def decrypt(self, data):
if not self.check_result:
self.logger.error('使用AES256解密加密数据失败,原因:' + self.err_msg)
return (False, self.err_msg)
if not self.b_password or self.b_password is None:
return (False, "加密密码为空")
data = obj2bytes(data)
if data[0]:
data = data[1]
else:
return data
ciphertext = unhexlify(data)
b_salt, b_cryptedHmac, b_ciphertext = ciphertext.split(b"\n", 2)
b_salt = unhexlify(b_salt)
b_ciphertext = unhexlify(b_ciphertext)
b_key1, b_key2, b_iv = self._gen_key_initctr(self.b_password, b_salt)
hmacDecrypt = HMAC.new(b_key2, b_ciphertext, SHA256)
if not self._is_equal(b_cryptedHmac,
bytes2string(hmacDecrypt.hexdigest())):
self.logger.error('使用AES256解密加密数据失败,原因:密码错误')
return (False, "解密失败,密码错误")
ctr = Counter.new(128, initial_value=int(b_iv, 16))
cipher = AES.new(b_key1, AES.MODE_CTR, counter=ctr)
b_plaintext = cipher.decrypt(b_ciphertext)
padding_length = b_plaintext[-1]
b_plaintext = b_plaintext[:-padding_length]
return self._handle_result(b_plaintext)
def __init__(self, password, header):
'''
对数据/文件进行加解密
:parm
password : 加解密密码
:return
返回一个元组,(是否执行成功,成功加密数据/失败原因)
'''
self.logger = logging.getLogger("security")
self.password = password
self.this_cipher = AES256_Algorithm(self.password)
result = obj2bytes(header)
if result[0]:
temp = result[1]
else:
temp = string2bytes(header)
self.b_header = temp
result = obj2string(header)
if result[0]:
temp = result[1]
else:
temp = bytes2string(header)
self.header = temp
def _is_encrypt(self, data):
'''
判断加密数据是否使用使用非本系统加解密算法加密的
'''
ciphertext_list = self._split_header(data)
temp_header = ciphertext_list[0]
result = obj2bytes(temp_header)
if result[0]:
temp = result[1]
else:
temp = string2bytes(temp_header)
b_header = temp
result = obj2string(temp_header)
if result[0]:
temp = result[1]
else:
temp = bytes2string(temp_header)
header = temp
if b_header in self.b_header or header in self.header:
return True
else:
return False
def _handle_result(self, data):
new_data = obj2string(data)
if new_data[0]:
result = new_data[1]
else:
result = bytes2string(data)
return (True, result)
def kv(k, v):
k = bytes2string(k)
try :
result = self.connecter.getset(k, v)
if not result :
result = v
except Exception as e :
if str(e) == "invalid password" :
self.logger.error(self.log_prefix + ' 获取key(如果不存在,写入新的)为' + k + '失败,原因:连接失败,密码错误')
return (False, '连接失败,密码错误')
else :
self.logger.error(self.log_prefix + ' 获取key(如果不存在,写入新的)为' + k + '失败,原因:' + str(e))
return (False, '获取key(如果不存在,写入新的)失败,' + str(e))
result = bytes2string(result)
self.logger.error(self.log_prefix + ' 获取key(如果不存在,写入新的)为' + k + '成功')
return (True, result)
def read_file(file, mode=False , sprfmt='\n', outfmt='string'):
'''
用于读取文件内容或者执行文件
:parm
file:读取或者执行文件名,支持当前相对路径、~、或者绝对路径
mode:是否执行,Flase为普通文件,其他为执行文件
sprfmt:换行符
outfmt:输出格式
bytes:转化为bytes格式,主要是用于解决ansible
string:转化为字符串格式
raw:原始文档,不作任何处理
:return
返回一个(执行结果代码,内容)
执行结果代码:Flase失败,True成功
内容:成功为执行或者读取内容,失败为失败原因
'''
(code , this_path) = check_fileaccessible(file)
if not code :
return (code , this_path)
if mode:
try:
p = subprocess.Popen(this_path, stdout=subprocess.PIPE)
except Exception as e:
return (False, '执行失败,' + str(e))
stdout, stderr = p.communicate()
resultcode = p.returncode
if resultcode != 0:
return (False, '执行过程中出现错误,返回错误代码为' + resultcode)
if stderr :
pass
content = stdout
sprfmt = b'\n'
content = stdout.strip(sprfmt)
if outfmt == 'bytes' or outfmt == 'raw' :
pass
else :
content = bytes2string(content)
else:
try:
if outfmt == 'bytes' :
fp = open(this_path, "rb")
else :
fp = open(this_path, "r")
content = fp.read().strip()
fp.close()
except Exception as e:
return (False, '读取失败,' + str(e))
return (True, content)
def delete(self, name):
'''
通过_single_del()删除指定单个name或者name列表
'''
result_list = []
if isinstance(name, (list, tuple)):
for n in name:
n = bytes2string(n)
result = self._single_del(n)[1]
result_list.append(result)
else:
result_list = [self._single_del(name)[1]]
return result_list
def _single_del(self, name):
'''
通过redis().delete()删除指定单个name
