eventsourcing 9.3.5__py3-none-any.whl → 9.4.0__py3-none-any.whl

eventsourcing/cipher.py

@@ -5,18 +5,20 @@ from base64 import b64decode, b64encode
 from typing import TYPE_CHECKING
 
 from Crypto.Cipher import AES
-from Crypto.Cipher._mode_gcm import GcmMode
+from Crypto.Cipher._mode_gcm import (
+    GcmMode,  # pyright: ignore [reportPrivateImportUsage]
+)
 from Crypto.Cipher.AES import key_size
 
 from eventsourcing.persistence import Cipher
 
-if TYPE_CHECKING:  # pragma: nocover
+if TYPE_CHECKING:
     from eventsourcing.utils import Environment
 
 
 class AESCipher(Cipher):
-    """
-    Cipher strategy that uses AES cipher in GCM mode.
+    """Cipher strategy that uses AES cipher (in GCM mode)
+    from the Python pycryptodome package.
     """
 
     CIPHER_KEY = "CIPHER_KEY"
@@ -24,8 +26,7 @@ class AESCipher(Cipher):
 
     @staticmethod
     def create_key(num_bytes: int) -> str:
-        """
-        Creates AES cipher key, with length num_bytes.
+        """Creates AES cipher key, with length num_bytes.
 
         :param num_bytes: An int value, either 16, 24, or 32.
 
@@ -44,8 +45,7 @@ class AESCipher(Cipher):
         return os.urandom(num_bytes)
 
     def __init__(self, environment: Environment):
-        """
-        Initialises AES cipher with ``cipher_key``.
+        """Initialises AES cipher with ``cipher_key``.
 
         :param str cipher_key: 16, 24, or 32 bytes encoded as base64
         """
@@ -59,7 +59,6 @@ class AESCipher(Cipher):
 
     def encrypt(self, plaintext: bytes) -> bytes:
         """Return ciphertext for given plaintext."""
-
         # Construct AES-GCM cipher, with 96-bit nonce.
         nonce = AESCipher.random_bytes(12)
         cipher = self.construct_cipher(nonce)
@@ -71,6 +70,7 @@ class AESCipher(Cipher):
 
         # Return ciphertext.
         return nonce + tag + encrypted
+        # return nonce + tag + encrypted
 
     def construct_cipher(self, nonce: bytes) -> GcmMode:
         cipher = AES.new(
@@ -83,7 +83,6 @@ class AESCipher(Cipher):
 
     def decrypt(self, ciphertext: bytes) -> bytes:
         """Return plaintext for given ciphertext."""
-
         # Split out the nonce, tag, and encrypted data.
         nonce = ciphertext[:12]
         if len(nonce) != 12:

eventsourcing/compressor.py

@@ -7,13 +7,9 @@ from eventsourcing.persistence import Compressor
 
 class ZlibCompressor(Compressor):
     def compress(self, data: bytes) -> bytes:
-        """
-        Compress bytes using zlib.
-        """
+        """Compress bytes using zlib."""
         return zlib.compress(data)
 
     def decompress(self, data: bytes) -> bytes:
-        """
-        Decompress bytes using zlib.
-        """
+        """Decompress bytes using zlib."""
         return zlib.decompress(data)

eventsourcing/cryptography.py

@@ -0,0 +1,91 @@
+from __future__ import annotations
+
+import os
+from base64 import b64decode, b64encode
+from typing import TYPE_CHECKING
+
+from cryptography.exceptions import InvalidTag
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+from eventsourcing.persistence import Cipher
+
+if TYPE_CHECKING:
+    from eventsourcing.utils import Environment
+
+
+class AESCipher(Cipher):
+    """Cipher strategy that uses AES cipher (in GCM mode)
+    from the Python cryptography package.
+    """
+
+    CIPHER_KEY = "CIPHER_KEY"
+    KEY_SIZES = (16, 24, 32)
+
+    @staticmethod
+    def create_key(num_bytes: int) -> str:
+        """Creates AES cipher key, with length num_bytes.
+
+        :param num_bytes: An int value, either 16, 24, or 32.
+
+        """
+        AESCipher.check_key_size(num_bytes)
+        key = AESGCM.generate_key(num_bytes * 8)
+        return b64encode(key).decode("utf8")
+
+    @staticmethod
+    def check_key_size(num_bytes: int) -> None:
+        if num_bytes not in AESCipher.KEY_SIZES:
+            msg = f"Invalid key size: {num_bytes} not in {AESCipher.KEY_SIZES}"
+            raise ValueError(msg)
+
+    @staticmethod
+    def random_bytes(num_bytes: int) -> bytes:
+        return os.urandom(num_bytes)
+
+    def __init__(self, environment: Environment):
+        """Initialises AES cipher with ``cipher_key``.
+
+        :param str cipher_key: 16, 24, or 32 bytes encoded as base64
+        """
+        cipher_key = environment.get(self.CIPHER_KEY)
+        if not cipher_key:
+            msg = f"'{self.CIPHER_KEY}' not in env"
+            raise OSError(msg)
+        key = b64decode(cipher_key.encode("utf8"))
+        AESCipher.check_key_size(len(key))
+        self.key = key
+
+    def encrypt(self, plaintext: bytes) -> bytes:
+        """Return ciphertext for given plaintext."""
+        # Construct AES-GCM cipher, with 96-bit nonce.
+        aesgcm = AESGCM(self.key)
+        nonce = AESCipher.random_bytes(12)
+        res = aesgcm.encrypt(nonce, plaintext, None)
+        # Put tag at the front for compatibility with eventsourcing.crypto.AESCipher.
+        tag = res[-16:]
+        encrypted = res[:-16]
+        return nonce + tag + encrypted
+
+    def decrypt(self, ciphertext: bytes) -> bytes:
+        """Return plaintext for given ciphertext."""
+        # Split out the nonce, tag, and encrypted data.
+        nonce = ciphertext[:12]
+        if len(nonce) != 12:
+            msg = "Damaged cipher text: invalid nonce length"
+            raise ValueError(msg)
+
+        # Expect tag at the front.
+        tag = ciphertext[12:28]
+        if len(tag) != 16:
+            msg = "Damaged cipher text: invalid tag length"
+            raise ValueError(msg)
+        encrypted = ciphertext[28:]
+
+        aesgcm = AESGCM(self.key)
+        try:
+            plaintext = aesgcm.decrypt(nonce, encrypted + tag, None)
+        except InvalidTag as e:
+            msg = "Invalid cipher tag"
+            raise ValueError(msg) from e
+        # Decrypt and verify.
+        return plaintext

