def decrypt_blob(encrypted_blob, private_key, password=None, encode_type='zip'): private_key = to_key(private_key, is_public_key=False) password = to_bytes(password) pkey = serialization.load_pem_private_key(private_key, password=password, backend=default_backend()) padding_obj = padding.PKCS1v15() if encode_type == 'zip': encrypted_blob = zlib.decompress(encrypted_blob) else: #Base 64 decode the data encrypted_blob = base64.b64decode(encrypted_blob) #In determining the chunk size, determine the private key length used in bytes. #The data will be in decrypted in chunks chunk_size = 512 offset = 0 decrypted = b"" #keep loop going as long as we have chunks to decrypt while offset < len(encrypted_blob): #The chunk chunk = encrypted_blob[offset: offset + chunk_size] #Append the decrypted chunk to the overall decrypted file decrypted += pkey.decrypt(chunk, padding_obj) #Increase the offset by chunk size offset += chunk_size #return the decompressed decrypted data decrypted = zlib.decompress(decrypted) return decrypted
def create_private_public_keys(password=None, is_clean=True, key_size=4096): private_key = rsa.generate_private_key( public_exponent=65537, key_size=key_size, backend=default_backend() ) public_key = private_key.public_key() if password: password = to_bytes(password) if password: encryption_algorithm = serialization.BestAvailableEncryption(password) else: encryption_algorithm = serialization.NoEncryption() private_key_bytes = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, #.TraditionalOpenSSL, encryption_algorithm=encryption_algorithm, ) public_key_bytes = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) private_key_s = to_unicode(private_key_bytes) public_key_s = to_unicode(public_key_bytes) if is_clean: private_key_s = to_clean_key(private_key_s) public_key_s = to_clean_key(public_key_s) return private_key_s, public_key_s
def render_as_static_resource_in_pages_for_farbox_bucket(template_filename): ext = os.path.splitext(template_filename)[-1].lower() if ext not in [ '.html', '.htm', '.js', '.css', '.json', '.jpg', '.png', '.scss', '.less', '.coffee' ]: return mime_type = '' raw_content = '' pages_configs = get_pages_configs() if not is_doc_modified(doc=pages_configs, date_field='mtime'): return get_304_response() if ext in ['.scss', '.less']: raw_content = get_template_static_resource_content('.'.join( [template_filename.rsplit('.')[0], 'css'])) mime_type = 'text/css' elif ext in ['.coffee']: raw_content = get_template_static_resource_content('.'.join( [template_filename.rsplit('.')[0], 'js'])) mime_type = 'application/javascript' if not raw_content: raw_content = get_template_static_resource_content(template_filename) if raw_content: raw_content = to_bytes(raw_content) mime_type = mime_type or guess_type( template_filename) or 'application/octet-stream' set_context_value_from_request("is_template_resource", True) file_response = send_file(io.BytesIO(raw_content), mimetype=mime_type) bucket = get_bucket_in_request_context() if bucket: set_304_response_for_doc(response=file_response, doc=pages_configs, date_field='mtime') return file_response
def encrypt_file(in_filepath, key, chunk_size=81920, out_filepath=None, is_content=False, fast=True): if fast: des_key = get_key_for_des(key) des = DES.new(des_key, DES.MODE_ECB) pl = 8 else: des_key, des_iv = get_key_and_iv_for_des(key) des = DES3.new(des_key, DES3.MODE_CFB, des_iv) pl = 16 # part length if is_content: raw_content = to_bytes(in_filepath) in_file = StringIO(raw_content) else: if not os.path.isfile(in_filepath): return '' else: in_file = open(in_filepath, 'r') out_content = b'' if out_filepath: out_file = open(out_filepath, 'wb') else: out_file = None padded = False while True: chunk = in_file.read(chunk_size) if len(chunk) == 0: if not padded: to_pad = chr(pl) * pl encrypted_chunk = des.encrypt(to_pad) if out_file: out_file.write(encrypted_chunk) else: out_content += encrypted_chunk break elif len(chunk) % pl != 0: reminder = len(chunk) % pl to_pad = chr(pl - reminder) * (pl - reminder) chunk += to_pad padded = True encrypted_chunk = des.encrypt(chunk) if out_file: out_file.write(encrypted_chunk) else: out_content += encrypted_chunk # at last in_file.close() if out_file: out_file.close() return out_filepath else: return out_content
