def validate(self):
LOG.info('%s()' % KenLog.fcn())
if 'encryption_key' in self._instructions:
path = self._instructions['cloud_input_path']
status, messages = CPSecurity.validate(
path, self._instructions['encryption_key'])
if not status:
message = 'The Encryption Key does not meet the following ' \
'requirement(s):\n# %s' % \
'\n# '.join(messages)
self.add_error(message)
return False
score, msg = CPSecurity.calculate_complexity(
self._instructions['encryption_key'])
print('\n\nThe encryption key has a complexity score of %d ('
'%s)\n\n' % (score, msg))
if ('previous_encryption_key' in self._instructions and
'encryption_key' in self._instructions):
if (self._instructions['encryption_key'] ==
self._instructions['previous_encryption_key']):
message = 'The New Encryption Key and the Previous ' \
'Encryption Key must be different.'
self.add_error(message)
return False
return True
def validate(self):
LOG.info('%s()' % KenLog.fcn())
if 'encryption_key' in self._instructions:
path = self._instructions['cloud_input_path']
status, messages = CPSecurity.validate(
path, self._instructions['encryption_key'])
if not status:
message = 'The Encryption Key does not meet the following ' \
'requirement(s):\n# %s' % \
'\n# '.join(messages)
self.add_error(message)
return False
score, msg = CPSecurity.calculate_complexity(
self._instructions['encryption_key'])
print('\n\nThe encryption key has a complexity score of %d ('
'%s)\n\n' % (score, msg))
if ('previous_encryption_key' in self._instructions
and 'encryption_key' in self._instructions):
if (self._instructions['encryption_key'] ==
self._instructions['previous_encryption_key']):
message = 'The New Encryption Key and the Previous ' \
'Encryption Key must be different.'
self.add_error(message)
return False
return True
def _decrypt_file(instructions, file_name):
fp = open(file_name, 'r')
lines = fp.readlines()
fp.close()
need_to_write = False
for i in range(len(lines)):
line = lines[i]
if line.find('='):
need_to_write = True
tokens = line.split()
for t in tokens:
if t.endswith('='):
plaintext = CPSecurity.decrypt(
instructions['encryption_key'], t)
if plaintext is None:
print('error: Incorrect Decryption Key')
sys.exit(-1)
lines[i] = line.replace(t, plaintext)
if need_to_write:
print('Updating %s' % file_name)
fp = open(file_name, 'w')
for line in lines:
fp.write(line)
fp.close()
def _get_options():
user_instructions = dict()
user_instructions['encryption_key'] = \
user_instructions['encryption_key'] = \
CPSecurity.make_key(
getpass.getpass(
'Enter the current key to be used for decryption: '))
return user_instructions
def _migrate_keys(self, prev_encryption_key, encryption_key):
state_persistor = StatePersistor(
self._models, self._controllers,
persistence_file='private_data.yml')
all_private_data = state_persistor.recall_info()
for k, v in six.iteritems(all_private_data):
if k == 'encryption_key_checker':
continue
if not self._was_persisted_value_encrypted(k):
continue
v = CPSecurity.decrypt(prev_encryption_key, v)
v = CPSecurity.encrypt(encryption_key, v)
info = {k: v}
state_persistor.persist_info(info)
def _validate_encryption_key(self, secret):
value = self._get_encrypted_validator()
if value:
property_value = 'encryption_key_checker'
value = CPSecurity.decrypt(secret, value)
if value == property_value:
return True
return False
def _encrypt_validator(self, secret):
state_persistor = StatePersistor(
self._models, self._controllers,
persistence_file='private_data.yml')
property_name = 'encryption_key_checker'
property_value = 'encryption_key_checker'
property_value = CPSecurity.encrypt(secret, property_value)
info = {property_name: property_value}
state_persistor.persist_info(info)
def _decrypt_file_contents(self, file_name):
fp = open(file_name, 'r')
lines = fp.readlines()
fp.close()
need_to_write = False
for i in range(len(lines)):
line = lines[i]
if line.find('='):
tokens = line.split()
for t in tokens:
if t.endswith('='):
plaintext = CPSecurity.decrypt(
self._instructions['encryption_key'], t)
if plaintext is not None:
lines[i] = line.replace(t, plaintext)
need_to_write = True
if need_to_write:
fp = open(file_name, 'w')
for line in lines:
fp.write(line)
fp.close()
