def select_card(emitter, card_identifier: str) -> Card: if not card_identifier: cards = [] for filename in os.listdir(Card.CARD_DIR): filepath = Card.CARD_DIR / filename card = Card.load(filepath=filepath) cards.append(card) paint_cards(emitter=emitter, cards=cards, as_table=True) selection = click.prompt('Select card', type=click.IntRange(0, len(cards))) card = cards[selection] else: card = Card.load(identifier=card_identifier) return card
def retrieve(general_config, character_options, config_file, label, policy_encrypting_key, alice_verifying_key, message_kit, ipfs, alice, force): """Obtain plaintext from encrypted data, if access was granted.""" # Setup emitter = setup_emitter(general_config) BOB = character_options.create_character(emitter, config_file) if ipfs: import ipfshttpclient # TODO: #2108 emitter.message(f"Connecting to IPFS Gateway {ipfs}") ipfs_client = ipfshttpclient.connect(ipfs) cid = message_kit # Understand the message kit value as an IPFS hash. raw_message_kit = ipfs_client.cat(cid) # cat the contents at the hash reference emitter.message(f"Downloaded message kit from IPFS (CID {cid})", color='green') message_kit = raw_message_kit.decode() # cast to utf-8 if not alice_verifying_key: if alice: # from storage card = Card.load(identifier=alice) if card.character is not Alice: emitter.error('Grantee card is not an Alice.') raise click.Abort alice_verifying_key = card.verifying_key.hex() emitter.message(f'{card.nickname or ("Alice #"+card.id.hex())}\n' f'Verifying Key | {card.verifying_key.hex()}', color='green') if not force: click.confirm('Is this the correct Granter (Alice)?', abort=True) else: # interactive alice_verifying_key = click.prompt("Enter Alice's verifying key") # Request bob_request_data = { 'label': label, 'policy_encrypting_key': policy_encrypting_key, 'alice_verifying_key': alice_verifying_key, 'message_kit': message_kit, } response = BOB.controller.retrieve(request=bob_request_data) return response
def _list(): """Show all character cards""" emitter = StdoutEmitter() if not Card.CARD_DIR.is_dir(): Card.CARD_DIR.mkdir() card_filepaths = list(Card.CARD_DIR.iterdir()) if not card_filepaths: emitter.error( f'No cards found at {Card.CARD_DIR}. ' f"To create one run 'nucypher {contacts.name} {create.name}'.") cards = list() for filename in card_filepaths: card = Card.load(filepath=Card.CARD_DIR / filename) cards.append(card) paint_cards(emitter=emitter, cards=cards, as_table=True)
def _list(): """Show all character cards""" emitter = StdoutEmitter() card_directory = Card.CARD_DIR try: card_filepaths = os.listdir(card_directory) except FileNotFoundError: os.mkdir(Card.CARD_DIR) card_filepaths = os.listdir(card_directory) if not card_filepaths: emitter.error( f'No cards found at {card_directory}. ' f"To create one run 'nucypher {contacts.name} {create.name}'.") cards = list() for filename in card_filepaths: card = Card.load(filepath=Card.CARD_DIR / filename) cards.append(card) paint_cards(emitter=emitter, cards=cards, as_table=True)
def collect_keys_from_card(emitter: StdoutEmitter, card_identifier: str, force: bool): emitter.message(f"Searching contacts for {card_identifier}\n", color='yellow') card = Card.load(identifier=card_identifier) if card.character is not Bob: emitter.error('Grantee card is not a Bob.') raise click.Abort paint_single_card(emitter=emitter, card=card) if not force: click.confirm('Is this the correct grantee (Bob)?', abort=True) bob_encrypting_key = bytes(card.encrypting_key).hex() bob_verifying_key = bytes(card.verifying_key).hex() public_keys = PublicKeys(encrypting_key=bob_encrypting_key, verifying_key=bob_verifying_key) return public_keys
