def create(self, passphrase, reinitialize=False, debug=False): if reinitialize and os.path.exists(self.secret_file): try: os.remove(self.secret_file) except IOError: if debug: traceback.print_exc() return SecretStatus.ERR_CREATE secret_folder = os.path.dirname(self.secret_file) if not os.path.exists(secret_folder): try: os.makedirs(secret_folder) except IOError: if debug: traceback.print_exc() return SecretStatus.ERR_CREATE if os.path.exists(self.secret_file): return SecretStatus.FILE_EXISTS cmd = self.config.get('openssl_cmd.secret_random').replace('$BYTES', str(self.config.get('secret_bytes'))) status, stdout = OpenSSLCmd.execute(cmd, fetch_stdout_bytes=True) if status != OpenSSLCmdStatus.OK: return SecretStatus.OPENSSL_ERROR secret = stdout.decode().replace('\n', '').encode() cmd = self.config.get('openssl_cmd.secret_encode').replace('$OUT', self.secret_file).replace('$PW', passphrase) status, _ = OpenSSLCmd.execute(cmd, stdin_bytes=secret) if status != OpenSSLCmdStatus.OK: return SecretStatus.OPENSSL_ERROR return SecretStatus.OK
def save(self, secret): if self.data is not None: cmd = self.config.get("openssl_cmd.vault_encode").replace("$OUT", self.vault_file).replace("$PW", secret) status, _ = OpenSSLCmd.execute(cmd, stdin_bytes=json.dumps(self.data).encode()) if status != OpenSSLCmdStatus.OK: return VaultStatus.OPENSSL_ERROR return VaultStatus.OK else: return VaultStatus.VAULT_CLOSED
def unlock(self, passphrase): if not os.path.exists(self.secret_file): return SecretStatus.NOT_FOUND cmd = self.config.get('openssl_cmd.secret_decode').replace('$IN', self.secret_file).replace('$PW', passphrase) status, secret = OpenSSLCmd.execute(cmd, fetch_stdout_bytes=True) if status != OpenSSLCmdStatus.OK: return SecretStatus.OPENSSL_ERROR self.secret = secret.decode() return SecretStatus.OK
def open(self, secret, debug=False): if not os.path.exists(self.vault_file): return VaultStatus.NOT_FOUND cmd = self.config.get("openssl_cmd.vault_decode").replace("$IN", self.vault_file).replace("$PW", secret) status, data = OpenSSLCmd.execute(cmd, fetch_stdout_bytes=True) if status != OpenSSLCmdStatus.OK: return VaultStatus.OPENSSL_ERROR try: self.data = json.loads(data.decode()) except json.JSONDecodeError: if debug: traceback.print_exc() return VaultStatus.JSON_ERROR return VaultStatus.OK
def test_cmd(self): self.assertEqual(OpenSSLCmd.execute('openssl version')[0], OpenSSLCmdStatus.OK)
def test_bad_return(self): self.assertEqual(OpenSSLCmd.execute('openssl rand')[0], OpenSSLCmdStatus.BAD_RETURN)
def test_invalid_cmd(self): self.assertEqual(OpenSSLCmd.execute('openssl foo')[0], OpenSSLCmdStatus.INVALID_CMD)
def test_timeout(self): self.assertEqual(OpenSSLCmd.execute('openssl', timeout=1)[0], OpenSSLCmdStatus.TIMEOUT)
def test_invalid_stdin(self): self.assertEqual(OpenSSLCmd.execute('openssl version', stdin_bytes='foo')[0], OpenSSLCmdStatus.INVALID_STDIN)
def test_openssl_not_found(self): self.assertEqual(OpenSSLCmd.execute('openssl__')[0], OpenSSLCmdStatus.NOT_FOUND)
def test_cmd_stdin_stdout(self): result = OpenSSLCmd.execute('openssl enc', stdin_bytes='foo'.encode(), fetch_stdout_bytes=True) self.assertEqual(result[0], OpenSSLCmdStatus.OK) self.assertEqual(result[1].decode(), 'foo')
def test_cmd_stdout(self): result = OpenSSLCmd.execute('openssl version', fetch_stdout_bytes=True) self.assertEqual(result[0], OpenSSLCmdStatus.OK) assert (result[1].decode().startswith('OpenSSL'))
def test_cmd_stdin(self): self.assertEqual(OpenSSLCmd.execute('openssl enc', stdin_bytes='foo'.encode())[0], OpenSSLCmdStatus.OK)