def unseal_signup_data(cls, sealed_signup_data):
"""
Args:
sealed_signup_data: Sealed signup data that was returned
previously in a EnclaveSignupInfo object from a call to
create_signup_info
Returns:
A string The hex encoded PoET public key that was extracted from
the sealed data
"""
# Reverse the process we used in creating "sealed" signup info.
# Specifically, we will do a base 32 decode, which gives us json
# we can convert back to a dictionary we can use to get the
# data we need
signup_data = \
json2dict(base64.b64decode(sealed_signup_data))
with cls._lock:
cls._poet_public_key = \
signing.decode_pubkey(
signup_data.get('poet_public_key'),
'hex')
cls._poet_private_key = \
signing.decode_privkey(
signup_data.get('poet_private_key'),
'hex')
cls._active_wait_timer = None
return signup_data.get('poet_public_key')
def verify_wait_certificate(cls, certificate, poet_public_key):
# Reconstitute the PoET public key and check the signature over the
# serialized wait certificate.
decoded_poet_public_key = \
signing.decode_pubkey(poet_public_key, 'hex')
return \
signing.verify(
certificate.serialize(),
certificate.signature,
decoded_poet_public_key)
def verify_wait_certificate(cls, certificate, poet_public_key):
# Reconstitute the PoET public key and check the signature over the
# serialized wait certificate.
decoded_poet_public_key = \
signing.decode_pubkey(poet_public_key, 'hex')
if not \
signing.verify(
certificate.serialize(),
certificate.signature,
decoded_poet_public_key):
raise ValueError('Wait certificate signature does not match')