Exemple #1
0
    def test_encrypt_with_unicode_kek_must_pass(self):
        """Test plan:

                Generate a kek
                Encrypt with master kek
                Convert to unicode
                call plugin.encrypt on unencrypted
                decrypt response cypher_text
                Compare with unencrypted
        """
        project_kek = fernet.Fernet.generate_key()
        encryptor = fernet.Fernet(self.plugin.master_kek)
        ENC_project_kek = encryptor.encrypt(project_kek)
        UENC_project_kek = six.u(ENC_project_kek)
        kek_meta_dto = self._get_mocked_kek_meta_dto()
        kek_meta_dto.plugin_meta = UENC_project_kek

        unencrypted = b'PlainTextSecret'
        encrypt_dto = plugin.EncryptDTO(unencrypted)
        response_dto = self.plugin.encrypt(encrypt_dto, kek_meta_dto,
                                           mock.MagicMock())

        project_encryptor = fernet.Fernet(project_kek)
        decrypted = project_encryptor.decrypt(response_dto.cypher_text)
        self.assertEqual(unencrypted, decrypted)
Exemple #2
0
async def bind_self_to_agent_slot():
    cryptor = fernet.Fernet(AGENT_BIND_SECRET_TOKEN)
    while ASV.running:
        # Token has ttl check, so regenerate every time
        bind_token = cryptor.encrypt(b'Geppytto').decode('utf-8')
        free_agent_slot = await (ASV.api_client.bind_to_free_slot(
            ASV.advertise_address, ASV.is_steady, bind_token))
        agent_info = free_agent_slot['data']
        if agent_info is None:
            logger.info('No free agent slot ...')
            await asyncio.sleep(AGENT_BIND_CHECK_INTERVAL)
            continue

        ASV.agent_id = agent_info['id']
        ASV.agent_name = agent_info['name']
        ASV.user_id = agent_info['user_id']
        ASV.last_ack_time = agent_info['last_ack_time']
        ASV.access_token = agent_info['access_token']
        ASV.api_client.set_access_token(ASV.access_token)

        agent_info.pop('access_token')  # Don't show token in log
        logger.info('Successfully bounded to agent slot:' +
                    json.dumps(agent_info))

        break
Exemple #3
0
def crypto():
    """
    Return a cryptography instance.
    """
    keys = load_keys()
    fernet_instances = [fernet.Fernet(key) for key in keys]
    return fernet.MultiFernet(fernet_instances)
def generate_token(json_data, secret_key, namespace):
    """
    Encrypt data using a provided secret_key and namespace.

    The process is as follows:
    * The secret_key is combined with the namespace and hashed using sha256. The namespace ensures that a token for
      `invite-user` cannot be re-used by an attacker on the `reset-password` endpoint. Hashing is used to ensure the
      key conforms to the 32 byte length requirement for Fernet.
    * The combined secret key is used to initialise the Fernet encryption algorithm. Fernet is a wrapper around AES
      that provides HMAC, TTL (time to live), and some quality of life features (url-safe base64 encoding)
      The fernet spec can be viewed here: https://github.com/fernet/spec/blob/master/Spec.md
    * The data is dumped from json and encrypted.
    * The output data is returned as a urlsafe_base64 (https://tools.ietf.org/html/rfc4648#section-5) unicode string.

    Fernet acepts and returns bytes, so call `.encode` before and `.decode` after to convert to strings, to ensure we
    use regular python strings for as much of the code flow as possible

    :param json_data: data to encrypt. Must be json-like blob that `json.dumps` will accept
    :param secret_key: The secret key to encrypt with. No length/content restrictions. Must be a string type.
    :param namespace: The namespace to encrypt with. No length/content restrictions. Must be a string type.
    :return: returns a urlsale_base64 encoded encrypted unicode string.
    :rtype: `unicode`
    """
    secret_key = hash_string(secret_key + namespace)
    data = json.dumps(json_data).encode('utf-8')
    f = fernet.Fernet(secret_key.encode('utf-8'))
    return f.encrypt(data).decode('utf-8')
Exemple #5
0
def encrypt(unencrypted_data,
            passphrase,
            salt,
            key_length=KEY_LENGTH,
            iterations=ITERATIONS):
    """
    Encrypt the data, using the provided passphrase and salt,
    and return the encrypted data.