def decrypt_file(in_filepath, key, chunk_size=81920, out_filepath=None, is_content=False, fast=True): if fast: des_key = get_key_for_des(key) des = DES.new(des_key, DES.MODE_ECB) pl = 8 else: des_key, des_iv = get_key_and_iv_for_des(key) des = DES3.new(des_key, DES3.MODE_CFB, des_iv) pl = 16 # part length if is_content: raw_content = to_bytes(in_filepath) in_file = StringIO(raw_content) else: if not os.path.isfile(in_filepath): return '' else: in_file = open(in_filepath, 'r') out_content = b'' if out_filepath: out_file = open(out_filepath, 'wb') else: out_file = None chuck_to_write = '' while True: chunk = in_file.read(chunk_size) if len(chunk) == 0: if chuck_to_write: pad_length = ord(chuck_to_write[-1]) chuck_to_write = chuck_to_write[:-pad_length] if chuck_to_write: if out_file: out_file.write(chuck_to_write) else: out_content += chuck_to_write break if chuck_to_write: if out_file: out_file.write(chuck_to_write) else: out_content += chuck_to_write chuck_to_write = des.decrypt(chunk) # at last in_file.close() if out_file: out_file.close() return out_filepath else: return out_content
def do_record_sync_log(self, log): now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') log = to_bytes('%s %s\n\n' % (now, log)) sync_log_filepath = join(self.root, '.sync/%s_sync.log' % self.app_name_for_sync) try: make_sure_path(sync_log_filepath) with open(sync_log_filepath, 'a') as f: f.write(log) except: pass
def simple_encrypt(key, text): key = key[:8] text = to_bytes(text) des = DES.new(key, DES.MODE_ECB) reminder = len(text) % 8 if reminder == 0: # pad 8 bytes text += '\x08' * 8 else: text += chr(8 - reminder) * (8 - reminder) return base64.b64encode(des.encrypt(text))
def render_as_static_file_for_farbox_bucket(path): if not path or path == "/": path = "index.html" bucket = get_bucket_in_request_context() if not bucket: return record = get_record_by_path(bucket, path) if path == "favicon.ico" and not record: record = get_record_by_path(bucket, "_direct/favicon.ico") # 兼容 Bitcron if not record: return record_path = get_path_from_record(record) if record_path and record_path.startswith("/_data/"): ext = os.path.splitext(record_path)[-1].strip(".").lower() if ext in ["csv"] and not is_bucket_login(bucket): return abort( 404, "csv under /_data is not allowed to download directly") set_context_value_from_request("is_static_file", True) if record.get('compiled_type') and record.get('compiled_content'): raw_content = record.get('compiled_content') content_type = record.get('compiled_type') raw_content = to_bytes(raw_content) mimetype = content_type or guess_type( path) or 'application/octet-stream' compiled_file_response = send_file(io.BytesIO(to_bytes(raw_content)), mimetype=mimetype) return compiled_file_response else: # 先对应是否防盗链的逻辑 site_configs = get_bucket_site_configs(bucket) anti_theft_chain = site_configs.get("anti_theft_chain", True) if anti_theft_chain and request.path.strip('/') in ['favicon.ico']: anti_theft_chain = False if anti_theft_chain and request.referrer: refer_host = get_host_from_url(request.referrer) if refer_host != request.host and "." in request.path: return abort(404, "this url is not allowed for outside") return storage.get_download_response_for_record(bucket=bucket, record_data=record, try_resized_image=True)
def get_sign_content(dict_data, excludes=None): # for python dict object, 如果 k,v 中的 v 本身是 '', 则不会进行 sign excludes = excludes or [] dict_data = { k: v for k, v in dict_data.items() if len(str(v)) and k not in excludes } sign_content = '&'.join('%s=%s'%(k, v) for k, v in sorted(dict_data.items())) sign_content = to_bytes(sign_content) return sign_content
def sign_by_private_key(private_key, content, encode_base64=True, excludes_fields=None): private_key = to_private_key(private_key) padding_obj = padding.PSS( mgf = padding.MGF1(hashes.SHA256()), salt_length = padding.PSS.MAX_LENGTH ) if isinstance(content, dict): content = get_sign_content(content, excludes=excludes_fields) content = to_bytes(content) signature = private_key.sign(content, padding_obj, hashes.SHA256()) if encode_base64: signature = base64.b64encode(signature) return signature
