hive-nectar 0.2.9__py3-none-any.whl

nectarstorage/interfaces.py

@@ -0,0 +1,244 @@
+# Inspired by https://raw.githubusercontent.com/xeroc/python-graphenelib/master/graphenestorage/interfaces.py
+from collections.abc import MutableMapping
+from typing import Any, Iterator
+
+
+class StoreInterface(MutableMapping):
+    """The store interface is the most general store that we can have.
+
+    It behaves like a dictionary but allows returning None for missing keys and
+    keeps a `defaults` mapping that can supply fallback values.
+
+    .. note:: This class defines ``defaults`` that are used to return
+        reasonable defaults for the library.
+
+    .. warning:: If you are trying to obtain a value for a key that does
+        **not** exist in the store, the library will **NOT** raise but
+        return a ``None`` value. This represents the biggest difference to
+        a regular ``dict`` class.
+
+    Methods that need to be implemented:
+
+      * ``def setdefault(cls, key, value)``
+      * ``def __init__(self, *args, **kwargs)``
+      * ``def __setitem__(self, key, value)``
+      * ``def __getitem__(self, key)``
+      * ``def __iter__(self)``
+      * ``def __len__(self)``
+      * ``def __contains__(self, key)``
+
+
+    .. note:: Configuration and Key classes are subclasses of this to allow
+        storing keys separate from configuration.
+
+    """
+
+    defaults = {}
+
+    def setdefault(self, key, value=None):
+        """Allows to define default values on this store instance."""
+        if value is None and key in self.defaults:
+            return self.defaults[key]
+        if value is not None:
+            self.defaults[key] = value
+        return self._data.setdefault(key, value)
+
+    def __init__(self, *_args, **_kwargs):
+        self._data: dict[Any, Any] = {}
+
+    def __setitem__(self, key, value):
+        """Sets an item in the store"""
+        self._data[key] = value
+
+    def __getitem__(self, key):
+        """Gets an item from the store as if it was a dictionary
+
+        .. note:: Returns the value from the store or from defaults if
+            the key is found there. Raises ``KeyError`` if not found
+            in either.
+        """
+        if key in self._data:
+            return self._data[key]
+        if key in self.defaults:
+            return self.defaults[key]
+        raise KeyError(key)
+
+    def __iter__(self) -> Iterator[Any]:
+        """Iterates through the store"""
+        return iter(self._data)
+
+    def __len__(self) -> int:
+        """return length of store"""
+        return len(self._data)
+
+    def __contains__(self, key) -> bool:
+        """Tests if a key is contained in the store."""
+        return key in self._data
+
+    def __delitem__(self, key: Any) -> None:
+        if key not in self._data:
+            raise KeyError(key)
+        self._data.pop(key)
+
+    def items(self):
+        """Returns all items off the store as tuples"""
+        return self._data.items()
+
+    def get(self, key, default=None):
+        """Return the key if exists or a default value"""
+        return self._data.get(key, self.defaults.get(key, default))
+
+    # Specific for this library
+    def delete(self, key):
+        """Delete a key from the store"""
+        raise NotImplementedError
+
+    def wipe(self):
+        """Wipe the store"""
+        raise NotImplementedError
+
+
+class KeyInterface(StoreInterface):
+    """The KeyInterface defines the interface for key storage.
+
+    .. note:: This class inherits
+        :class:`nectarstorage.interfaces.StoreInterface` and defines
+        additional key-specific methods.
+    """
+
+    def is_encrypted(self):
+        """Returns True/False to indicate required use of unlock"""
+        return False
+
+    # Interface to deal with encrypted keys
+    def getPublicKeys(self):
+        """Returns the public keys stored in the database"""
+        raise NotImplementedError
+
+    def getPrivateKeyForPublicKey(self, pub):
+        """Returns the (possibly encrypted) private key that
+         corresponds to a public key
+
+        :param str pub: Public key
+
+        The encryption scheme is BIP38
+        """
+        raise NotImplementedError
+
+    def add(self, wif, pub=None):
+        """Add a new public/private key pair (correspondence has to be checked elsewhere!)
