def run_insert(conn=None,
data=expressive_elems,
table='demo',
config_name = 'expressive',
PKI_object=None):
""" Insert a list into the accumulo table specified.
Arguments:
conn - the Accumulo connection to use
data - the list to insert into the Accumulo table
table - the name of the table to insert to
default_vis - the default visibility label to use. default: '(a&b)|c'
config_filept - file pointer to the configuration file for encryption
PKI_object - matches the interface on encryption PKI OBJECT, default is
DummyEncryptionPKI
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if PKI_object is None:
PKI_object = DummyEncryptionPKI(conn=conn)
config_filept = StringIO(schema[config_name])
encrypter = AccumuloEncrypt(config_filept, PKI_object)
print "\nEnrypting with the following schema: \n\n" + descriptions[config_name]
write_list_to_table(conn, encrypter, table, data)
def connect(self):
if self.conn is None:
self.conn = pyaccumulo.Accumulo(host=self.host,
port=self.port,
user=self.user,
password=self.password)
if not self.conn.table_exists(self.file_table):
raise ValueError('{} table does not exist'.format(
self.file_table))
else:
try:
self.conn.close()
except:
pass
self.conn = pyaccumulo.Accumulo(host=self.host,
port=self.port,
user=self.user,
password=self.password)
return self
def _connect(self):
self.conn = pyaccumulo.Accumulo(host=self.host,
port=self.port,
user=self.user,
password=self.password)
if not self.conn.table_exists(self.file_table):
self.conn.create_table(self.file_table)
if not self.conn.table_exists(self.project_table):
self.conn.create_table(self.project_table)
self.wr = self.conn.create_batch_writer(self.file_table,
max_memory=1024 * 1024)
def main():
conn = pyaccumulo.Accumulo('0.0.0.0',
port=42424,
user='******',
password='******')
create_table(conn, 'uints', 0, 100000)
create_table(conn, 'ints', -50000, 50000)
create_table(conn, 'floats', -50000, 50000)
create_table(conn, 'strings', 0, 100000)
create_table(conn, 'missing_data', 0, 12)
conn.close()
def run_insert(conn=None,
data=elems,
table='demo',
signClass=PyCryptopp_ECDSA_AccSig,
privkey=None,
loc='val',
default_vis='UNCLASS',
sign=True):
""" Insert a list into the accumulo table specified.
Arguments:
conn - the Accumulo connection to use. If it is 'None', will create
a connection with default information.
data - the list to insert into the Accumulo table
table - the name of the table to insert to
signClass - the signing algorithm to use, from acc_sig.py
privkey - the private key to use. default: None, which tells it to use
the test key defined by 'signClass'
default_vis - the default visibility label to use. Default: 'UNCLASS'
sign - whether to sign the data before writing it to Accumulo.
Default: True
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if loc == 'vis':
conf = VisibilityFieldConfig()
elif loc == 'val':
conf = ValueConfig()
elif loc == 'tab':
conf = StreamingTableConfig(conn, '__sig_metadata__' + table)
else:
print 'ERROR: invalid signature location', loc
if not privkey:
_, privkey = signClass.test_keys()
if sign:
signer = AccumuloSigner(privkey,
sig_f=signClass,
conf=conf,
default_visibility=default_vis)
else:
signer = None
write_list_to_table(conn, signer, table, data, default_vis)
def run_retrieve(conn=None,
table='demo',
config_name = 'expressive',
PKI_object=None):
""" Retrieves and decrypts values from the specified table,
outputting the appropriate error messages if not.
Arguments:
conn - the Accumulo connection to use
data - the list to insert into the Accumulo table
table - the name of the table to insert to
config_filept - file pointer to the configuration file for encryption
PKI_object - matches the interface on encryption PKI OBJECT, default is
DummyEncryptionPKI
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if PKI_object is None:
PKI_object = DummyEncryptionPKI(conn=conn)
total = 0
config_filept = StringIO(schema[config_name])
decrypter = AccumuloEncrypt(config_filept, PKI_object)
for entry in conn.scan(table):
total = total + 1
try:
cell = decrypter.decrypt(entry)
if config_name == 'print':
print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' %(base64.b64encode(cell.row),
cell.cv,
base64.b64encode(cell.cf),
base64.b64encode(cell.cq),
base64.b64encode(cell.val))
elif config_name == 'vis_print':
print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' %(cell.row,
cell.cv,
cell.cf,
cell.cq,
base64.b64encode(cell.val))
else:
print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' % (cell.row, cell.cv,cell.cf,cell.cq,cell.val)
except DecryptionException as ve:
print 'Error: Entry failed to decrypt.'
print 'Error message:', ve.msg
print
print 'Finished, decrypted %d total entries.' %(total)
def reconnect(self):
try:
self.wr.close()
except:
pass
try:
self.conn.close()
except:
pass
self.conn = pyaccumulo.Accumulo(host=self.host,
port=self.port,
user=self.user,
password=self.password)
self.wr = self.conn.create_batch_writer(self.file_table,
max_memory=1024 * 1024)
def run_pki_insert(genpath=DEMO_USERS, user='******', conn=None):
""" Insert elements into the PKI as specified by the config
file located at genpath.