    :param unencrypted_data: Secret data to encrypt
    :type unencrypted_data: bytes
    :param passphrase: Passphrase to use to generate encryption key. Must be
    at least 24-byte long
    :type passphrase: bytes
    :param salt: salt to use to generate encryption key. Must be randomly
    generated.
    :type salt: bytes
    :param key_length: Length of the encryption key to generate, in bytes.
    Will default to 32, if not provided.
    :type key_length: positive integer.
    :param iterations: A large number, used as seed to increase the entropy
    in randomness of the generated key for encryption, and hence greatly
    increase the security of encrypted data. will default to 10000, if not
    provided.
    :type iterations: positive integer.
    :return: Encrypted secret data
    :rtype: bytes
    """

    return fernet.Fernet(
        _generate_key(passphrase, salt, key_length,
                      iterations)).encrypt(unencrypted_data)
Exemple #6
0
    def file_encrypt_and_upload(self,file):
        #file代表文件位置
        #该函数处理数据加密以及上传至ipfs以及区块链的功能
        with open(file,"rb") as f:
            data=f.read()

            encrpted_file=fernet.Fernet(self.key).encrypt(data)

            with open("%s_encrypted"%file,"wb") as f_:
                f_.write(encrpted_file)

        res=self.client.add("%s_encrypted"%file)
        #删除加密文件,防止积累
        os.remove("./%s_encrypted"%file)
        upload=[]#可能需要加密
        upload.append(res['Hash'])

        key=str(self.key,encoding="utf-8")

        upload.append(key)
        upload=" ".join(upload)#上链字符串数据
        print(upload)
        ciphertext,capsule=pre.encrypt(self.pub_key,bytes(upload,encoding="utf-8"))
        #print(ciphertext)
        #可能需要非对称加密
        upload_data=self.w3.toHex(ciphertext)
        txo = {}
        txo['from'] = self.w3.eth.accounts[0]
        txo['to'] = self.w3.eth.accounts[1]
        txo['value'] = self.w3.toHex(0)
        txo['data'] = upload_data
        self.w3.geth.personal.unlockAccount(self.w3.eth.accounts[0], "123456")
        transaction_hash = self.w3.eth.sendTransaction(txo)#交易hash可以以数据库形式存储
        self.w3.geth.miner.start()
        self.w3.eth.waitForTransactionReceipt(transaction_hash)
        self.w3.geth.miner.stop()
        print("成功上链")
        #建立交易哈希与capsule的键值关系,保存至json文件
        #self.record[transaction_hash]=capsule
        capsule=capsule.to_bytes()#capsule
        #print(type(capsule))
        #transaction_hash=transaction_hash.hex()
        data={transaction_hash:capsule}
        print(data)
        if not os.path.exists("data.pkl"):
            list=[]
            with open("data.pkl","wb") as f:
                list.append(data)
                pickle.dump(list,f)
        else:
            fr=open("data.pkl","rb")
            old_pickle=pickle.load(fr)
            fr.close()
            old_pickle.append(data)
            with open("data.pkl","wb") as f:
                pickle.dump(old_pickle,f)
        data={"IP":self.IP,"tx_hash":transaction_hash.hex()}
        responce=requests.post(url="http://10.134.205.182:8085/sendjson",json=data,verify=False)
        if responce.status_code==200:
            print("上传完毕")
Exemple #7
0
    def file_encrypt_and_upload(self, file):

        symmetric_key = fernet.Fernet.generate_key()
        with open(file, "rb") as f:
            data = f.read()
            encrpted_file = fernet.Fernet(symmetric_key).encrypt(data)
            encrypted_key, capsule = pre.encrypt(self.pub_key, symmetric_key)
            print(encrypted_key)
            upload = encrpted_file + b"   " + encrypted_key
            res = self.client.add_bytes(upload)
            print(res, capsule)
            data_now = {res: capsule}
            self.record.update(data_now)
            capsule = capsule.to_bytes()

            data = {res: capsule}

            if not os.path.exists("data.pkl"):
                list = []
                with open("data.pkl", "wb") as f:
                    list.append(data)
                    pickle.dump(list, f)
                    print("file upload sucess")
            else:
                fr = open("data.pkl", "rb")
                old_pickle = pickle.load(fr)
                fr.close()
                old_pickle.append(data)
                with open("data.pkl", "wb") as f:
                    pickle.dump(old_pickle, f)
                    print("file upload success")
Exemple #8
0
 def cloak(self, msg):
     symetric = settings.SYMETRIC_SECRET_KEY
     ff = fernet.Fernet(symetric)
     msg = msg.encode('utf-8')
     enc = ff.encrypt(msg)
     henc = binascii.hexlify(enc).decode('utf-8')
     return "%s%s" % (self.HEADER, henc)
Exemple #9
0
async def add_secret(app: Sanic, secret: str, passphrase: str,
                     ttl: Optional[int]) -> str:
    """
    Add a secret to app.db.