+
+        :param str pub: Public key
+        :param str wif: Private key
+        """
+        raise NotImplementedError
+
+    def delete(self, key):
+        """Delete a pubkey/privatekey pair from the store
+
+        :param str key: Public key
+        """
+        raise NotImplementedError
+
+
+class EncryptedKeyInterface(KeyInterface):
+    """The EncryptedKeyInterface extends KeyInterface to work with encrypted
+    keys
+    """
+
+    def is_encrypted(self):
+        """Returns True/False to indicate required use of unlock"""
+        return True
+
+    def unlock(self, password):
+        """Tries to unlock the wallet if required
+
+        :param str password: Plain password
+        """
+        raise NotImplementedError
+
+    def locked(self):
+        """is the wallet locked?"""
+        return False
+
+    def lock(self):
+        """Lock the wallet again"""
+        raise NotImplementedError
+
+
+class ConfigInterface(StoreInterface):
+    """The BaseKeyStore defines the interface for key storage
+
+    .. note:: This class inherits
+        :class:`nectarstorage.interfaces.StoreInterface` and defines
+        **no** additional configuration-specific methods.
+    """
+
+    pass
+
+
+class TokenInterface(StoreInterface):
+    """The TokenInterface defines the interface for token storage.
+
+    .. note:: This class inherits
+        :class:`nectarstorage.interfaces.StoreInterface` and defines
+        additional key-specific methods.
+    """
+
+    def is_encrypted(self):
+        """Returns True/False to indicate required use of unlock"""
+        return False
+
+    # Interface to deal with tokens
+    def getPublicNames(self):
+        """Returns the public token names stored in the database"""
+        raise NotImplementedError
+
+    def getPrivateKeyForPublicKey(self, pub):
+        """Returns the (possibly encrypted) token that corresponds to a name
+
+        :param str pub: Public key
+
+        The encryption scheme is BIP38
+        """
+        raise NotImplementedError
+
+    def add(self, token, name=None):
+        """Add a new token entry (correspondence has to be checked elsewhere!)
+
+        :param str name: Public identifier
+        :param str token: Token value
+        """
+        raise NotImplementedError
+
+    def delete(self, key):
+        """Delete a token entry from the store
+
+        :param str key: Public identifier
+        """
+        raise NotImplementedError
+
+
+class EncryptedTokenInterface(TokenInterface):
+    """The EncryptedKeyInterface extends KeyInterface to work with encrypted
+    tokens
+    """
+
+    def is_encrypted(self):
+        """Returns True/False to indicate required use of unlock"""
+        return True
+
+    def unlock(self, password):
+        """Tries to unlock the wallet if required
+
+        :param str password: Plain password
+        """
+        raise NotImplementedError
+
+    def locked(self):
+        """is the wallet locked?"""
+        return False
+
+    def lock(self):
+        """Lock the wallet again"""
+        raise NotImplementedError

nectarstorage/masterpassword.py

@@ -0,0 +1,237 @@
+# Inspired by https://raw.githubusercontent.com/xeroc/python-graphenelib/master/graphenestorage/masterpassword.py
+import hashlib
+import logging
+import os
+import warnings
+from binascii import hexlify
+
+from nectargraphenebase import bip38
+from nectargraphenebase.aes import AESCipher
+
+from .exceptions import WalletLocked, WrongMasterPasswordException
+
+log = logging.getLogger(__name__)
+
+
+class MasterPassword:
+    """The keys are encrypted with a Masterpassword that is stored in
+    the configurationStore. It has a checksum to verify correctness
+    of the password
+    The encrypted private keys in `keys` are encrypted with a random
+    **masterkey/masterpassword** that is stored in the configuration
+    encrypted by the user-provided password.
+
+    :param ConfigStore config: Configuration store to get access to the
+        encrypted master password
+    """
+
+    def __init__(self, config=None, **kwargs):
+        if config is None:
+            raise ValueError("If using encrypted store, a config store is required!")
