def encodePassword(plaintext, scheme, other=None, config=None):
"""Encrypt the plaintext password.
"""
if plaintext is None:
plaintext = ""
if scheme == "PBKDF2":
if other:
rounds, salt, raw_salt, digest = pbkdf2_unpack(other)
else:
raw_salt = getrandbytes(20)
salt = h64encode(raw_salt)
if config:
rounds = config.PASSWORD_PBKDF2_DEFAULT_ROUNDS
else:
rounds = 10000
if rounds < 1000:
raise PasswordValueError, "invalid PBKDF2 hash (rounds too low)"
raw_digest = pbkdf2(plaintext, raw_salt, rounds, 20)
return "%d$%s$%s" % (rounds, salt, h64encode(raw_digest))
elif scheme == 'SHA':
s = sha1(plaintext).hexdigest()
elif scheme == 'MD5':
s = md5(plaintext).hexdigest()
elif scheme == 'crypt' and crypt is not None:
if other is not None:
salt = other
else:
saltchars = './0123456789'+string.letters
salt = random.choice(saltchars) + random.choice(saltchars)
s = crypt.crypt(plaintext, salt)
elif scheme == 'plaintext':
s = plaintext
else:
raise PasswordValueError, 'unknown encryption scheme %r'%scheme
return s
def testPassword(self):
self.assertEqual(self._test('password', ''), None)
self.assertEqual(self._test('password', ' a string '), 'a string')
val = self._test('password', ' a string ')
self.assert_(isinstance(val, password.Password))
val = self._test('password', '{plaintext}a string')
self.assert_(isinstance(val, password.Password))
val = self._test('password', '{crypt}a string')
self.assert_(isinstance(val, password.Password))
s = sha1('a string').hexdigest()
val = self._test('password', '{SHA}'+s)
self.assert_(isinstance(val, password.Password))
self.assertEqual(val, 'a string')
self.assertRaises(hyperdb.HyperdbValueError, self._test,
'password', '{fubar}a string')
def checkDigest(filename):
"""Read file, check for valid fingerprint, return TRUE if ok"""
# open and read file
inp = open(filename, "r")
lines = inp.readlines()
inp.close()
fingerprint = extractFingerprint(lines)
if fingerprint is None:
return 0
del lines[-1]
# calculate current digest
digest = sha1()
for line in lines:
digest.update(line)
# compare current to stored digest
return fingerprint == digest.hexdigest()
def encodePassword(plaintext, scheme, other=None):
"""Encrypt the plaintext password.
"""
if plaintext is None:
plaintext = ""
if scheme == 'SHA':
s = sha1(plaintext).hexdigest()
elif scheme == 'MD5':
s = md5(plaintext).hexdigest()
elif scheme == 'crypt' and crypt is not None:
if other is not None:
salt = other
else:
saltchars = './0123456789'+string.letters
salt = random.choice(saltchars) + random.choice(saltchars)
s = crypt.crypt(plaintext, salt)
elif scheme == 'plaintext':
s = plaintext
else:
raise PasswordValueError, 'unknown encryption scheme %r'%scheme
return s
def __init__(self, filename):
self.filename = filename
self.digest = sha1()
self.file = open(self.filename, "w")