def to_key(key, is_public_key=False): key = to_unicode(key) if is_public_key: head = '-----BEGIN PUBLIC KEY-----' tail = '-----END PUBLIC KEY-----' else: head = '-----BEGIN PRIVATE KEY-----' tail = '-----END PRIVATE KEY-----' if '-----BEGIN ' not in key: key = head + '\n' + key if '-----END ' not in key: key = key.strip() + '\n' + tail + '\n' key = to_bytes(key) return key
def insert_into_header(to_insert, html, force=False): # 插入到 html 页面的头部 if not force and get_no_html_inject_in_request(): return html if not to_insert: return html if isinstance(html, str_type) and isinstance(to_insert, unicode_type): to_insert = to_bytes(to_insert) if isinstance(to_insert, string_types): html = re.sub(r'</head>\s*<body', '%s\n</head>\n<body' % to_insert, html, count=1, flags=re.I) return html
def verify_by_public_key(public_key, signature, content, decode_base64=True): if not public_key or not signature or not content: return False public_key = to_public_key(public_key) if not public_key: return False padding_obj = padding.PSS( mgf = padding.MGF1(hashes.SHA256()), salt_length = padding.PSS.MAX_LENGTH ) if decode_base64: try: signature = base64.b64decode(signature) signature = to_bytes(signature) except: pass if isinstance(content, dict): content = get_sign_content(content) content = to_bytes(content) try: public_key.verify(signature, content, padding_obj, hashes.SHA256()) return True except: return False
def insert_into_footer(to_insert, html, force=False): # 插入到 html 页面的尾部 if not force and get_no_html_inject_in_request(): return html if not to_insert: return html if isinstance(html, str_type) and isinstance(to_insert, unicode_type): to_insert = to_bytes(to_insert) if isinstance(to_insert, string_types): # 会放在</body>之前 if re.search(r'</body>', html, flags=re.I): html = re.sub(r'</body>\s*\n', '%s</body>\n' % to_insert, html, flags=re.I) return html
def encrypt_file(in_filepath, key, chunk_size=81920, out_filepath=None, is_content=False): pl = 32 aes = get_aes(key) if is_content: raw_content = to_bytes(in_filepath) in_file = StringIO(raw_content) else: if not os.path.isfile(in_filepath): return '' else: in_file = open(in_filepath, 'r') out_content = b'' if out_filepath: out_file = open(out_filepath, 'wb') else: out_file = None padded = False while True: chunk = in_file.read(chunk_size) if len(chunk) == 0: if not padded: to_pad = chr(pl) * pl encrypted_chunk = aes.encrypt(to_pad) if out_file: out_file.write(encrypted_chunk) else: out_content += encrypted_chunk break elif len(chunk) % pl != 0: reminder = len(chunk) % pl to_pad = chr(pl - reminder) * (pl - reminder) chunk += to_pad padded = True encrypted_chunk = aes.encrypt(chunk) if out_file: out_file.write(encrypted_chunk) else: out_content += encrypted_chunk # at last in_file.close() if out_file: out_file.close() return out_filepath else: return out_content
def get_public_key_from_private_key(private_key, password=None, is_clean=True): private_key = to_key(private_key, is_public_key=False) if password: password = to_bytes(password) try: private_key = serialization.load_pem_private_key(private_key, password=password, backend=default_backend()) public_key = private_key.public_key() public_key_bytes = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) public_key_s = to_unicode(public_key_bytes) if is_clean: public_key_s = to_clean_key(public_key_s) return public_key_s except: print('failed to get_public_key_from_private_key') return
def decrypt_file(in_filepath, key, chunk_size=81920, out_filepath=None, is_content=False): aes = get_aes(key) if is_content: raw_content = to_bytes(in_filepath) in_file = StringIO(raw_content) else: if not os.path.isfile(in_filepath): return '' else: in_file = open(in_filepath, 'r') out_content = b'' if out_filepath: out_file = open(out_filepath, 'wb') else: out_file = None chuck_to_write = '' while True: chunk = in_file.read(chunk_size) if len(chunk) == 0: if chuck_to_write: pad_length = ord(chuck_to_write[-1]) chuck_to_write = chuck_to_write[:-pad_length] if chuck_to_write: if out_file: out_file.write(chuck_to_write) else: out_content += chuck_to_write break if chuck_to_write: if out_file: out_file.write(chuck_to_write) else: out_content += chuck_to_write chuck_to_write = aes.decrypt(chunk) # at last in_file.close() if out_file: out_file.close() return out_filepath else: return out_content
