def decipher(self, shared_key, password):
aes_cipher = AESCipher()
rsa_cipher = Encryption()
rsa_cipher.decrypt(encrypted_data=shared_key, private_key_file=self.__private_file, secret_code=self.__secret)
self.__password = aes_cipher.decrypt(enc=password, key=rsa_cipher.get_decrypted_message())
self.__secret = None
def password_packaging(self,
encrypted_data,
client_public_key,
secret=os.environ['DJANGO_SECRET']):
"""
This method is used to decrypt a given password using the server-side private key
and re-encrypting the password with a generated shared key. Then encrypt the shared
key with the clients public key.
:param encrypted_data: Server-Side Encrypted password
:param client_public_key: Client PublicKey in the form of a file name or a string
:param secret: The Secret Key to the Private Key for Decryption process
:return: Re-Encrypted Message
"""
aes_cipher = AESCipher()
self.decrypt(private_key_file=self.server_priv_file,
encrypted_data=encrypted_data,
secret_code=secret)
# Encrypt the password with the AESCipher
enc_pwd = aes_cipher.encrypt(self.get_decrypted_message())
session_key = base64.b64encode(aes_cipher.AES_KEY).decode('utf8')
# Encrypt the shared private key with the client's public key
self.encrypt(privateData=session_key, publickey=client_public_key)
enc_key = self.get_encrypted_message().decode('utf8')
return {
'password': enc_pwd,
'shared_key': enc_key,
}
def get_passwd(self):
"""
Returns the stored encrypted password from memory
:return: clear_text password
"""
if self.__password:
aes_cipher = AESCipher()
return aes_cipher.decrypt(self.__password, self.__aes_key)
def store_passwd(self, clr_passwd):
"""
Takes the clear text password and stores it in a variable with AES encryption.
:param clr_passwd:
:return: None, stores the password in the protected __ variable
"""
aes_cipher = AESCipher()
self.__aes_key = aes_cipher.AES_KEY
self.__password = aes_cipher.encrypt(clr_passwd)
def __init__(self, username):
self.username = username
self.session = requests.Session()
self.session.verify = False
disable_warnings(InsecureRequestWarning)
self.__password = None
self.__private_file = os.environ.get('RSAPrivateFile' or None)
self.__secret = open(os.environ.get('RSASecret' or None),
'r').read().strip()
self.cipher = AESCipher()
class Credential:
def __init__(self, username, password=None):
self.aes_cipher = AESCipher()
self.rsa_cipher = Encryption()
self.username = username
self.session = requests.Session()
self.session.verify = False
disable_warnings(InsecureRequestWarning)
self.__password = self.store_password(password)
self.__private_file = os.environ.get('RSAPrivateFile' or None)
self.__secret = open(os.environ.get('RSASecret' or None),
'r').read().strip()
def get_credential(self, dev=False):
if dev:
credstore_uri = 'https://credstore-dev/credentialstore/GetCredential?ClientId={}&username={}'.format(
os.environ['ClientId'], self.username)
else:
credstore_uri = 'https://credstore/credentialstore/GetCredential?ClientId={}&username={}'.format(
os.environ['ClientId'], self.username)
response = self.session.get(url=credstore_uri)
data = json.loads(response.text)
self.decipher(shared_key=data[0].get('secret'
or None)[0].get('shared_key'
or None),
password=data[0].get('secret' or None)[0].get('password'
or None))
return {'username': self.username, 'password': self.__password}
def decipher(self, shared_key, password):
rsa_cipher = Encryption()
aes_cipher = AESCipher()
rsa_cipher.decrypt(encrypted_data=shared_key,
private_key_file=self.__private_file,
secret_code=self.__secret)
self.__password = aes_cipher.decrypt(
enc=password, key=rsa_cipher.get_decrypted_message())
self.__secret = None
def store_password(self, password):
if password:
return self.aes_cipher.encrypt(password)
return None
def retrieve_password(self):
if self.__password:
return self.aes_cipher.decrypt(self.__password,
self.aes_cipher.AES_KEY)
return None