commit 9ffbc9070f4366d046e60291c55bee1f2bd87b91
parent fd4ff93d2157f00820427b4a519fe4df49653458
Author: lash <dev@holbrook.no>
Date: Sat, 6 Dec 2025 13:24:33 +0000
Integrate ACL in unwrapper
Diffstat:
3 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/dummy/svcontas/crypto.py b/dummy/svcontas/crypto.py
@@ -1,6 +1,11 @@
+import logging
+
import nacl.signing
AXX_ALL = 0xffffffff
+AXX_ANY = 0x01
+
+logg = logging.getLogger('crypto')
class DemoWallet:
@@ -44,21 +49,35 @@ class ACL:
def __init__(self):
self.axx = {}
+ self.rev = {}
def add(self, who, what=None, label=None):
+ if isinstance(who, bytes):
+ who = who.hex()
if label == None:
label = who
if what == None:
what = AXX_ALL
+ logg.info('add acl line "{}" ({}): {}'.format(label, who, what))
self.axx[label] = (who, what,)
+ self.rev[who] = label
+
+
+ def have(self, who):
+ if isinstance(who, bytes):
+ who = who.hex()
+ return self.rev[who]
def may(self, who, what):
label = who
if isinstance(label, bytes):
label = who.hex()
- return (self.axx[label][1] & what) == what
+ try:
+ return (self.axx[label][1] & what) == what
+ except KeyError:
+ return 0
def pubkeys(self, binary=True):
diff --git a/dummy/svcontas/entry.py b/dummy/svcontas/entry.py
@@ -9,6 +9,7 @@ import rencode
from .constant import DEFAULTPARENT, NSPREFIX
from .crypto import DemoWallet
+from .error import ACLError
from .xml import nsmap
logg = logging.getLogger('svcontas.entry')
@@ -186,6 +187,14 @@ class Entry:
def unwrap(data, acl=None):
v = rencode.loads(data)
pubkey_bytes = v[0][1]
+ if acl != None:
+ label = None
+ try:
+ label = acl.have(pubkey_bytes)
+ except KeyError:
+ raise ACLError()
+ if not acl.may(label, 0x01):
+ raise ACLError()
wallet = DemoWallet(publickey=pubkey_bytes)
sig = v[1]
entry = Entry.deserialize(v[2])
diff --git a/dummy/tests/entry.py b/dummy/tests/entry.py
@@ -4,7 +4,8 @@ import unittest
import os
import copy
-from svcontas import EntryPart, Entry, DemoWallet
+from svcontas import EntryPart, Entry, DemoWallet, ACL
+from svcontas.error import ACLError
logging.basicConfig(level=logging.DEBUG)
logg = logging.getLogger()
@@ -48,8 +49,25 @@ class TestEntry(unittest.TestCase):
o = Entry(src, dst, 'USD', 42, datetime.datetime.strptime('2025-11-11', '%Y-%m-%d'), parent=self.parent, ref=self.ref, description=self.description, tx_datereg=self.dtreg)
wallet = DemoWallet()
data = o.wrap(wallet)
- r = Entry.unwrap(data, wallet)
-
+ r = Entry.unwrap(data)
+
+
+ def test_entry_acl_verify(self):
+ dst = EntryPart('asset', 'foo', 1337)
+ src = EntryPart('income', 'foo', 1337, src=True)
+ o = Entry(src, dst, 'USD', 42, datetime.datetime.strptime('2025-11-11', '%Y-%m-%d'), parent=self.parent, ref=self.ref, description=self.description, tx_datereg=self.dtreg)
+ wallet = DemoWallet()
+ data = o.wrap(wallet)
+ pubk_wrong = bytes.fromhex('72f25d90ef4cfecda8fa2c47561af5af0a10a92bfd15986b1f916358bf6ac8a37858a14d27329506a3766bad0f34d2e04caf397c1607b4380eb33c97d37dfc37')
+ acl = ACL()
+ with self.assertRaises(ACLError):
+ Entry.unwrap(data, acl=acl)
+ acl.add(pubk_wrong, label='wrong')
+ with self.assertRaises(ACLError):
+ Entry.unwrap(data, acl=acl)
+ acl.add(wallet.pubkey(), label='right')
+ Entry.unwrap(data, acl=acl)
+
if __name__ == '__main__':
unittest.main()