def _decrypt_file_contents(self, file_name):
fp = open(file_name, 'r')
lines = fp.readlines()
fp.close()
need_to_write = False
for i in range(len(lines)):
line = lines[i]
if line.find('='):
tokens = line.split()
for t in tokens:
if t.endswith('='):
plaintext = CPSecurity.decrypt(
self._instructions['encryption_key'], t)
if plaintext is not None:
lines[i] = line.replace(t, plaintext)
need_to_write = True
if need_to_write:
fp = open(file_name, 'w')
for line in lines:
fp.write(line)
fp.close()
def generate_value(instructions, models, controllers, name, value,
payload=None):
if not isinstance(value, str):
return value
if value.count('%') != 2:
return value
sp = StatePersistor(models, controllers, 'private_data.yml')
if not instructions['refresh_passwords']:
ri = sp.recall_info([name])
ri_e = HlmVariable.was_persisted_value_encrypted(sp, name)
if ri and not ri_e:
if 'encryption_key' in instructions:
key = instructions['encryption_key']
secure_value = CPSecurity.encrypt(key, ri)
HlmVariable.persist_value(sp, name, secure_value, True)
return ri
elif ri and ri_e:
return HlmVariable.decrypt_value(ri, instructions)
p1 = value.find('%') + 1
p2 = value.rfind('%')
variable_type = value[p1:p2]
version = instructions['model_version']
version = Version.normalize(version)
if float(version) > 1.0:
variable_type += '-%s' % version
try:
namespace = 'helion.configurationprocessor.variable'
mgr = driver.DriverManager(
namespace=namespace, name=variable_type, invoke_on_load=True,
invoke_args=(instructions, models, controllers))
except RuntimeError as e:
return value
value = mgr.driver.calculate(payload)
if not mgr.driver.ok:
msg = '@@@@ Variable %s Failed to complete for name %s:\n' % (
variable_type, name)
for e in mgr.driver.errors:
msg += '@@@@ \t%s\n' % e
print(msg)
return None
if 'encryption_key' in instructions:
key = instructions['encryption_key']
secure_value = CPSecurity.encrypt(key, value)
is_secure_val = True
else:
secure_value = value
is_secure_val = False
HlmVariable.persist_value(sp, name, secure_value, is_secure_val)
return value
def decrypt_value(value, instructions):
return CPSecurity.decrypt(instructions['encryption_key'], value)
def _create_password_file(self):
pw_file_name = self._pw_file[1]
fp = open(pw_file_name, 'w')
fp.write(CPSecurity.decode_key(self._instructions[
'encryption_key']))
fp.close()
def generate_value(instructions,
models,
controllers,
name,
value,
payload=None):
if not isinstance(value, str):
return value
if value.count('%') != 2:
return value
sp = StatePersistor(models, controllers, 'private_data.yml')
if not instructions['refresh_passwords']:
ri = sp.recall_info([name])
ri_e = HlmVariable.was_persisted_value_encrypted(sp, name)
if ri and not ri_e:
if 'encryption_key' in instructions:
key = instructions['encryption_key']
secure_value = CPSecurity.encrypt(key, ri)
HlmVariable.persist_value(sp, name, secure_value, True)
return ri
elif ri and ri_e:
return HlmVariable.decrypt_value(ri, instructions)
p1 = value.find('%') + 1
p2 = value.rfind('%')
variable_type = value[p1:p2]
version = instructions['model_version']
version = Version.normalize(version)
if float(version) > 1.0:
variable_type += '-%s' % version
try:
namespace = 'helion.configurationprocessor.variable'
mgr = driver.DriverManager(namespace=namespace,
name=variable_type,
invoke_on_load=True,
invoke_args=(instructions, models,
controllers))
except RuntimeError as e:
return value
value = mgr.driver.calculate(payload)
if not mgr.driver.ok:
msg = '@@@@ Variable %s Failed to complete for name %s:\n' % (
variable_type, name)
for e in mgr.driver.errors:
msg += '@@@@ \t%s\n' % e
print(msg)
return None
if 'encryption_key' in instructions:
key = instructions['encryption_key']
secure_value = CPSecurity.encrypt(key, value)
is_secure_val = True
else:
secure_value = value
is_secure_val = False
HlmVariable.persist_value(sp, name, secure_value, is_secure_val)
return value
def decrypt_value(value, instructions):
return CPSecurity.decrypt(instructions['encryption_key'], value)
def _create_password_file(self):
pw_file_name = self._pw_file[1]
fp = open(pw_file_name, 'w')
fp.write(CPSecurity.decode_key(self._instructions['encryption_key']))
fp.close()