def retrieve_and_decrypt(general_config, character_options, config_file, alice_verifying_key, treasure_map, message_kit, ipfs, alice, decode, force): """Obtain plaintext from encrypted data, if access was granted.""" # 'message_kit' is a required and a "multiple" value click option - the option name was kept singular so that # it makes sense when specifying many of them i.e. `--message-kit <message_kit_1> --message-kit <message_kit_2> ...` message_kits = list(message_kit) # Setup emitter = setup_emitter(general_config) BOB = character_options.create_character(emitter, config_file, json_ipc=general_config.json_ipc) if not (bool(alice_verifying_key) ^ bool(alice)): message = f"Pass either '--alice_verifying_key' or '--alice'; " \ f"got {'both' if alice_verifying_key else 'neither'}" raise click.BadOptionUsage( option_name='--alice_verifying_key, --alice', message=message) if not alice_verifying_key: if alice: # from storage card = Card.load(identifier=alice) if card.character is not Alice: emitter.error('Grantee card is not an Alice.') raise click.Abort alice_verifying_key = bytes(card.verifying_key).hex() emitter.message( f'{card.nickname or ("Alice #"+card.id.hex())}\n' f'Verifying Key | {bytes(card.verifying_key).hex()}', color='green') if not force: click.confirm('Is this the correct Granter (Alice)?', abort=True) if ipfs: # '--message_kit' option was repurposed to specify ipfs cids (#2098) cids = [] for cid in message_kits: cids.append(cid) # populate message_kits list with actual message_kits message_kits = [] import ipfshttpclient # TODO: #2108 emitter.message(f"Connecting to IPFS Gateway {ipfs}") ipfs_client = ipfshttpclient.connect(ipfs) for cid in cids: raw_message_kit = ipfs_client.cat( cid) # cat the contents at the hash reference emitter.message(f"Downloaded message kit from IPFS (CID {cid})", color='green') message_kit = raw_message_kit.decode() # cast to utf-8 message_kits.append(message_kit) # Request bob_request_data = { 'alice_verifying_key': alice_verifying_key, 'message_kits': message_kits, 'encrypted_treasure_map': treasure_map } response = BOB.controller.retrieve_and_decrypt(request=bob_request_data) if decode: messages = list( [b64decode(r).decode() for r in response['cleartexts']]) emitter.echo('----------Messages----------') for message in messages: emitter.echo(message) return response
def retrieve(general_config, character_options, config_file, label, policy_encrypting_key, alice_verifying_key, message_kit, ipfs, alice, decode, force): """Obtain plaintext from encrypted data, if access was granted.""" # Setup emitter = setup_emitter(general_config) BOB = character_options.create_character(emitter, config_file, json_ipc=general_config.json_ipc) if not message_kit: if ipfs: prompt = "Enter IPFS CID for encrypted data" else: prompt = "Enter encrypted data (base64)" message_kit = click.prompt(prompt, type=click.STRING) if ipfs: import ipfshttpclient # TODO: #2108 emitter.message(f"Connecting to IPFS Gateway {ipfs}") ipfs_client = ipfshttpclient.connect(ipfs) cid = message_kit # Understand the message kit value as an IPFS hash. raw_message_kit = ipfs_client.cat(cid) # cat the contents at the hash reference emitter.message(f"Downloaded message kit from IPFS (CID {cid})", color='green') message_kit = raw_message_kit.decode() # cast to utf-8 if not alice_verifying_key: if alice: # from storage card = Card.load(identifier=alice) if card.character is not Alice: emitter.error('Grantee card is not an Alice.') raise click.Abort alice_verifying_key = bytes(card.verifying_key).hex() emitter.message(f'{card.nickname or ("Alice #"+card.id.hex())}\n' f'Verifying Key | {bytes(card.verifying_key).hex()}', color='green') if not force: click.confirm('Is this the correct Granter (Alice)?', abort=True) else: # interactive alice_verifying_key = click.prompt("Enter Alice's verifying key", click.STRING) if not force: if not policy_encrypting_key: policy_encrypting_key = click.prompt("Enter policy public key", type=click.STRING) if not label: label = click.prompt("Enter label to retrieve", type=click.STRING) # Request bob_request_data = { 'label': label, 'policy_encrypting_key': policy_encrypting_key, 'alice_verifying_key': alice_verifying_key, 'message_kit': message_kit, } response = BOB.controller.retrieve(request=bob_request_data) if decode: messages = list([b64decode(r).decode() for r in response['cleartexts']]) emitter.echo('----------Messages----------') for message in messages: emitter.echo(message) return response