    :param app: Sanic app
    :param secret: secret to add
    :param passphrase: passphrase associated with a secret
    :param ttl: secret time to live (optional)
    :return: secret key to acquire secret afterwards
    """

    key = get_fernet_key(app, passphrase)

    sign = hmac.digest(key=key, msg=passphrase.encode(), digest='sha512').hex()
    secret_key = secrets.token_hex(16)

    cipher = fernet.Fernet(key)
    encrypted = cipher.encrypt(secret.encode()).decode()

    expires = None
    if ttl:
        expires = datetime.utcnow() + timedelta(seconds=ttl)

    await app.db.secrets.insert_one({
        'secret': encrypted,
        'secret_key': secret_key,
        'signature': sign,
        'expires': expires,  # for mongo index
        'ttl': ttl,  # for fernet check
    })

    return secret_key
Exemple #10
0
 def decloak(self, msg):
     symmetric = self.get_key()
     ff = fernet.Fernet(symmetric)
     encrypted = msg.replace(self.HEADER, "", 1)
     bytes = binascii.unhexlify(encrypted)
     unencrypted = ff.decrypt(bytes).decode('utf-8')
     return unencrypted
Exemple #11
0
    def decryptMsg(self, msg, key):
        encryptionType = fernet.Fernet(key)

        msg = encryptionType.decrypt(msg)
        # msg = msg.decode("utf-8")
        msg = json.loads(msg)
        return msg
    def initalizeCredential(self):
        userhome = pl.Path.home()
        path = userhome / ".config" / "webdav_backup" / "credential.json"
        if not path.parent.exists():
            path.parent.mkdir()

        self.__credential_path = path
        ### Ask user for credential
        uname = input("Username : "******"The WebDav url : ")
        password = getpass.getpass("Your password : "******"useless_or_not"
        with open(keypath, "w") as fid:
            fid.write(token.decode())

        self.__crypto = cfe.Fernet(token)

        cpassword = self.__crypto.encrypt(password.encode()).decode()

        data = {"username": uname, "url": url, "password": cpassword}

        self.__config = Config(data)

        with open(self.__credential_path, "w") as fid:
            json.dump(self.__config, fid)
 def save(self, *args):
     migel = fernet.Fernet(base64.urlsafe_b64encode(
         self._initialize()[:32]))
     ding = "\n".join(args)
     dong = migel.encrypt(ding.encode())
     with open(self.file_name, "wb") as fh:
         fh.write(dong)
Exemple #14
0
 def _decrypt(cls, data: bytes, password: Union[bytes, str]) -> bytes:
     if isinstance(password, str):
         password = cls._transform_password(password, PASS_HASH_SALT,
                                            PASS_HASH_ITERATES)
     fernet = _fernet.Fernet(password)
     data = fernet.decrypt(data)
     return b64.urlsafe_b64decode(data)
def configure_fernet():
    keys = list(getattr(settings, 'ENCRYPTED_COOKIE_KEYS', None) or [])
    if not len(keys):
        raise ImproperlyConfigured(
            'The ENCRYPTED_COOKIE_KEYS settings cannot be empty.')

    return fernet.MultiFernet([fernet.Fernet(k) for k in keys])
    def __init__(
            self,
            secret_key: Union[str, bytes, bytearray],
            *,
            cookie_name: str = "AIOHTTP_SESSION",
            domain: Optional[str] = None,
            max_age: Optional[int] = None,
            path: str = '/',
            secure: Optional[bool] = None,
            httponly: bool = True,
            encoder: Callable[[Dict[str, Any]], str] = json.dumps,
            decoder: Callable[[str], Dict[str, Any]] = json.loads) -> None:
        super().__init__(cookie_name=cookie_name,
                         domain=domain,
                         max_age=max_age,
                         path=path,
                         secure=secure,
                         httponly=httponly,
                         encoder=encoder,
                         decoder=decoder)

        if isinstance(secret_key, str):
            pass
        elif isinstance(secret_key, (bytes, bytearray)):
            secret_key = base64.urlsafe_b64encode(secret_key)
        # TODO: `Fernet` expects `bytes` so we should `.encode()` if
        # `secret_key` is a string
        self._fernet = fernet.Fernet(secret_key)  # type: ignore[arg-type]
Exemple #17
0
    def test_compute_create_cert(self, mock_driver, mock_conf, mock_jinja,
                                 mock_log_cfg):
        createcompute = compute_tasks.CertComputeCreate()
        key = utils.get_compatible_server_certs_key_passphrase()
        fer = fernet.Fernet(key)
        mock_log_cfg.return_value = 'FAKE CFG'

