Merge branch 'master' into request-signing-test

* master: Fixing up docstring (#61) Delete Secret functionality in Client and Identity (#61) update check_arguments to use decorator library (#62) Reverting previous doc change (#53) Fixing up doc return type in ApiClient (#53) Adding new classes to sphinx documentation (#55) Changing return type for ApiClient.get_secret_content to str (#55) Changing param type in docs from bytes to str (#53) Adding in tests for client share secret (#55) Fixing up PEP8 indentation for identity fixture in test (#53, #55) Adding method documentation for Secret class methods (#53, #55) Adding get secret content and share secret (#53, #55)
Covata · Feb 28, 2017 · 67bcd7b · 67bcd7b
2 parents 946f00b + 7ad0e7c
commit 67bcd7b
Show file tree

Hide file tree

Showing 15 changed files with 397 additions and 79 deletions.
diff --git a/docs/crypto.rst b/docs/crypto.rst
@@ -13,10 +13,10 @@
    limitations under the License.
 
 
-Client-Side Cryptography
-========================
+Cryptography
+============
 
-The Delta Crypto package provides functionality for client side cryptography.
+The Delta Crypto package provides functionality for client-side cryptography.
 
 .. automodule:: covata.delta.crypto
     :members:
diff --git a/docs/encryption_details.rst b/docs/encryption_details.rst
@@ -0,0 +1,21 @@
+.. Copyright 2017 Covata Limited or its affiliates
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Encryption Details
+==================
+
+.. currentmodule:: covata.delta
+
+.. autoclass:: EncryptionDetails
+   :members:
diff --git a/docs/index.rst b/docs/index.rst
@@ -34,6 +34,8 @@ across networks, and organisations.
     quick_start
     client
     identity
+    secret
+    encryption_details
     api
     crypto
     keystore

diff --git a/docs/keystore.rst b/docs/keystore.rst
@@ -13,8 +13,8 @@
    limitations under the License.
 
 
-KeyStore
-========
+Key Store
+=========
 
 The ``DeltaKeyStore`` provides the interface for a key-storage
 backend of choice.

diff --git a/docs/secret.rst b/docs/secret.rst
@@ -0,0 +1,21 @@
+.. Copyright 2017 Covata Limited or its affiliates
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+Secret
+======
+
+.. currentmodule:: covata.delta
+
+.. autoclass:: Secret
+   :members:
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
 cryptography >= 1.7.2           # Apache Software License
 requests >= 2.13.0              # Apache Software License
+decorator >= 4.0.11             # New BSD License
diff --git a/src/main/python/covata/delta/__init__.py b/src/main/python/covata/delta/__init__.py
@@ -14,9 +14,9 @@
 
 from __future__ import absolute_import
 
-from .client import Client, Identity
+from .client import Client, Identity, Secret, EncryptionDetails
 from .apiclient import ApiClient
 from .keystore import DeltaKeyStore, FileSystemKeyStore
 
-__all__ = ["Client", "Identity", "ApiClient", "FileSystemKeyStore",
-           "DeltaKeyStore"]
+__all__ = ["Client", "Identity", "Secret", "EncryptionDetails", "ApiClient",
+           "FileSystemKeyStore", "DeltaKeyStore"]
diff --git a/src/main/python/covata/delta/apiclient.py b/src/main/python/covata/delta/apiclient.py
@@ -13,7 +13,6 @@
 #   limitations under the License.
 
 from __future__ import absolute_import
-from base64 import b64encode, b64decode
 
 import requests
 
@@ -60,7 +59,6 @@ def register_identity(self, public_encryption_key, public_signing_key,
         :return: the id of the newly created identity
         :rtype: str
         """
-
         body = dict(
             signingPublicKey=public_signing_key,
             cryptoPublicKey=public_encryption_key,
@@ -138,25 +136,24 @@ def create_secret(self, requestor_id, content, encryption_details):
         Creates a new secret in Delta. The key used for encryption should
         be encrypted with the key of the authenticating identity.
 
