_secret(self, uuid): '''retrieve secret from the database, decrypt and return tuple''' session = DBSession() hasher = SHA256.new() hasher.update(bytes('{}{}'.format(uuid, uuid), encoding='utf-8')) uniqhash = hasher.hexdigest() # see if we can find such a secret try: result = session.query(Secret).filter( Secret.uniqhash == uniqhash, Secret.expiry_time >= datetime.datetime.now(), or_( Secret.lifetime_reads > 0, Secret.lifetime_reads == -1 )).one() except NoResultFound as e: raise SecretExpiredException() # excellent, decrement the views & immediately write to database if not result.flag_unlimited_reads: result.lifetime_reads -= 1 session.update(result) session.flush() # decrypt the data in our secret, return them plaintext = _decrypt(result, uniqhash) return (result, plaintext)
def decrypt_secret(self, uuid, metaonly=False): '''retrieve secret from the database, decrypt and return tuple''' uuid = bytes(uuid.encode('ascii')) hasher = SHA256.new() hasher.update(uuid + uuid) uniqhash = hasher.hexdigest() # see if we can find such a secret try: result = DBSession.query(Secret).filter( Secret.uniqhash == uniqhash, Secret.expiry_time >= datetime.datetime.now(), or_( Secret.lifetime_reads > 0, Secret.lifetime_reads == -1 )).one() except NoResultFound: raise SecretExpiredException() # if we're not decrypting it, we can go ahead and consider it unviewed if metaonly: return (result, None) # excellent, decrement the views & immediately write to database if not result.flag_unlimited_reads: result.lifetime_reads -= 1 DBSession.flush() # decrypt the data in our secret, return them plaintext = self._decrypt(result, uuid) return (result, plaintext)
def create_secret(self, *args, **kwargs): '''create secret, encrypt, and return tuple''' self._secret = Secret() for key in ('expiry_time', 'snippet_type', 'lifetime_reads', 'early_delete'): if key == 'early_delete': self._secret.flag_delete_early = kwargs['early_delete'] continue if key == 'lifetime_reads': if kwargs['lifetime_reads'] < 0: self._secret.flag_unlimited_reads = True continue setattr(self._secret, key, kwargs[key]) session = DBSession() secret, uuid = self._encrypt(kwargs['plaintext']) DBSession.add(secret) DBSession.flush() return (secret, uuid)