        mock_driver.build.return_value = COMPUTE_ID
        path = '/etc/octavia/certs/ca_01.pem'
        self.useFixture(test_utils.OpenFixture(path, 'test'))
        # Test execute()
        test_cert = fer.encrypt(utils.get_compatible_value('test_cert'))
        compute_id = createcompute.execute(_amphora_mock.id,
                                           test_cert,
                                           server_group_id=SERVER_GRPOUP_ID)

        # Validate that the build method was called properly
        mock_driver.build.assert_called_once_with(
            name="amphora-" + _amphora_mock.id,
            amphora_flavor=AMP_FLAVOR_ID,
            image_tag=AMP_IMAGE_TAG,
            image_owner='',
            key_name=AMP_SSH_KEY_NAME,
            sec_groups=AMP_SEC_GROUPS,
            network_ids=AMP_NET,
            port_ids=[],
            user_data=None,
            config_drive_files={
                '/etc/rsyslog.d/10-rsyslog.conf': 'FAKE CFG',
                '/etc/octavia/certs/server.pem': fer.decrypt(test_cert),
                '/etc/octavia/certs/client_ca.pem': 'test',
                '/etc/octavia/amphora-agent.conf': 'test_conf'
            },
            server_group_id=SERVER_GRPOUP_ID,
            availability_zone=None)

        self.assertEqual(COMPUTE_ID, compute_id)

        # Test that a build exception is raised
        self.useFixture(test_utils.OpenFixture(path, 'test'))

        createcompute = compute_tasks.ComputeCreate()
        self.assertRaises(TypeError,
                          createcompute.execute,
                          _amphora_mock,
                          config_drive_files=test_cert)

        # Test revert()

        _amphora_mock.compute_id = COMPUTE_ID

        createcompute = compute_tasks.ComputeCreate()
        createcompute.revert(compute_id, _amphora_mock.id)

        # Validate that the delete method was called properly
        mock_driver.delete.assert_called_once_with(COMPUTE_ID)

        # Test that a delete exception is not raised

        createcompute.revert(COMPUTE_ID, _amphora_mock.id)
Exemple #18
0
def main(args):
    # Not gonna salt because there's only going to be one password
    # and we don't really care if somebody tries rainbow tables.
    kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
                     length=32,
                     iterations=100000,
                     salt=("0" * 16).encode('utf-8'),
                     backend=default_backend())
    key = base64.urlsafe_b64encode(kdf.derive(args.key[0].encode('utf-8')))
    fern = fernet.Fernet(key)
    output_list = []
    for inc in INCLUDE:
        result = subprocess.check_output(
            shlex.split("find . -name '{}'".format(inc))).decode('utf-8')
        output_list.extend(str(result).strip().split("\n"))
    files = [
        elem for elem in output_list if os.path.basename(elem) not in EXCLUDE
    ]
    if args.encrypt:
        for file in files:
            with io.open(file, 'rb') as f:
                token = fern.encrypt(f.read())
            with io.open(file, 'wb') as f:
                f.write(token)
        return SUCCESS
    elif args.decrypt:
        for file in files:
            with io.open(file, 'rb') as f:
                out = fern.decrypt(f.read())
            with io.open(file, 'wb') as f:
                f.write(out)
        return SUCCESS
    else:
        print("Encrypt/Decrypt option not specified")
        return FAILURE
Exemple #19
0
    def __init__(self):
        MainWindow.__init__(self)
        self.DEBUG = False
        self.LOCAL_PORT = 50001
        self.REMOTE_PORT = 50001
        self.MAX_BYTES = 65535
        self.status = 0
        # Creating and starting server thread
        self.t1 = threading.Thread(target=self.server)
        self.t1.start()
        # Thread for showing always the current state (ONLINE, OFFLINE, CONNECTED)
        self.statusThread = threading.Thread(target=self.statusRefresh)
        self.statusThread.start()

        self.currentIP = ''
        self.dataSequence = 0  # Sequence number of current sending data packet
        # List with sequence numbers of data packet's sent that haven't yet been uknowledged
        self.dataSeqForAckList = []
        # Sequence numbers of data packets that have already been received at least once
        self.dataSeqList = []
        self.getTimeOffset()  # Create offset between the local machine and ntp time
        # Two substates according to who sent first connection requesting packet
        self.requestingConnection = False
        self.receivingConnection = False

