def _get_session_key():
     try:
         if os_environ.get('BW_SESSION'):
             return SymmetricCryptoKey(b64decode(os_environ['BW_SESSION']))
     except Exception as e:
         T.error(e)
         print('Session key is invalid.')
     return None
    def __init__(self,
                 encrypted_string_or_type: str,
                 data: str = None,
                 iv: str = None,
                 mac: str = None):
        if data:
            enc_type = EncryptionType(encrypted_string_or_type)
            self.encryptedString = encrypted_string_or_type + '.' + data

            if iv:
                self.encryptedString += '|' + iv

            if mac:
                self.encryptedString += '|' + mac

            self.encryptionType = enc_type
            self.data = data
            self.iv = iv
            self.mac = mac
            return

        self.encryptedString = str(encrypted_string_or_type)
        if self.encryptedString is None:
            return

        header_pieces = self.encryptedString.split('.')
        if len(header_pieces) == 2:
            try:
                self.encryptionType = EncryptionType(int(header_pieces[0]))
                enc_pieces = header_pieces[1].split('|')
            except Exception as e:
                T.error(e)
                return
        else:
            enc_pieces = self.encryptedString.split('|')
            self.encryptionType = EncryptionType.AesCbc128_HmacSha256_B64 \
                if len(enc_pieces) == 3 else EncryptionType.AesCbc256_B64

        if self.encryptionType == EncryptionType.AesCbc128_HmacSha256_B64 \
                or self.encryptionType == EncryptionType.AesCbc256_HmacSha256_B64:
            if len(enc_pieces) != 3:
                return
            self.iv = enc_pieces[0]
            self.data = enc_pieces[1]
            self.mac = enc_pieces[2]
        elif self.encryptionType == EncryptionType.AesCbc256_B64:
            if len(enc_pieces) != 2:
                return
            self.iv = enc_pieces[0]
            self.data = enc_pieces[1]
        elif self.encryptionType == EncryptionType.Rsa2048_OaepSha256_B64 \
                or self.encryptionType == EncryptionType.Rsa2048_OaepSha1_B64:
            if len(enc_pieces) != 1:
                return
            self.data = enc_pieces[0]
        else:
            return
    def rsa_decrypt(self, enc_value):
        header_pieces = enc_value.split('.')
        enc_type: EncryptionType = None
        enc_pieces = None

        if len(header_pieces) == 1:
            enc_type = EncryptionType.Rsa2048_OaepSha256_B64
            enc_pieces = [header_pieces[0]]
        elif len(header_pieces) == 2:
            try:
                enc_type = EncryptionType(int(header_pieces[0]))
                enc_pieces = header_pieces[1].split('|')
            except Exception as e:
                T.error(e)

        if enc_type != EncryptionType.Rsa2048_OaepSha256_B64 \
                and enc_type != EncryptionType.Rsa2048_OaepSha1_B64 \
                and enc_type != EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64 \
                and enc_type != EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
            raise Exception('encType unavailable')

        if enc_pieces is None or len(enc_pieces) <= 0:
            raise Exception('encPieces unavailable')

        data = b64decode(enc_pieces[0])
        private_key = self.get_private_key()
        if private_key is None:
            raise Exception('No private key')

        if enc_type == EncryptionType.Rsa2048_OaepSha256_B64 \
                or enc_type == EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
            alg = hashes.SHA256()
        elif enc_type == EncryptionType.Rsa2048_OaepSha1_B64 \
                or enc_type == EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
            alg = hashes.SHA1()
        else:
            raise Exception('encType unavailable.')

        return serialization\
            .load_der_private_key(private_key, None, default_backend())\
            .decrypt(data,
                     padding.OAEP(
                         mgf=padding.MGF1(
                             algorithm=alg,
                         ),
                         algorithm=alg,
                         label=None
                     ))
    def decrypt(self, org_id):
        if self.decryptedValue:
            return self.decryptedValue

        cypto_service = ContainerService.ContainerService().get_crypto_service(
        )
        if not cypto_service:
            raise Exception('Container service not initialized')

        try:
            org_key = cypto_service.get_org_key(org_id)
            self.decryptedValue = cypto_service.decrypt_to_utf8(self, org_key)
        except Exception as e:
            T.error(e)
            self.decryptedValue = '[error: cannot decrypt]'
        return self.decryptedValue
    def aes_decrypt_to_utf8(self, enc_type, data, iv, mac, key):
        key_for_enc = self.get_key_for_encryption(key)
        the_key = self.resolve_legacy_key(enc_type, key_for_enc)

        if the_key.macKey is not None and mac is None:
            return None

        if the_key.encType != enc_type:
            T.error('encType unavailable')
            return None

        fast_params = self.aes_decrypt_fast_parameters(data, iv, mac, the_key)
        if fast_params.macKey and fast_params.mac:
            computed_mac = hmac.new(fast_params.macKey, fast_params.macData,
                                    hashlib_sha256).digest()
            if not self.macs_compare(computed_mac, fast_params.mac):
                T.error('mac failed')
                return None
        return self.aes_decrypt_fast(fast_params)
    def aes_decrypt_to_bytes(self, enc_type, data, iv, mac, key):
        key_for_enc = self.get_key_for_encryption(key)
        the_key = self.resolve_legacy_key(enc_type, key_for_enc)

        if the_key.macKey is not None and mac is None:
            return None

        if the_key.encType != enc_type:
            return None

        if the_key.macKey and mac:
            mac_data = iv + data
            computed_mac = hmac.new(the_key.macKey, mac_data,
                                    hashlib_sha256).digest()
            if computed_mac is None:
                return None

            if not self.macs_compare(mac, computed_mac):
                T.error('mac failed')
                return None
        return self.aes_decrypt(data, iv, the_key.encKey)
 def decrypt(self, enc_value) -> str:
     try:
         session_key = self._get_session_key()
         if session_key is None:
             return ''
         dec_value = self.cryptoService.decrypt_from_bytes(
             b64decode(enc_value), session_key)
         if dec_value is None:
             T.error('Failed to decrypt')
             return ''
         return b64encode(dec_value)
     except Exception as e:
         T.error(e)
         T.error('Decrypt error')