def initialize_task_api_sessions(self):
# Loop through background credentials and start the API sessions
profiles = hxtool_global.hxtool_db.profileList()
for profile in profiles:
task_api_credential = hxtool_global.hxtool_db.backgroundProcessorCredentialGet(profile['profile_id'])
if task_api_credential:
decrypted_background_password = keyring.get_password("hxtool_{}".format(profile['profile_id']), task_api_credential['hx_api_username'])
# TODO: eventually remove this code once most people are using keyring
if not decrypted_background_password:
logger.info("Background credential for {} is not using keyring, moving it.".format(profile['profile_id']))
try:
salt = HXAPI.b64(task_api_credential['salt'], True)
iv = HXAPI.b64(task_api_credential['iv'], True)
key = crypt_pbkdf2_hmacsha256(salt, TASK_API_KEY)
decrypted_background_password = crypt_aes(key, iv, task_api_credential['hx_api_encrypted_password'], decrypt = True)
keyring.set_password("hxtool_{}".format(profile['profile_id']), task_api_credential['hx_api_username'], decrypted_background_password)
hxtool_db.backgroundProcessorCredentialRemove(profile['profile_id'])
hxtool_db.backgroundProcessorCredentialCreate(profile['profile_id'], task_api_credential['hx_api_username'])
except (UnicodeDecodeError, ValueError):
logger.error("Please reset the background credential for {} ({}).".format(profile['hx_host'], profile['profile_id']))
if decrypted_background_password:
self._add_task_api_task(profile['profile_id'], profile['hx_host'], profile['hx_port'], task_api_credential['hx_api_username'], decrypted_background_password)
decrypted_background_password = None
else:
logger.info("No background credential for {} ({}).".format(profile['hx_host'], profile['profile_id']))
def rotate_task_key(self, hxtool_db, use_legacy_key=False):
if use_legacy_key:
k = TASK_API_KEY
else:
k = self._read_task_api_key()
new_key = crypt_generate_random(32)
# Loop through background credentials and start the API sessions
profiles = hxtool_db.profileList()
for profile in profiles:
task_api_credential = hxtool_db.backgroundProcessorCredentialGet(
profile['profile_id'])
if task_api_credential:
salt = HXAPI.b64(task_api_credential['salt'], True)
iv = HXAPI.b64(task_api_credential['iv'], True)
key = crypt_pbkdf2_hmacsha256(salt, k)
decrypted_background_password = crypt_aes(
key,
iv,
task_api_credential['hx_api_encrypted_password'],
decrypt=True)
hxtool_db.backgroundProcessorCredentialRemove(
profile['profile_id'])
iv, salt, encrypted_password = self._encrypt_task_credential(
new_key, decrypted_background_password)
hxtool_db.backgroundProcessorCredentialCreate(
profile['profile_id'],
task_api_credential['hx_api_username'], HXAPI.b64(iv),
HXAPI.b64(salt), encrypted_password)
decrypted_background_password = None
self._write_task_api_key(new_key)
def initialize_task_api_sessions(self):
# Loop through background credentials and start the API sessions
profiles = hxtool_global.hxtool_db.profileList()
for profile in profiles:
task_api_credential = hxtool_global.hxtool_db.backgroundProcessorCredentialGet(
profile['profile_id'])
if task_api_credential:
try:
salt = HXAPI.b64(task_api_credential['salt'], True)
iv = HXAPI.b64(task_api_credential['iv'], True)
key = crypt_pbkdf2_hmacsha256(salt, TASK_API_KEY)
decrypted_background_password = crypt_aes(
key,
iv,
task_api_credential['hx_api_encrypted_password'],
decrypt=True)
self._add_task_api_task(
profile['profile_id'], profile['hx_host'],
profile['hx_port'],
task_api_credential['hx_api_username'],
decrypted_background_password)
decrypted_background_password = None
except UnicodeDecodeError:
logger.error(
"Please reset the background credential for {} ({}).".
format(profile['hx_host'], profile['profile_id']))
else:
logger.info("No background credential for {} ({}).".format(
profile['hx_host'], profile['profile_id']))
def add_task_api_session(self, profile_id, hx_host, hx_port, username,
password):
iv = crypt_generate_random(16)
salt = crypt_generate_random(32)
key = crypt_pbkdf2_hmacsha256(salt, TASK_API_KEY)
encrypted_password = crypt_aes(key, iv, password)
hxtool_global.hxtool_db.backgroundProcessorCredentialCreate(
profile_id, username, HXAPI.b64(iv), HXAPI.b64(salt),
encrypted_password)
encrypted_password = None
self._add_task_api_task(profile_id, hx_host, hx_port, username,
password)
password = None
def add_task_api_session(self, profile_id, hx_host, hx_port, username,
password):
iv = crypt_generate_random(16)
salt = crypt_generate_random(32)
k = self._read_task_api_key()
iv, salt, encrypted_password = self._encrypt_task_credential(
k, password)
hxtool_global.hxtool_db.backgroundProcessorCredentialCreate(
profile_id, username, HXAPI.b64(iv), HXAPI.b64(salt),
encrypted_password)
encrypted_password = None
self._add_task_api_task(profile_id, hx_host, hx_port, username,
password)
password = None
def crypt_aes(key, iv, data, decrypt = False, base64_coding = True):
cipher = AES.new(key, AES.MODE_OFB, iv)
if decrypt:
if base64_coding:
data = HXAPI.b64(data, True)
data = cipher.decrypt(data)
data = unpad(data, 16).decode('utf-8')
return data
else:
data = data.encode('utf-8')
data = pad(data, 16)
data = cipher.encrypt(data)
if base64_coding:
data = HXAPI.b64(data)
return data
def ruleGet(self, rule_id):
with self._lock:
r = self._db.table('rules').get((tinydb.Query()['id'] == rule_id))
if r:
return HXAPI.b64(r['rule'], decode = True, decode_string = True)
else:
return False
def crypt_aes(key, iv, data, decrypt=False, base64_coding=True):
cipher = AES.new(key, AES.MODE_OFB, iv)
if decrypt:
if base64_coding:
data = HXAPI.b64(data, True)
data = cipher.decrypt(data).decode('utf-8')
# Implement PKCS7 de-padding
pad_length = ord(data[-1:])
if 1 <= pad_length <= 15:
if all(c == chr(pad_length) for c in data[-pad_length:]):
data = data[:len(data) - pad_length:]
return data
else:
# Implement PKCS7 padding
pad_length = 16 - (len(data) % 16)
if pad_length < 16:
data += (chr(pad_length) * pad_length)
data = data.encode('utf-8')
data = cipher.encrypt(data)
if base64_coding:
data = HXAPI.b64(data)
return data