def encrypt_aes(text, key, encode_type='base64'): if isinstance(text, dict): text = json.dumps(text, indent=4) text = to_bytes(text) aes = get_aes(key) reminder = len(text)%BLOCK_SIZE if reminder == 0: # pad 8 bytes text += '\x08'*BLOCK_SIZE else: text += chr(BLOCK_SIZE-reminder) * (BLOCK_SIZE-reminder) encrypted = aes.encrypt(text) if encode_type == 'zip': encrypted_content = zlib.compress(encrypted) elif encode_type == 'raw': encrypted_content = encrypted else: #Base 64 encode the encrypted file encrypted_content = base64.b64encode(encrypted) return encrypted_content
def encrypt_des(text, key, encode_type='base64'): key = to_key_for_des(key) if isinstance(text, dict): text = json.dumps(text, indent=4) text = to_bytes(text) des = DES.new(key, DES.MODE_ECB) reminder = len(text) % 8 if reminder == 0: # pad 8 bytes text += '\x08' * 8 else: text += chr(8 - reminder) * (8 - reminder) encrypted = des.encrypt(text) if encode_type == 'zip': encrypted_content = zlib.compress(encrypted) else: #Base 64 encode the encrypted file encrypted_content = base64.b64encode(encrypted) return encrypted_content
def get_download_response_for_record(self, bucket, record_data, try_resized_image=False): # 同步回去的 response # 如果是 Web 端给普通访客的,则会根据需要自动提供缩略图的逻辑支持 raw_content = record_data.get('raw_content') or record_data.get( 'content') or '' if raw_content and record_data.get('_zipped'): try: raw_content = ungzip_content(raw_content, base64=True) except: pass mime_type = guess_type(record_data.get( "path", "")) or "application/octet-stream" if raw_content: raw_content = to_bytes(raw_content) return send_file(io.BytesIO(raw_content), mimetype=mime_type) else: file_response = self.as_web_response( bucket, record_data, try_resized_image=try_resized_image) return file_response # 可能是 None
def encrypt_blob(blob, public_key, encode_type='zip'): blob = to_bytes(blob) public_key = to_key(public_key, is_public_key=True) pkey = serialization.load_pem_public_key(public_key, backend=default_backend()) blob = zlib.compress(blob) chunk_size = 470 # 470+42=512 offset = 0 end_loop = False encrypted = b"" padding_obj = padding.PKCS1v15() while not end_loop and offset < len(blob): #The chunk chunk = blob[offset:offset + chunk_size] #If the data chunk is less then the chunk size, then we need to add #padding with " ". This indicates the we reached the end of the file #so we end loop here if len(chunk) % chunk_size != 0: end_loop = True chunk += b" " * (chunk_size - len(chunk)) #Append the encrypted chunk to the overall encrypted file encrypted += pkey.encrypt(chunk, padding_obj) #Increase the offset by chunk size offset += chunk_size if encode_type == 'zip': encrypted_content = zlib.compress(encrypted) else: #Base 64 encode the encrypted file encrypted_content = base64.b64encode(encrypted) return encrypted_content
# coding: utf8 import os from farbox_bucket.client.dump_template import get_template_info from farbox_bucket.utils import to_bytes root = os.path.abspath(os.path.dirname(__file__)) themes_py_file = os.path.join(root, '__init__.py') templates = {} for name in os.listdir(root): folder_path = os.path.join(root, name) if not os.path.isdir(folder_path): continue template_key = name.lower().strip() template_info = get_template_info(folder_path) template_info['_theme_key'] = template_key templates[template_key] = template_info py_file_content = '#coding: utf8\nthemes = %s' % templates with open(themes_py_file, 'wb') as f: f.write(to_bytes(py_file_content))
def to_private_key(private_key, password=None): private_key = to_key(private_key, is_public_key=False) if password: password = to_bytes(password) private_key = serialization.load_pem_private_key(private_key, password=password, backend=default_backend()) return private_key