+        self.config = config
+        self.password = None
+        self.decrypted_master = None
+        self.config_key = "encrypted_master_password"
+
+    @property
+    def masterkey(self):
+        """Contains the **decrypted** master key"""
+        return self.decrypted_master
+
+    def has_masterpassword(self):
+        """Tells us if the config store knows an encrypted masterpassword"""
+        return self.config_key in self.config
+
+    def locked(self):
+        """Is the store locked. E.g. Is a valid password known that can be
+        used to decrypt the master key?
+        """
+        return not self.unlocked()
+
+    def unlocked(self):
+        """Is the store unlocked so that I can decrypt the content?"""
+        if self.password is not None:
+            return bool(self.password)
+        else:
+            password_storage = self.config["password_storage"]
+            KEYRING_AVAILABLE = False
+            if password_storage == "keyring":
+                try:
+                    import keyring  # type: ignore[import-not-found]
+
+                    if not isinstance(keyring.get_keyring(), keyring.backends.fail.Keyring):
+                        KEYRING_AVAILABLE = True
+                    else:
+                        KEYRING_AVAILABLE = False
+                except ImportError:
+                    KEYRING_AVAILABLE = False
+            if (
+                "UNLOCK" in os.environ
+                and os.environ["UNLOCK"]
+                and self.config_key in self.config
+                and self.config[self.config_key]
+                and password_storage == "environment"
+            ):
+                log.debug("Trying to use environmental variable to unlock wallet")
+                self.unlock(os.environ.get("UNLOCK"))
+                return bool(self.password)
+            elif (
+                password_storage == "keyring"
+                and KEYRING_AVAILABLE
+                and self.config_key in self.config
+                and self.config[self.config_key]
+            ):
+                log.debug("Trying to use keyring to unlock wallet")
+                pwd = keyring.get_password("nectar", "wallet")
+                self.unlock(pwd)
+                return bool(self.password)
+        return False
+
+    def lock(self):
+        """Lock the store so that we can no longer decrypt the content of the
+        store
+        """
+        self.password = None
+        self.decrypted_master = None
+
+    def unlock(self, password):
+        """The password is used to encrypt this masterpassword. To
+        decrypt the keys stored in the keys database, one must use
+        BIP38, decrypt the masterpassword from the configuration
+        store with the user password, and use the decrypted
+        masterpassword to decrypt the BIP38 encrypted private keys
+        from the keys storage!
+
+        :param str password: Password to use for en-/de-cryption
+        """
+        self.password = password
+        if self.config_key in self.config and self.config[self.config_key]:
+            self._decrypt_masterpassword()
+        else:
+            self._new_masterpassword(password)
+            self._save_encrypted_masterpassword()
+
+    def wipe_masterpassword(self):
+        """Removes the encrypted masterpassword from config storage"""
+        if self.config_key in self.config and self.config[self.config_key]:
+            self.config[self.config_key] = None
+
+    def _decrypt_masterpassword(self):
+        """Decrypt the encrypted masterkey"""
+        aes = AESCipher(self.password)
+        checksum, encrypted_master = self.config[self.config_key].split("$")
+        try:
+            decrypted_master = aes.decrypt(encrypted_master)
+        except Exception:
+            self._raise_wrongmasterpassexception()
+        if checksum != self._derive_checksum(decrypted_master):
+            self._raise_wrongmasterpassexception()
+        self.decrypted_master = decrypted_master
+
+    def _raise_wrongmasterpassexception(self):
+        self.password = None
+        raise WrongMasterPasswordException
+
+    def _save_encrypted_masterpassword(self):
+        self.config[self.config_key] = self._get_encrypted_masterpassword()
+
+    def _new_masterpassword(self, password):
+        """Generate a new random masterkey, encrypt it with the password and
+        store it in the store.
+
+        :param str password: Password to use for en-/de-cryption
+        """
+        # make sure to not overwrite an existing key
+        if self.config_key in self.config and self.config[self.config_key]:
+            raise Exception("Storage already has a masterpassword!")