        self.peerIsAlive = False
        self.localEncryptionState = False
        self.remoteEncryptionState = False
        self.key = fernet.Fernet.generate_key()
        self.crypto = fernet.Fernet(self.key)
Exemple #20
0
    def __init__(self, key):

        self.key = key
        self.m = hashlib.sha256()
        self.m.update(str(key).encode())

        self.fernet = fernet.Fernet(base64.urlsafe_b64encode(self.m.digest()))
Exemple #21
0
    def execute(self, amphora_id):
        cert = self.cert_generator.generate_cert_key_pair(
            cn=amphora_id, validity=CONF.certificates.cert_validity_time)
        key = utils.get_six_compatible_server_certs_key_passphrase()
        fer = fernet.Fernet(key)

        return fer.encrypt(cert.certificate + cert.private_key)
 def test_session_check_invtoken(self):
     """Test session check raise 401 on a stale cookie."""
     req = get_request_with_fernet()
     _, req.cookies["MTD_SESSION"] = generate_cookie(req)
     req.app["Crypt"] = fernet.Fernet(fernet.Fernet.generate_key())
     with self.assertRaises(web.HTTPUnauthorized):
         _check_csrf(req)
    def __init__(self,
                 secret_key,
                 *,
                 cookie_name="AIOHTTP_SESSION",
                 domain=None,
                 max_age=None,
                 path='/',
                 secure=None,
                 httponly=True,
                 encoder=json.dumps,
                 decoder=json.loads,
                 samesite=None):
        super().__init__(cookie_name=cookie_name,
                         domain=domain,
                         max_age=max_age,
                         path=path,
                         secure=secure,
                         httponly=httponly,
                         encoder=encoder,
                         decoder=decoder,
                         samesite=samesite)

        if isinstance(secret_key, str):
            pass
        elif isinstance(secret_key, (bytes, bytearray)):
            secret_key = base64.urlsafe_b64encode(secret_key)
        self._fernet = fernet.Fernet(secret_key)
Exemple #24
0
    def execute(self,
                amphora_id,
                server_pem,
                build_type_priority=constants.LB_CREATE_NORMAL_PRIORITY,
                server_group_id=None,
                ports=None,
                flavor=None,
                availability_zone=None):
        """Create an amphora

        :returns: an amphora
        """

        # load client certificate
        with open(CONF.controller_worker.client_ca, 'r') as client_ca:
            ca = client_ca.read()

        key = utils.get_six_compatible_server_certs_key_passphrase()
        fer = fernet.Fernet(key)
        config_drive_files = {
            '/etc/octavia/certs/server.pem': fer.decrypt(server_pem),
            '/etc/octavia/certs/client_ca.pem': ca
        }
        return super(CertComputeCreate,
                     self).execute(amphora_id,
                                   config_drive_files=config_drive_files,
                                   build_type_priority=build_type_priority,
                                   server_group_id=server_group_id,
                                   ports=ports,
                                   flavor=flavor,
                                   availability_zone=availability_zone)
Exemple #25
0
    def from_config(cls, reactor, logger, queue, config_path):
        with open(config_path) as f:
            config = yaml.safe_load(f)

        # TODO: bump this once alchimia properly handles pinning
        thread_pool = ThreadPool(minthreads=1, maxthreads=1)
        thread_pool.start()
        reactor.addSystemEventTrigger('during', 'shutdown', thread_pool.stop)

        return cls(
            logger,
            DownloadDatabase(reactor, thread_pool, config["db"]["uri"]),
            FilePath(config["storage"]["filesystem"]),
            fernet.MultiFernet(
                [fernet.Fernet(key) for key in config["encryption_keys"]]),
            VBMSClient(
                reactor,
                connect_vbms_path=config["connect_vbms"]["path"],
                bundle_path=config["connect_vbms"]["bundle_path"],
                endpoint_url=config["vbms"]["endpoint_url"],
                keyfile=config["vbms"]["keyfile"],
                samlfile=config["vbms"]["samlfile"],
                key=config["vbms"].get("key"),
                keypass=config["vbms"]["keypass"],
                ca_cert=config["vbms"].get("ca_cert"),
                client_cert=config["vbms"].get("client_cert"),
            ),
            queue,
            config["env"],
        )
Exemple #26
0
def Encrypt(data: any,
            KeyFile: __file__ = ".Data/.encryptionKey",
            DataFile: __file__ = ".Data/.encrypted") -> None:

