def _decrypt_config(self,
                     config_class,
                     encrypted_config,
                     extra=None,
                     context=None):
     if not encrypted_config:
         if extra:
             return config_class(None, *extra)
         else:
             return config_class()
     encrypted_config = base64.b64decode(encrypted_config)
     iv = encrypted_config[:16]
     cipher, iv = self._get_cipher(iv)
     pickled = cipher.decryptor().update(encrypted_config[16:])
     try:
         unpickled = pickle.loads(pickled, encoding="bytes")
     except Exception:
         raise KeychainKeyNotFound(
             f"Unable to decrypt{' ' + context if context else ''}. "
             "It was probably stored using a different CUMULUSCI_KEY.")
     # Convert bytes created in Python 2
     config_dict = {}
     for k, v in unpickled.items():
         if isinstance(k, bytes):
             k = k.decode("utf-8")
         if isinstance(v, bytes):
             v = v.decode("utf-8")
         config_dict[k] = v
     args = [config_dict]
     if extra:
         args += extra
     return self._construct_config(config_class, args)
Esempio n. 2
0
 def _validate_key(self):
     if not self.key:
         raise KeychainKeyNotFound(
             "The CUMULUSCI_KEY environment variable is not set.")
     if len(self.key) != 16:
         raise ConfigError(
             "The CUMULUSCI_KEY environment variable must be 16 characters long."
         )
Esempio n. 3
0
 def get_keychain_key(self):
     key_from_env = os.environ.get("CUMULUSCI_KEY")
     try:
         key_from_keyring = keyring.get_password("cumulusci",
                                                 "CUMULUSCI_KEY")
         has_functioning_keychain = True
     except Exception:
         key_from_keyring = None
         has_functioning_keychain = False
     # If no key in environment or file, generate one
     key = key_from_env or key_from_keyring
     if key is None:
         if has_functioning_keychain:
             key = random_alphanumeric_underscore(length=16)
         else:
             raise KeychainKeyNotFound(
                 "Unable to store CumulusCI encryption key. "
                 "You can configure it manually by setting the CUMULUSCI_KEY "
                 "environment variable to a random 16-character string.")
     if has_functioning_keychain and not key_from_keyring:
         keyring.set_password("cumulusci", "CUMULUSCI_KEY", key)
     return key
 def _validate_key(self):
     if not self.key:
         raise KeychainKeyNotFound("The keychain key was not found.")
     if len(self.key) != 16:
         raise ConfigError("The keychain key must be 16 characters long.")