def create_ticket(): logger.log_access(request) message = messaging.get_request_data(request) encrypted_data = cryptography.strip_clear_signed_message(message) decrypted_data = cryptography.two_layer_sym_asym_decrypt( encrypted_data, data.private_key) client_identity, transactor_id, timestamp, symmetric_key = decrypted_data.split( SEP) if data.identifier != transactor_id: warn_message = 'transactor id does not match.' logger.log_warn(warn_message) return warn_message, 403 client_access_symmetric_key = cryptography.generate_symmetric_key() client_address = request.remote_addr.encode('utf-8') ticket_start_timestamp, ticket_end_timestamp = generator.get_ticket_life_span( ) ticket_unencrypted = SEP.join([ client_access_symmetric_key, client_identity, client_address, ticket_start_timestamp, ticket_end_timestamp ]) ticket = cryptography.encrypt_asym(ticket_unencrypted, data.public_key) response = cryptography.encrypt_sym( SEP.join([ticket, client_access_symmetric_key]), symmetric_key) logger.log_info( 'generated access ticket and key for client id `{}`'.format( client_identity)) return response, 200
def register_merchant(): logger.log_access(request) message_enc = messaging.get_request_data(request) message = cryptography.two_layer_sym_asym_decrypt(message_enc, data.private_key) merchant_identifier, merchant_public_key, transactor_identifier = message.split( SEP) warn_message = None if transactor_identifier != data.identifier: warn_message = 'invalid transactor identifier.' elif merchant_identifier in data.public_keychain: warn_message = 'merchant exists. aborting.' if warn_message is not None: logger.log_warn(warn_message) return warn_message, 403 data.public_keychain[merchant_identifier] = merchant_public_key account_number = generator.generate_random_account_number() nonce = generator.generate_nonce() account_receipt = SEP.join([account_number, nonce]) account_receipt_enc = cryptography.two_layer_sym_asym_encrypt( account_receipt, merchant_public_key) data.credit_accounts[merchant_identifier] = (( account_number, nonce), config.INITIAL_MERCHANT_CREDIT) return account_receipt_enc, 200
def create_psudonym(): logger.log_access(request) message = messaging.get_request_data(request) two_layer_enc_message, encrypted_key, nonce, timestamp, signature = message.split( SEP) plain_message = cryptography.two_layer_sym_asym_decrypt( SEP.join([two_layer_enc_message, encrypted_key]), data.private_key) true_identity, merchant_identifier, timestamp, offered_symmetric_key, type_ = plain_message.split( SEP) warn_message = None if true_identity not in data.public_keychain: warn_message = 'client unknown' elif merchant_identifier not in data.public_keychain: warn_message = 'merchant unknown' elif not cryptography.verify_clear_signature( message, data.public_keychain[true_identity]): warn_message = 'clear signature not verified.' elif type_ not in [ PsudonymTypes.PER_MERCHANT.value, PsudonymTypes.PER_SESSION.value ]: warn_message = 'invalid psudonym type.' elif type_ == PsudonymTypes.PER_SESSION: warn_message = 'psudonym type not implemented.' if warn_message is not None: logger.log_warn(warn_message) return warn_message, 403 psudonym_symmetric_key = cryptography.generate_symmetric_key() psudonym = generator.generate_random_identity() timestamp = generator.get_timestamp() psudonym_ticket = SEP.join( [psudonym, merchant_identifier, timestamp, psudonym_symmetric_key]) psudonym_ticket_two_layer_enc = \ cryptography.two_layer_sym_asym_encrypt(psudonym_ticket, data.public_keychain[merchant_identifier]) psudonym_ticket_two_layer_enc_clear_signed = cryptography.clear_sign( psudonym_ticket_two_layer_enc, data.private_key) psudonym_receipt = SEP.join( [true_identity, merchant_identifier, psudonym, timestamp]) psudonym_receipt_clear_signed = cryptography.clear_sign( psudonym_receipt, data.private_key) final_message_to_encrypt = SEP.join([ psudonym_symmetric_key, psudonym_ticket_two_layer_enc_clear_signed, psudonym_receipt_clear_signed ]) final_encrypted_message = cryptography.encrypt_sym( final_message_to_encrypt, offered_symmetric_key) return final_encrypted_message, 200
def register_on_transactor(): transactor_id, transactor_public_key = data.get_transactor_contact() message = SEP.join([data.identifier, data.public_key, transactor_id]) message_encrypted = cryptography.two_layer_sym_asym_encrypt( message, transactor_public_key) response = messaging.transmit_message_and_get_response( config.ADDRESS_BOOK[config.TRANSACTOR_ID], static.REGISTER_MERCHANT, message_encrypted) response_plain = cryptography.two_layer_sym_asym_decrypt( response, data.private_key) account_number, nonce = response_plain.split(SEP) data.account = (account_number, nonce)
def register_group(): logger.log_access(request) message_enc = messaging.get_request_data(request) message = cryptography.two_layer_sym_asym_decrypt(message_enc, data.private_key) group_identifier, group_public_key, transactor_identifier = message.split( SEP) warn_message = None if transactor_identifier != data.identifier: warn_message = 'invalid transactor identifier.' elif group_identifier in data.public_keychain: warn_message = 'group exists. aborting.' if warn_message is not None: logger.log_warn(warn_message) return warn_message, 403 data.public_keychain[group_identifier] = group_public_key return 'success', 200