eventsourcing/dispatch.py

@@ -1,14 +1,50 @@
 from __future__ import annotations
 
-from functools import singledispatchmethod as _singledispatchmethod
+import functools
+from typing import TYPE_CHECKING, Any, Callable, Generic, TypeVar, cast, overload
 
+_T = TypeVar("_T")
+_S = TypeVar("_S")
 
-class singledispatchmethod(_singledispatchmethod):  # noqa: N801
-    def __init__(self, func):
+if TYPE_CHECKING:
+
+    class _singledispatchmethod(functools.singledispatchmethod[_T]):  # noqa: N801
+        pass
+
+else:
+
+    class _singledispatchmethod(  # noqa: N801
+        functools.singledispatchmethod, Generic[_T]
+    ):
+        pass
+
+
+class singledispatchmethod(_singledispatchmethod[_T]):  # noqa: N801
+    def __init__(self, func: Callable[..., _T]) -> None:
         super().__init__(func)
-        self.deferred_registrations = []
+        self.deferred_registrations: list[
+            tuple[type[Any] | Callable[..., _T], Callable[..., _T] | None]
+        ] = []
+
+    @overload
+    def register(
+        self, cls: type[Any], method: None = None
+    ) -> Callable[[Callable[..., _T]], Callable[..., _T]]: ...  # pragma: no cover
+    @overload
+    def register(
+        self, cls: Callable[..., _T], method: None = None
+    ) -> Callable[..., _T]: ...  # pragma: no cover
+
+    @overload
+    def register(
+        self, cls: type[Any], method: Callable[..., _T]
+    ) -> Callable[..., _T]: ...  # pragma: no cover
 
-    def register(self, cls, method=None):
+    def register(
+        self,
+        cls: type[Any] | Callable[..., _T],
+        method: Callable[..., _T] | None = None,
+    ) -> Callable[[Callable[..., _T]], Callable[..., _T]] | Callable[..., _T]:
         """generic_method.register(cls, func) -> func
 
         Registers a new implementation for the given *cls* on a *generic_method*.
@@ -22,17 +58,22 @@ class singledispatchmethod(_singledispatchmethod):  # noqa: N801
 
             # for globals in typing.get_type_hints() in Python 3.8 and 3.9
             if not hasattr(cls, "__wrapped__"):
-                cls.__wrapped__ = cls.__func__
+                cls.__dict__["__wrapped__"] = cls.__func__
+                # cls.__wrapped__ = cls.__func__
 
         try:
-            return self.dispatcher.register(cls, func=method)
+            return self.dispatcher.register(cast("type[Any]", cls), func=method)
         except NameError:
-            self.deferred_registrations.append([cls, method])
+            self.deferred_registrations.append(
+                (cls, method)  # pyright: ignore [reportArgumentType]
+            )
             # TODO: Fix this....
-            return method or cls
+            return method or cls  # pyright: ignore [reportReturnType]
 
-    def __get__(self, obj, cls=None):
+    def __get__(self, obj: _S, cls: type[_S] | None = None) -> Callable[..., _T]:
         for registered_cls, registered_method in self.deferred_registrations:
-            self.dispatcher.register(registered_cls, func=registered_method)
+            self.dispatcher.register(
+                cast("type[Any]", registered_cls), func=registered_method
+            )
         self.deferred_registrations = []
         return super().__get__(obj, cls=cls)