def grant(general_config, bob, bob_encrypting_key, bob_verifying_key, label, value, rate, expiration, m, n, character_options, config_file, force): """Create and enact an access policy for some Bob. """ # Setup emitter = setup_emitter(general_config) ALICE = character_options.create_character(emitter, config_file, general_config.json_ipc) # Policy option validation if ALICE.federated_only: if any((value, rate)): message = "Can't use --value or --rate with a federated Alice." raise click.BadOptionUsage(option_name="--value, --rate", message=message) elif bool(value) and bool(rate): raise click.BadOptionUsage(option_name="--rate", message="Can't use --value if using --rate") # Grantee selection if bob and any((bob_encrypting_key, bob_verifying_key)): message = '--bob cannot be used with --bob-encrypting-key or --bob-veryfying key' raise click.BadOptionUsage(option_name='--bob', message=message) if bob: card = Card.load(identifier=bob) if card.character is not Bob: emitter.error('Grantee card is not a Bob.') raise click.Abort paint_single_card(emitter=emitter, card=card) if not force: click.confirm('Is this the correct grantee (Bob)?', abort=True) bob_encrypting_key = card.encrypting_key.hex() bob_verifying_key = card.verifying_key.hex() # Interactive collection follows: # TODO: Extricate to support modules # - Disclaimer # - Label # - Expiration Date & Time # - M of N # - Policy Value (ETH) # Policy Expiration # TODO: Remove this line when the time is right. paint_probationary_period_disclaimer(emitter) # Label if not label: label = click.prompt(f'Enter label to grant Bob {bob_verifying_key[:8]}', type=click.STRING) if not force and not expiration: if ALICE.duration_periods: # TODO: use a default in days or periods? expiration = maya.now() + timedelta(days=ALICE.duration_periods) # default if not click.confirm(f'Use default policy duration (expires {expiration})?'): expiration = click.prompt('Enter policy expiration datetime', type=click.DateTime()) else: # No policy duration default default available; Go interactive expiration = click.prompt('Enter policy expiration datetime', type=click.DateTime()) # TODO: Remove this line when the time is right. enforce_probationary_period(emitter=emitter, expiration=expiration) # Policy Threshold and Shares if not n: n = ALICE.n if not force and not click.confirm(f'Use default value for N ({n})?', default=True): n = click.prompt('Enter total number of shares (N)', type=click.INT) if not m: m = ALICE.m if not force and not click.confirm(f'Use default value for M ({m})?', default=True): m = click.prompt('Enter threshold (M)', type=click.IntRange(1, n)) # Policy Value policy_value_provided = bool(value) or bool(rate) if not ALICE.federated_only and not policy_value_provided: rate = ALICE.default_rate # TODO #1709 - Fine tuning and selection of default rates if not force: default_gwei = Web3.fromWei(rate, 'gwei') prompt = "Confirm rate of {node_rate} gwei ({total_rate} gwei per period)?" if not click.confirm(prompt.format(node_rate=default_gwei, total_rate=default_gwei*n), default=True): interactive_rate = click.prompt('Enter rate per period in gwei', type=GWEI) # TODO: Validate interactively collected rate (#1709) click.confirm(prompt.format(node_rate=rate, total_rate=rate*n), default=True, abort=True) rate = Web3.toWei(interactive_rate, 'gwei') # Request grant_request = { 'bob_encrypting_key': bob_encrypting_key, 'bob_verifying_key': bob_verifying_key, 'label': label, 'm': m, 'n': n, 'expiration': expiration, } if not ALICE.federated_only: if value: grant_request['value'] = value elif rate: grant_request['rate'] = rate # in wei if not force and not general_config.json_ipc: confirm_staged_grant(emitter=emitter, grant_request=grant_request) emitter.echo(f'Granting Access to {bob_verifying_key[:8]}', color='yellow') return ALICE.controller.grant(request=grant_request)