def from_config(cls, reactor, logger, queue, config_path): with open(config_path) as f: config = yaml.safe_load(f) # TODO: bump this once alchimia properly handles pinning thread_pool = ThreadPool(minthreads=1, maxthreads=1) thread_pool.start() reactor.addSystemEventTrigger('during', 'shutdown', thread_pool.stop) return cls( logger, DownloadDatabase(reactor, thread_pool, config["db"]["uri"]), FilePath(config["storage"]["filesystem"]), fernet.MultiFernet( [fernet.Fernet(key) for key in config["encryption_keys"]]), VBMSClient( reactor, connect_vbms_path=config["connect_vbms"]["path"], bundle_path=config["connect_vbms"]["bundle_path"], endpoint_url=config["vbms"]["endpoint_url"], keyfile=config["vbms"]["keyfile"], samlfile=config["vbms"]["samlfile"], key=config["vbms"].get("key"), keypass=config["vbms"]["keypass"], ca_cert=config["vbms"].get("ca_cert"), client_cert=config["vbms"].get("client_cert"), ), queue, config["env"], )
def configure_fernet(): keys = list(getattr(settings, 'ENCRYPTED_COOKIE_KEYS', None) or []) if not len(keys): raise ImproperlyConfigured( 'The ENCRYPTED_COOKIE_KEYS settings cannot be empty.') return fernet.MultiFernet([fernet.Fernet(k) for k in keys])
def unpack_token(fernet_token, fernet_keys): """Attempt to unpack a token using the supplied Fernet keys. :param fernet_token: token to unpack :type fernet_token: string :param fernet_token: a list consisting of keys in the repository :type fernet_token: string :returns: the token payload :raises: Exception in the event the token can't be unpacked """ # create a list of fernet instances fernet_instances = [fernet.Fernet(key) for key in fernet_keys] # create a encryption/decryption object from the fernet keys crypt = fernet.MultiFernet(fernet_instances) # attempt to decode the token token = _restore_padding(six.binary_type(fernet_token)) serialized_payload = crypt.decrypt(token) payload = msgpack.unpackb(serialized_payload) translated_payload = [] for item in payload: if isinstance(item, list): translated_item = [] for i in item: translated_item.append(i) translated_payload.append(translated_item) else: translated_payload.append(item) # present token values return translated_payload
def crypto(): """ Return a cryptography instance. """ keys = load_keys() fernet_instances = [fernet.Fernet(key) for key in keys] return fernet.MultiFernet(fernet_instances)
def _crypto(self): keys = load_keys(self.key_repository, self.max_active_keys) if not keys: raise exceptions.FernetKeysNotFound() fernet_instances = [fernet.Fernet(key) for key in keys] return fernet.MultiFernet(fernet_instances)
def get_multi_fernet_keys(): key_utils = fernet_utils.FernetUtils(CONF.credential.key_repository, MAX_ACTIVE_KEYS) keys = key_utils.load_keys() fernet_keys = [fernet.Fernet(key) for key in keys] crypto = fernet.MultiFernet(fernet_keys) return crypto, keys
def get_multi_fernet_keys(): key_utils = token_utils.TokenUtils(CONF.credential.key_repository, MAX_ACTIVE_KEYS, 'credential') keys = key_utils.load_keys(use_null_key=True) fernet_keys = [fernet.Fernet(key) for key in keys] crypto = fernet.MultiFernet(fernet_keys) return crypto, keys
def crypto(self): """Return a cryptography instance. You can extend this class with a custom crypto @property to provide your own token encoding / decoding. For example, using a different cryptography library (e.g. ``python-keyczar``) or to meet arbitrary security requirements. This @property just needs to return an object that implements ``encrypt(plaintext)`` and ``decrypt(ciphertext)``. """ return fernet.MultiFernet([fernet.Fernet(key) for key in self.keys])
def crypto(self): """Return a cryptography instance. You can extend this class with a custom crypto @property to provide your own token encoding / decoding. For example, using a different cryptography library (e.g. ``python-keyczar``) or to meet arbitrary security requirements. This @property just needs to return an object that implements ``encrypt(plaintext)`` and ``decrypt(ciphertext)``. """ keys = utils.load_keys() if not keys: raise exception.KeysNotFound() fernet_instances = [fernet.Fernet(key) for key in keys] return fernet.MultiFernet(fernet_instances)
def decrypt(self, credential): """Attempt to decrypt a credential. :param credential: an encrypted credential string :returns: a decrypted credential """ key_utils = fernet_utils.FernetUtils(CONF.credential.key_repository, MAX_ACTIVE_KEYS) keys = key_utils.load_keys(use_null_key=True) fernet_keys = [fernet.Fernet(key) for key in keys] crypto = fernet.MultiFernet(fernet_keys) try: if isinstance(credential, six.text_type): credential = credential.encode('utf-8') return crypto.decrypt(credential).decode('utf-8') except (fernet.InvalidToken, TypeError, ValueError): msg = _('Credential could not be decrypted. Please contact the' ' administrator') LOG.error(msg) raise exception.CredentialEncryptionError(msg)
def crypto(self): keys = [fernet.Fernet(key) for key in self._get_encryption_keys()] return fernet.MultiFernet(keys)
def setUp(self): # some key values to use for testing self.fernet_keys = [fernet.Fernet.generate_key()] # build a Fernet crypto object to test with fernet_instances = [fernet.Fernet(key) for key in self.fernet_keys] self.crypto = fernet.MultiFernet(fernet_instances)