This should be code

<pre>

while we are the "mainsite" and only decrypt.

The partner sends us an URL of the form example

'<path>?CallerID?=<hisId>&profile=<encryptedProfile>

In the code below "self" represents the partner object (identified via "CallerID?").

from M2Crypto.EVP import Cipher from base64 import decodestring from cgi import parse_qsl

def checkEncrypted(self,profile):

'''check whether profile is a valid encypted profile.

returns 'None', if there is no encryption for this partner; otherwise, a dictionary containing the decoded profile is returned. If the dictionary contains 'Error', it is the first error detected during verification.

profile and the key are expected to be base64 encoded. ''' p= self._findPolicySpecs(PolicyType?_Encrypted) # database lookup cursor= self._cursor profile= decodestring(profile) ec= PolicyEncrypted?(cursor,p[0]?[0]?) # database lookup # decode dc= Cipher(ec.Name,decodestring(ec.KeyValue?),profile[:8]?,0) dv= dc.update(profile[8:]?) + dc.final() # make dict r= {} for key,val in parse_qsl(dv): r[key]?= val

# check CallerID? if r.get('CallerID?') != self.CallerID?:

r['ErrorCode']?= '401' return r

# check timestamp ts= r.get('TimeStamp?',0) try: fts= float(ts) except ValueError?: fts= 0 ttl= ec.TimeToLive?; mts= time(); diff= abs(mts-fts) if diff > ttl:

r['ErrorCode']?= '403' return r

# successful return r

Dieter'

</pre>