+
+        self.decrypted_master = hexlify(os.urandom(32)).decode("ascii")
+
+        # Encrypt and save master
+        self.password = password
+        self._save_encrypted_masterpassword()
+        return self.masterkey
+
+    def _derive_checksum(self, s):
+        """Derive the checksum
+
+        :param str s: Random string for which to derive the checksum
+        """
+        checksum = hashlib.sha256(bytes(s, "ascii")).hexdigest()
+        return checksum[:4]
+
+    def _get_encrypted_masterpassword(self):
+        """Obtain the encrypted masterkey
+
+        .. note:: The encrypted masterkey is checksummed, so that we can
+            figure out that a provided password is correct or not. The
+            checksum is only 4 bytes long!
+        """
+        if not self.unlocked():
+            raise WalletLocked
+        aes = AESCipher(self.password)
+        return "{}${}".format(self._derive_checksum(self.masterkey), aes.encrypt(self.masterkey))
+
+    def change_password(self, newpassword):
+        """Change the password that allows to decrypt the master key"""
+        if not self.unlocked():
+            raise WalletLocked
+        self.password = newpassword
+        self._save_encrypted_masterpassword()
+
+    def decrypt(self, wif):
+        """Decrypt the content according to BIP38
+
+        :param str wif: Encrypted key
+        """
+        if not self.unlocked():
+            raise WalletLocked
+        return format(bip38.decrypt(wif, self.masterkey), "wif")
+
+    def deriveChecksum(self, s):
+        """Derive the checksum"""
+        checksum = hashlib.sha256(bytes(s, "ascii")).hexdigest()
+        return checksum[:4]
+
+    def encrypt_text(self, txt):
+        """Encrypt the content according to BIP38
+
+        :param str wif: Unencrypted key
+        """
+        if not self.unlocked():
+            raise WalletLocked
+        aes = AESCipher(self.masterkey)
+        return "{}${}".format(self.deriveChecksum(txt), aes.encrypt(txt))
+
+    def decrypt_text(self, enctxt):
+        """Decrypt the content according to BIP38
+
+        :param str wif: Encrypted key
+        """
+        if not self.unlocked():
+            raise WalletLocked
+        aes = AESCipher(self.masterkey)
+        checksum, encrypted_text = enctxt.split("$")
+        try:
+            decrypted_text = aes.decrypt(encrypted_text)
+        except Exception:
+            raise WrongMasterPasswordException
+        if checksum != self.deriveChecksum(decrypted_text):
+            raise WrongMasterPasswordException
+        return decrypted_text
+
+    def encrypt(self, wif):
+        """Encrypt the content according to BIP38
+
+        :param str wif: Unencrypted key
+        """
+        if not self.unlocked():
+            raise WalletLocked
+        return format(bip38.encrypt(str(wif), self.masterkey), "encwif")
+
+    def changePassword(self, newpassword):  # pragma: no cover
+        warnings.warn(
+            "changePassword will be replaced by change_password in the future",
+            PendingDeprecationWarning,
+        )
+        return self.change_password(newpassword)

nectarstorage/ram.py

@@ -0,0 +1,27 @@
+# Inspired by https://raw.githubusercontent.com/xeroc/python-graphenelib/master/graphenestorage/ram.py
+from .interfaces import StoreInterface
+
+
+class InRamStore(StoreInterface):
+    """The InRamStore inherits
+    :class:`nectarstorage.interfaces.StoreInterface` and extends it by two
+    further calls for wipe and delete.
+
+    The store is syntactically equivalent to a regular dictionary.
+
+    .. warning:: If you are trying to obtain a value for a key that does
+        **not** exist in the store, the library will **NOT** raise but
+        return a ``None`` value. This represents the biggest difference to
+        a regular ``dict`` class.
+    """
+
+    # Specific for this library
+    def delete(self, key):
+        """Delete a key from the store"""
+        self._data.pop(key, None)
+
+    def wipe(self):
+        """Wipe the store"""
+        keys = list(self.keys()).copy()
+        for key in keys:
+            self.delete(key)