    # Adds the directory .Data incase it is not present
    if not os.path.exists("./.Data"):
        os.mkdir(".Data")
    # check if data is a dictionary and convert it
    # to a json type otherwise let it reamin as string
    if (type(data) == dict):
        data = json.dumps(data)

    # generate the key and then dump the key to a file
    key = xcrypt.Fernet.generate_key()
    keyFile = open(KeyFile, 'wb')
    pickle.dump(key, keyFile)
    keyFile.close()

    # Use the key generated to encrypt the data
    encryptionType = xcrypt.Fernet(key)

    # Change the data to BYTES since the eencryption supports
    # only bytes
    dataBytes = bytes(str(data), 'utf-8')
    encryptedData = encryptionType.encrypt(b'%b' % (dataBytes))

    # dumping the data in a file
    cryptoFile = open(DataFile, 'wb')
    pickle.dump(encryptedData, cryptoFile)
Exemple #27
0
def unpack_token(fernet_token, fernet_keys):
    """Attempt to unpack a token using the supplied Fernet keys.

    :param fernet_token: token to unpack
    :type fernet_token: string
    :param fernet_token: a list consisting of keys in the repository
    :type fernet_token: string
    :returns: the token payload
    :raises: Exception in the event the token can't be unpacked

    """
    # create a list of fernet instances
    fernet_instances = [fernet.Fernet(key) for key in fernet_keys]
    # create a encryption/decryption object from the fernet keys
    crypt = fernet.MultiFernet(fernet_instances)

    # attempt to decode the token
    token = _restore_padding(six.binary_type(fernet_token))
    serialized_payload = crypt.decrypt(token)
    payload = msgpack.unpackb(serialized_payload)

    translated_payload = []
    for item in payload:
        if isinstance(item, list):
            translated_item = []
            for i in item:
                translated_item.append(i)
            translated_payload.append(translated_item)
        else:
            translated_payload.append(item)

    # present token values
    return translated_payload
Exemple #28
0
def encrypt(value, encryption_key=None):
    if value is None:
        return None, None
    encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
    encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
    sym = fernet.Fernet(encoded_key)
    res = sym.encrypt(encodeutils.safe_encode(value))
    return 'cryptography_decrypt_v1', encodeutils.safe_decode(res)
def reencrypt_variables_connections(old_fernet_key_str, new_fernet_key_str):
    old_fernet_key = fernet.Fernet(old_fernet_key_str.encode("utf-8"))
    new_fernet_key = fernet.Fernet(new_fernet_key_str.encode("utf-8"))
    db = connector.connect(
        host="127.0.0.1",
        user="******",
        database="airflow-db",
    )
    variable_cursor = db.cursor()
    variable_cursor.execute("SELECT id, val, is_encrypted FROM variable")
    rows = variable_cursor.fetchall()
    for row in rows:
        id = row[0]
        val = row[1]
        is_encrypted = row[2]
        if is_encrypted:
            updated_val = new_fernet_key.encrypt(
                old_fernet_key.decrypt(bytes(val))).decode()
            variable_cursor.execute(
                "UPDATE variable SET val=%s WHERE id=%s", (updated_val, id))
    db.commit()

    conn_cursor = db.cursor()
    conn_cursor.execute(
        "SELECT id, password, extra, is_encrypted, is_extra_encrypted FROM "
        "connection")
    rows = conn_cursor.fetchall()
    for row in rows:
        id = row[0]
        password = row[1]
        extra = row[2]
        is_encrypted = row[3]
        is_extra_encrypted = row[4]
        if is_encrypted:
            updated_password = new_fernet_key.encrypt(
                old_fernet_key.decrypt(bytes(password))).decode()
            conn_cursor.execute(
                "UPDATE connection SET password=%s WHERE id=%s",
                (updated_password, id))
        if is_extra_encrypted:
            updated_extra = new_fernet_key.encrypt(
                old_fernet_key.decrypt(bytes(extra))).decode()
            conn_cursor.execute(
                "UPDATE connection SET extra=%s WHERE id=%s",
                (updated_extra, id))
    db.commit()
Exemple #30
0
def cryptography_decrypt_v1(value, encryption_key=None):
    encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
    encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
    sym = fernet.Fernet(encoded_key)
    try:
        return sym.decrypt(encodeutils.safe_encode(value))
    except fernet.InvalidToken:
        raise exception.InvalidEncryptionKey()