Returns:
ks - the keystore object initialized this way
"""
if conn is None:
print 'Logging in to Accumulo...'
conn = pyaccumulo.Accumulo(host='localhost', port=42424,
user='******', password='******')
print 'Logged in. Creating key store...'
print 'Deleting existing metadata tables'
for table_name in ['__VERSION_METADATA__','__ATTR_TABLE__','__KEYWRAP_METADATA__']:
if conn.table_exists(table_name):
print 'Deleting table ', table_name
conn.delete_table(table_name)
ks = AccumuloAttrKeyStore(conn)
print 'Key store created.'
print
master_secret = 'master secret key'
print 'Initializing key store with dummy master secret "master secret key"...'
kg = KeyGen(master_secret)
users = KeyGen.file_to_dict(genpath)
for _, infos in users.itervalues():
for _, _, metadata, _ in infos:
if conn.table_exists(metadata):
print ' Found existing table:', metadata
print ' Deleting to have a clean slate.'
conn.delete_table(metadata)
kg.initialize_users(users, ks)
#get private keys to unwrap things
f = open(PRIV_KEYS+user+'_privkey.pem','r')
priv_key = RSA.importKey(f.read())
print 'Key store initialized.'
return EncryptionPKIAccumulo(conn, user, priv_key), KeyStoreFrontEnd(ks)
def run_search(conn=None,
table='demo',
config_name = 'expressive',
PKI_object=None,
row_range='Analytics'):
""" Retrieves and decrypts values from the specified table,
outputting the appropriate error messages if not.
Arguments:
conn - the Accumulo connection to use
data - the list to insert into the Accumulo table
table - the name of the table to insert to
config_filept - file pointer to the configuration file for encryption
PKI_object - matches the interface on encryption PKI OBJECT, default is
DummyEncryptionPKI
row_range - the keyword to search for
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if PKI_object is None:
PKI_object = DummyEncryptionPKI(conn=conn)
total = 0
enc_config_filept = StringIO(schema[config_name])
dec_config_filept = StringIO(schema[config_name])
encrypter = AccumuloEncrypt(enc_config_filept, PKI_object)
enc_row, _ = encrypter.encrypt_search(row_range, None)
range = pyaccumulo.Range(srow = enc_row, sinclude = True,
erow = enc_row, einclude = True)
for entry in conn.scan(table, scanrange=range):
total = total + 1
try:
cell = encrypter.decrypt(entry)
print "Entry: (%s, %s, %s, %s)" % (cell.row, cell.cf, cell.cq, cell.val)
except DecryptionException as ve:
print 'Error: Entry failed to decrypt.'
print 'Error message:', ve.msg
print
print 'Finished, decrypted %d total entries.' %(total)
def run_revoke(user, attr, genpath=DEMO_USERS, conn=None):
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost', port=42424,
user='******', password='******')
ks = AccumuloAttrKeyStore(conn)
master_secret = 'master secret key'
kg = KeyGen(master_secret)
users = KeyGen.file_to_dict(genpath)
user_keys = {}
for k_user, k_tuple in users.iteritems():
user_keys[k_user] = k_tuple[0]
print "Revoking user %s's access to attribute %s." %(user, attr)
kg.revoke(user, attr, ks, ks, ks, user_keys)
def run_verify(conn=None,
table='demo',
signClass=PyCryptopp_ECDSA_AccSig,
pubkey=None,
loc='val'):
""" Verifies that a table in an Accumulo instance has been properly signed,
outputting the appropriate error messages if not.
Arguments:
conn - the Accumulo connection to use. If conn is 'None', will create
a connection with default info.
data - the list to insert into the Accumulo table
table - the name of the table to insert to
signClass - the signing algorithm to use, from acc_sig.py
pubkey - the public key of the signer. default: None, which tells it to
use the test key defined by 'signClass'
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if loc == 'vis':
conf = VisibilityFieldConfig()
elif loc == 'val':
conf = ValueConfig()
elif loc == 'tab':
conf = StreamingTableConfig(conn, '__sig_metadata__' + table)
else:
print 'ERROR: invalid signature location', loc
if not pubkey:
pubkey, _ = signClass.test_keys()
successes = 0
total = 0
verifier = AccumuloVerifier(pubkey, conf=conf)
for entry in conn.scan(table):
total = total + 1
try:
verifier.verify_entry(entry)
successes = successes + 1
except VerificationException as ve:
if ve.cell is not None:
print 'Error: Entry failed to verify.'
print 'Entry row:', ve.cell.row
print 'Entry val:', ve.cell.val
print 'Error message:', ve.msg
print
else:
print 'Error: Entry failed to verify.'
print 'Entry row:', entry.row
print 'Entry val:', entry.val
print 'Error message:', ve.msg
print
print 'Finished, with %d successes out of %d total entries.' % (successes,
total)
def get_connection_accumulo(self, host, port, user, password):
conn = pyaccumulo.Accumulo(host=host, port=port, user=user, password=password)
return conn