def validate(self): LOG.info('%s()' % KenLog.fcn()) if 'encryption_key' in self._instructions: path = self._instructions['cloud_input_path'] status, messages = CPSecurity.validate( path, self._instructions['encryption_key']) if not status: message = 'The Encryption Key does not meet the following ' \ 'requirement(s):\n# %s' % \ '\n# '.join(messages) self.add_error(message) return False score, msg = CPSecurity.calculate_complexity( self._instructions['encryption_key']) print('\n\nThe encryption key has a complexity score of %d (' '%s)\n\n' % (score, msg)) if ('previous_encryption_key' in self._instructions and 'encryption_key' in self._instructions): if (self._instructions['encryption_key'] == self._instructions['previous_encryption_key']): message = 'The New Encryption Key and the Previous ' \ 'Encryption Key must be different.' self.add_error(message) return False return True
def _decrypt_file(instructions, file_name): fp = open(file_name, 'r') lines = fp.readlines() fp.close() need_to_write = False for i in range(len(lines)): line = lines[i] if line.find('='): need_to_write = True tokens = line.split() for t in tokens: if t.endswith('='): plaintext = CPSecurity.decrypt( instructions['encryption_key'], t) if plaintext is None: print('error: Incorrect Decryption Key') sys.exit(-1) lines[i] = line.replace(t, plaintext) if need_to_write: print('Updating %s' % file_name) fp = open(file_name, 'w') for line in lines: fp.write(line) fp.close()
def _get_options(): user_instructions = dict() user_instructions['encryption_key'] = \ user_instructions['encryption_key'] = \ CPSecurity.make_key( getpass.getpass( 'Enter the current key to be used for decryption: ')) return user_instructions
def _migrate_keys(self, prev_encryption_key, encryption_key): state_persistor = StatePersistor( self._models, self._controllers, persistence_file='private_data.yml') all_private_data = state_persistor.recall_info() for k, v in six.iteritems(all_private_data): if k == 'encryption_key_checker': continue if not self._was_persisted_value_encrypted(k): continue v = CPSecurity.decrypt(prev_encryption_key, v) v = CPSecurity.encrypt(encryption_key, v) info = {k: v} state_persistor.persist_info(info)
def _validate_encryption_key(self, secret): value = self._get_encrypted_validator() if value: property_value = 'encryption_key_checker' value = CPSecurity.decrypt(secret, value) if value == property_value: return True return False
def _encrypt_validator(self, secret): state_persistor = StatePersistor( self._models, self._controllers, persistence_file='private_data.yml') property_name = 'encryption_key_checker' property_value = 'encryption_key_checker' property_value = CPSecurity.encrypt(secret, property_value) info = {property_name: property_value} state_persistor.persist_info(info)
def _decrypt_file_contents(self, file_name): fp = open(file_name, 'r') lines = fp.readlines() fp.close() need_to_write = False for i in range(len(lines)): line = lines[i] if line.find('='): tokens = line.split() for t in tokens: if t.endswith('='): plaintext = CPSecurity.decrypt( self._instructions['encryption_key'], t) if plaintext is not None: lines[i] = line.replace(t, plaintext) need_to_write = True if need_to_write: fp = open(file_name, 'w') for line in lines: fp.write(line) fp.close()
def generate_value(instructions, models, controllers, name, value, payload=None): if not isinstance(value, str): return value if value.count('%') != 2: return value sp = StatePersistor(models, controllers, 'private_data.yml') if not instructions['refresh_passwords']: ri = sp.recall_info([name]) ri_e = HlmVariable.was_persisted_value_encrypted(sp, name) if ri and not ri_e: if 'encryption_key' in instructions: key = instructions['encryption_key'] secure_value = CPSecurity.encrypt(key, ri) HlmVariable.persist_value(sp, name, secure_value, True) return ri elif ri and ri_e: return HlmVariable.decrypt_value(ri, instructions) p1 = value.find('%') + 1 p2 = value.rfind('%') variable_type = value[p1:p2] version = instructions['model_version'] version = Version.normalize(version) if float(version) > 1.0: variable_type += '-%s' % version try: namespace = 'helion.configurationprocessor.variable' mgr = driver.DriverManager( namespace=namespace, name=variable_type, invoke_on_load=True, invoke_args=(instructions, models, controllers)) except RuntimeError as e: return value value = mgr.driver.calculate(payload) if not mgr.driver.ok: msg = '@@@@ Variable %s Failed to complete for name %s:\n' % ( variable_type, name) for e in mgr.driver.errors: msg += '@@@@ \t%s\n' % e print(msg) return None if 'encryption_key' in instructions: key = instructions['encryption_key'] secure_value = CPSecurity.encrypt(key, value) is_secure_val = True else: secure_value = value is_secure_val = False HlmVariable.persist_value(sp, name, secure_value, is_secure_val) return value
def decrypt_value(value, instructions): return CPSecurity.decrypt(instructions['encryption_key'], value)
def _create_password_file(self): pw_file_name = self._pw_file[1] fp = open(pw_file_name, 'w') fp.write(CPSecurity.decode_key(self._instructions[ 'encryption_key'])) fp.close()
def generate_value(instructions, models, controllers, name, value, payload=None): if not isinstance(value, str): return value if value.count('%') != 2: return value sp = StatePersistor(models, controllers, 'private_data.yml') if not instructions['refresh_passwords']: ri = sp.recall_info([name]) ri_e = HlmVariable.was_persisted_value_encrypted(sp, name) if ri and not ri_e: if 'encryption_key' in instructions: key = instructions['encryption_key'] secure_value = CPSecurity.encrypt(key, ri) HlmVariable.persist_value(sp, name, secure_value, True) return ri elif ri and ri_e: return HlmVariable.decrypt_value(ri, instructions) p1 = value.find('%') + 1 p2 = value.rfind('%') variable_type = value[p1:p2] version = instructions['model_version'] version = Version.normalize(version) if float(version) > 1.0: variable_type += '-%s' % version try: namespace = 'helion.configurationprocessor.variable' mgr = driver.DriverManager(namespace=namespace, name=variable_type, invoke_on_load=True, invoke_args=(instructions, models, controllers)) except RuntimeError as e: return value value = mgr.driver.calculate(payload) if not mgr.driver.ok: msg = '@@@@ Variable %s Failed to complete for name %s:\n' % ( variable_type, name) for e in mgr.driver.errors: msg += '@@@@ \t%s\n' % e print(msg) return None if 'encryption_key' in instructions: key = instructions['encryption_key'] secure_value = CPSecurity.encrypt(key, value) is_secure_val = True else: secure_value = value is_secure_val = False HlmVariable.persist_value(sp, name, secure_value, is_secure_val) return value
def _create_password_file(self): pw_file_name = self._pw_file[1] fp = open(pw_file_name, 'w') fp.write(CPSecurity.decode_key(self._instructions['encryption_key'])) fp.close()