def _decrypt_config(self,
config_class,
encrypted_config,
extra=None,
context=None):
if not encrypted_config:
if extra:
return config_class(None, *extra)
else:
return config_class()
encrypted_config = base64.b64decode(encrypted_config)
iv = encrypted_config[:16]
cipher, iv = self._get_cipher(iv)
pickled = cipher.decryptor().update(encrypted_config[16:])
try:
unpickled = pickle.loads(pickled, encoding="bytes")
except Exception:
raise KeychainKeyNotFound(
f"Unable to decrypt{' ' + context if context else ''}. "
"It was probably stored using a different CUMULUSCI_KEY.")
# Convert bytes created in Python 2
config_dict = {}
for k, v in unpickled.items():
if isinstance(k, bytes):
k = k.decode("utf-8")
if isinstance(v, bytes):
v = v.decode("utf-8")
config_dict[k] = v
args = [config_dict]
if extra:
args += extra
return self._construct_config(config_class, args)
def _validate_key(self):
if not self.key:
raise KeychainKeyNotFound(
"The CUMULUSCI_KEY environment variable is not set.")
if len(self.key) != 16:
raise ConfigError(
"The CUMULUSCI_KEY environment variable must be 16 characters long."
)
def get_keychain_key(self):
key_from_env = os.environ.get("CUMULUSCI_KEY")
try:
key_from_keyring = keyring.get_password("cumulusci",
"CUMULUSCI_KEY")
has_functioning_keychain = True
except Exception:
key_from_keyring = None
has_functioning_keychain = False
# If no key in environment or file, generate one
key = key_from_env or key_from_keyring
if key is None:
if has_functioning_keychain:
key = random_alphanumeric_underscore(length=16)
else:
raise KeychainKeyNotFound(
"Unable to store CumulusCI encryption key. "
"You can configure it manually by setting the CUMULUSCI_KEY "
"environment variable to a random 16-character string.")
if has_functioning_keychain and not key_from_keyring:
keyring.set_password("cumulusci", "CUMULUSCI_KEY", key)
return key
def _validate_key(self):
if not self.key:
raise KeychainKeyNotFound("The keychain key was not found.")
if len(self.key) != 16:
raise ConfigError("The keychain key must be 16 characters long.")