'''
name = bytes2string(name)
try :
result = self.connecter.delete(name)
self.logger.info(self.log_prefix + ' 删除key为' + name + '执行成功')
except Exception as e :
if str(e) == "invalid password" :
self.logger.error(self.log_prefix + ' 删除key为' + name + '失败,原因:连接失败,密码错误')
return (False, '连接失败,密码错误')
else :
self.logger.error(self.log_prefix + ' 删除key为' + name + '失败,原因:' + str(e))
return (False, '删除失败,' + str(e))
return (True, result)
def get(self, name, fmt='str'):
'''
通过get()获取指定name列表或者单个name的value
'''
try :
result = self.connecter.get(name)
self.logger.info(self.log_prefix + ' 查询key为' + name + '的value成功')
if fmt == 'str' :
result = bytes2string(result)
elif fmt == 'obj' :
result = pickle.loads(result)
except Exception as e :
if str(e) == "invalid password" :
self.logger.error(self.log_prefix + ' 查询key为' + name + '的数据失败,原因:连接失败,密码错误')
return (False, '连接失败,密码错误')
else :
self.logger.error(self.log_prefix + ' 查询key为' + name + '的数据失败,原因:' + str(e))
return (False, '查询失败,' + str(e))
return (True, result)
def _single_get(self, name):
'''
通过_single_get()获取指定name列表或者单个name的value
'''
try :
result = self.connecter.get(name)
if result != None :
result = bytes2string(result)
self.logger.info(self.log_prefix + ' 查询key为' + name + '的value成功')
else:
self.logger.warn(self.log_prefix + ' 没有查询到key为' + name + '的数据')
except Exception as e :
if str(e) == "invalid password" :
self.logger.error(self.log_prefix + ' 查询key为' + name + '的数据失败,原因:连接失败,密码错误')
return (False, '连接失败,密码错误')
else :
self.logger.error(self.log_prefix + ' 查询key为' + name + '的数据失败,原因:' + str(e))
return (False, '查询失败,' + str(e))
return (True, result)
def scan(self):
'''
通过redis().scan(),获取所有key列表
'''
try:
name_list = self.connecter.scan()
self.logger.info(self.log_prefix + ' 扫描成功')
except Exception as e:
if str(e) == "invalid password":
self.logger.error(self.log_prefix + ' 扫描失败,原因:连接失败,密码错误')
return (False, '连接失败,密码错误')
else:
self.logger.error(self.log_prefix + ' 扫描失败,原因:' + str(e))
return (False, '获取所有数据失败,' + str(e))
name_list = name_list[1]
temp_list = []
for temp in name_list:
temp = bytes2string(temp)
temp_list.append(temp)
name_list = temp_list
return (True, name_list)
def mget(self, key_list):
'''
批量获取
'''
try:
result = self.connecter.mget(key_list)
except Exception as e:
if str(e) == "invalid password":
self.logger.error(self.log_prefix + ' 批量查询失败,原因:连接失败,密码错误')
return (False, '连接失败,密码错误')
else:
self.logger.error(self.log_prefix + ' 批量查询失败,原因:' + str(e))
return (False, '批量查询,' + str(e))
result_list = []
for r in result:
if r != None:
r = bytes2string(r)
result_list.append(r)
self.logger.info(self.log_prefix + ' 批量查询成功')
return (True, result_list)
def write_file(file , mode , content, force=False , backup=True):
'''
用于把指定内容写入文件
:parm
file:写入文件
mode:打开文件模式,必须为写
content:写入文件内容
force:当文件存在,强制执行
backup:当文件存在,备份文件,后缀名为%Y%m%d%H%M%S-bk
:return
True:成功
Flase:失败
'''
if 'w' not in mode and 'a' not in mode and '+' not in mode :
return (False, '参数mode只能含有写模式(必须含有w、a、+)')
if not isinstance(file, str) :
return (False, '参数file只能为字符串')
if os.path.exists(file) :
if os.path.isdir(file) :
return (False, file + '是一个存在的目录')
else :
if not 'a' in mode :
if not force :
return (False, file + '文件存在')
if backup == True :
try :
dt = time.strftime('%Y%m%d%H%M%S', time.localtime(time.time()))
pre_result = os.renames(file , file + '-' + str(dt) + '-' + 'bk')
except Exception as e :
pre_result = str(e)
else :
pre_result = False
else :
pre_result = False
else :
dirname = os.path.dirname(file)
if os.path.exists(dirname) :
if not os.path.isdir(dirname) :
return (False, '目录为文件')
else :
mkresult = make_dir(dirname)
if not mkresult :
return (False, '无法创建目录')
pre_result = False
content = bytes2string(content)
content = str(content)
if not pre_result :
try :
pf = open(file, mode)
pf.writelines(content + '\n')
pf.close()
return (True, file)
except Exception as e :
rescode = False
result = str(e)
else :
rescode = False
result = '未知错误'
return (rescode, result)