+        It is the responsibility of the caller to ensure that the contents
+        and key material in the encryption details are properly represented
+        in a suitable string encoding (such as base64).
+
         :param str requestor_id: the authenticating identity id
-        :param bytes content: the contents of the secret
+        :param str content: the contents of the secret
         :param encryption_details: the encryption details
-        :type encryption_details: dict[str, bytes]
+        :type encryption_details: dict[str, str]
         :return: the created base secret
         :rtype: dict[str, str]
         """
-        content_b64 = b64encode(content).decode('utf-8')
-        encryption_details_b64 = dict(
-            (k, b64encode(v).decode('utf-8'))
-            for k, v in encryption_details.items())
-
         response = requests.post(
             url="{base_url}{resource}".format(
                 base_url=self.DELTA_URL,
                 resource=self.RESOURCE_SECRETS),
             json=dict(
-                content=content_b64,
-                encryptionDetails=encryption_details_b64
+                content=content,
+                encryptionDetails=encryption_details
             ),
             auth=self.signer(requestor_id))
 
@@ -173,27 +170,26 @@ def share_secret(self, requestor_id, content, encryption_details,
         be provided. This call will result in a new derived secret being created
         and returned as a response.
 
+        It is the responsibility of the caller to ensure that the contents
+        and key material in the encryption details are properly represented
+        in a suitable string encoding (such as base64).
+
         :param str requestor_id: the authenticating identity id
-        :param bytes content: the contents of the secret
+        :param str content: the contents of the secret
         :param encryption_details: the encryption details
-        :type encryption_details: dict[str, bytes]
+        :type encryption_details: dict[str, str]
         :param str base_secret_id: the id of the base secret
         :param str rsa_key_owner_id: the id of the rsa key owner
         :return: the created derived secret
         :rtype: dict[str, str]
         """
-        content_b64 = b64encode(content).decode('utf-8')
-        encryption_details_b64 = dict(
-            (k, b64encode(v).decode('utf-8'))
-            for k, v in encryption_details.items())
-
         response = requests.post(
             url="{base_url}{resource}".format(
                 base_url=self.DELTA_URL,
                 resource=self.RESOURCE_SECRETS),
             json=dict(
-                content=content_b64,
-                encryptionDetails=encryption_details_b64,
+                content=content,
+                encryptionDetails=encryption_details,
                 baseSecret=base_secret_id,
                 rsaKeyOwner=rsa_key_owner_id
             ),
@@ -270,7 +266,7 @@ def get_secret_content(self, requestor_id, secret_id):
         :param str requestor_id: the authenticating identity id
         :param str secret_id: the secret id to be retrieved
         :return: the retrieved secret
-        :rtype: bytes
+        :rtype: str
         """
         response = requests.get(
             url="{base_url}{resource}/{secret_id}/content".format(
@@ -280,7 +276,7 @@ def get_secret_content(self, requestor_id, secret_id):
             auth=self.signer(requestor_id))
 
         response.raise_for_status()
-        return b64decode(response.json())
+        return response.text
 
     @utils.check_id("requestor_id, secret_id")
     def update_secret_metadata(self,
@@ -292,6 +288,7 @@ def update_secret_metadata(self,
         Updates the metadata of the given secret given the version number.
         The version of a secret's metadata can be obtained by calling
         :func:`~.ApiClient.get_secret`.
+
         A newly created base secret has a metadata version of 1.
 
         :param str requestor_id: the authenticating identity id
@@ -323,6 +320,7 @@ def update_identity_metadata(self,
         Updates the metadata of the given identity given the version number.
         The version of an identity's metadata can be obtained by calling
         :func:`~.ApiClient.get_identity`.
+
         An identity has an initial metadata version of 1.
 
         :param str requestor_id: the authenticating identity id