Example #1
0
class KeyGenerator:
    def __init__(self, key_directory=None):
        self.scr = SystemConfigReader()
        ssc = SystemConfigReader()
        database_options = ssc.get_all_values_from_section('Database')
        self.__dbm = DatabaseManagerMongo(**database_options)
        self.ssw = SystemSettingsWriter(self.__dbm)
        self.key_directory = key_directory or SystemConfigReader.DEFAULT_CONFIG_LOCATION + "/keys"

    def generate_rsa_keypair(self):
        from Crypto.PublicKey import RSA
        key = RSA.generate(2048)
        private_key = key.export_key()
        public_key = key.publickey().export_key()

        asymmetric_key = {'private': private_key, 'public': public_key}
        self.ssw.write('security', {'asymmetric_key': asymmetric_key})

    def generate_symmetric_aes_key(self):
        from Crypto import Random
        self.ssw.write('security',
                       {'symmetric_aes_key': Random.get_random_bytes(32)})
Example #2
0
class SecurityManager:
    DEFAULT_BLOCK_SIZE = 32
    DEFAULT_ALG = 'HS512'
    DEFAULT_EXPIRES = int(10)

    def __init__(self, database_manager):
        self.ssr = SystemSettingsReader(database_manager)
        self.ssw = SystemSettingsWriter(database_manager)
        self.salt = "cmdb"

    def generate_hmac(self, data):
        import hashlib
        import hmac

        generated_hash = hmac.new(self.get_symmetric_aes_key(),
                                  bytes(data + self.salt, 'utf-8'),
                                  hashlib.sha256)

        generated_hash.hexdigest()

        return base64.b64encode(generated_hash.digest()).decode("utf-8")

    def encrypt_aes(self, raw):
        """
        see https://stackoverflow.com/questions/12524994/encrypt-decrypt-using-pycrypto-aes-256
        :param raw: unencrypted data
        :return:
        """
        if type(raw) == list:
            import json
            from bson import json_util
            raw = json.dumps(raw, default=json_util.default)
        raw = SecurityManager._pad(raw).encode('UTF-8')
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(self.get_symmetric_aes_key(), AES.MODE_CBC, iv)
        return base64.b64encode(iv + cipher.encrypt(raw))

    def decrypt_aes(self, enc):
        enc = base64.b64decode(enc)
        iv = enc[:AES.block_size]
        cipher = AES.new(self.get_symmetric_aes_key(), AES.MODE_CBC, iv)
        return SecurityManager._unpad(cipher.decrypt(
            enc[AES.block_size:])).decode('utf-8')

    @staticmethod
    def _pad(s):
        return s + (SecurityManager.DEFAULT_BLOCK_SIZE - len(s) % SecurityManager.DEFAULT_BLOCK_SIZE) * \
               chr(SecurityManager.DEFAULT_BLOCK_SIZE - len(s) % SecurityManager.DEFAULT_BLOCK_SIZE)

    @staticmethod
    def _unpad(s):
        return s[:-ord(s[len(s) - 1:])]

    def generate_symmetric_aes_key(self):
        return self.ssw.write(
            'security', {'symmetric_aes_key': Random.get_random_bytes(32)})

    def get_symmetric_aes_key(self):
        try:
            symmetric_key = self.ssr.get_value('symmetric_aes_key', 'security')
        except NoDocumentFound:
            self.generate_symmetric_aes_key()
            symmetric_key = self.ssr.get_value('symmetric_aes_key', 'security')
        return symmetric_key

    @staticmethod
    def encode_object_base_64(data: object):
        from bson.json_util import dumps
        return base64.b64encode(dumps(data).encode('utf-8')).decode("utf-8")