def create(self, passphrase, reinitialize=False, debug=False):
if reinitialize and os.path.exists(self.secret_file):
try:
os.remove(self.secret_file)
except IOError:
if debug:
traceback.print_exc()
return SecretStatus.ERR_CREATE
secret_folder = os.path.dirname(self.secret_file)
if not os.path.exists(secret_folder):
try:
os.makedirs(secret_folder)
except IOError:
if debug:
traceback.print_exc()
return SecretStatus.ERR_CREATE
if os.path.exists(self.secret_file):
return SecretStatus.FILE_EXISTS
cmd = self.config.get('openssl_cmd.secret_random').replace('$BYTES', str(self.config.get('secret_bytes')))
status, stdout = OpenSSLCmd.execute(cmd, fetch_stdout_bytes=True)
if status != OpenSSLCmdStatus.OK:
return SecretStatus.OPENSSL_ERROR
secret = stdout.decode().replace('\n', '').encode()
cmd = self.config.get('openssl_cmd.secret_encode').replace('$OUT', self.secret_file).replace('$PW', passphrase)
status, _ = OpenSSLCmd.execute(cmd, stdin_bytes=secret)
if status != OpenSSLCmdStatus.OK:
return SecretStatus.OPENSSL_ERROR
return SecretStatus.OK
def save(self, secret):
if self.data is not None:
cmd = self.config.get("openssl_cmd.vault_encode").replace("$OUT", self.vault_file).replace("$PW", secret)
status, _ = OpenSSLCmd.execute(cmd, stdin_bytes=json.dumps(self.data).encode())
if status != OpenSSLCmdStatus.OK:
return VaultStatus.OPENSSL_ERROR
return VaultStatus.OK
else:
return VaultStatus.VAULT_CLOSED
def unlock(self, passphrase):
if not os.path.exists(self.secret_file):
return SecretStatus.NOT_FOUND
cmd = self.config.get('openssl_cmd.secret_decode').replace('$IN', self.secret_file).replace('$PW', passphrase)
status, secret = OpenSSLCmd.execute(cmd, fetch_stdout_bytes=True)
if status != OpenSSLCmdStatus.OK:
return SecretStatus.OPENSSL_ERROR
self.secret = secret.decode()
return SecretStatus.OK
def open(self, secret, debug=False):
if not os.path.exists(self.vault_file):
return VaultStatus.NOT_FOUND
cmd = self.config.get("openssl_cmd.vault_decode").replace("$IN", self.vault_file).replace("$PW", secret)
status, data = OpenSSLCmd.execute(cmd, fetch_stdout_bytes=True)
if status != OpenSSLCmdStatus.OK:
return VaultStatus.OPENSSL_ERROR
try:
self.data = json.loads(data.decode())
except json.JSONDecodeError:
if debug:
traceback.print_exc()
return VaultStatus.JSON_ERROR
return VaultStatus.OK
def test_cmd(self):
self.assertEqual(OpenSSLCmd.execute('openssl version')[0], OpenSSLCmdStatus.OK)
def test_bad_return(self):
self.assertEqual(OpenSSLCmd.execute('openssl rand')[0], OpenSSLCmdStatus.BAD_RETURN)
def test_invalid_cmd(self):
self.assertEqual(OpenSSLCmd.execute('openssl foo')[0], OpenSSLCmdStatus.INVALID_CMD)
def test_timeout(self):
self.assertEqual(OpenSSLCmd.execute('openssl', timeout=1)[0], OpenSSLCmdStatus.TIMEOUT)
def test_invalid_stdin(self):
self.assertEqual(OpenSSLCmd.execute('openssl version', stdin_bytes='foo')[0], OpenSSLCmdStatus.INVALID_STDIN)
def test_openssl_not_found(self):
self.assertEqual(OpenSSLCmd.execute('openssl__')[0], OpenSSLCmdStatus.NOT_FOUND)
def test_cmd_stdin_stdout(self):
result = OpenSSLCmd.execute('openssl enc', stdin_bytes='foo'.encode(), fetch_stdout_bytes=True)
self.assertEqual(result[0], OpenSSLCmdStatus.OK)
self.assertEqual(result[1].decode(), 'foo')
def test_cmd_stdout(self):
result = OpenSSLCmd.execute('openssl version', fetch_stdout_bytes=True)
self.assertEqual(result[0], OpenSSLCmdStatus.OK)
assert (result[1].decode().startswith('OpenSSL'))
def test_cmd_stdin(self):
self.assertEqual(OpenSSLCmd.execute('openssl enc', stdin_bytes='foo'.encode())[0], OpenSSLCmdStatus.OK)
