deb-heat/heat/common/crypt.py
Pavlo Shchelokovskyy 50ff4ec2fe Order imports in alphabetical order (9/9)
This patch fixes all the missed and newly introduced violations of the H306
style checking rule and enables it in tox.

Change-Id: I5566e66421d5397c0103958f02ea38e6e3c68892
Implements: blueprint reduce-flake8-ignored-rules (partial)
2014-05-22 16:49:51 +03:00

64 lines
2.1 KiB
Python

#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from Crypto.Cipher import AES
from oslo.config import cfg
from heat.openstack.common.crypto import utils
auth_opts = [
cfg.StrOpt('auth_encryption_key',
default='notgood but just long enough i think',
help="Encryption key used for authentication info in database.")
]
cfg.CONF.register_opts(auth_opts)
def encrypt(auth_info):
if auth_info is None:
return None, None
sym = utils.SymmetricCrypto()
res = sym.encrypt(cfg.CONF.auth_encryption_key[:32],
auth_info, b64encode=True)
return 'oslo_decrypt_v1', res
def oslo_decrypt_v1(auth_info):
if auth_info is None:
return None
sym = utils.SymmetricCrypto()
return sym.decrypt(cfg.CONF.auth_encryption_key[:32],
auth_info, b64decode=True)
def heat_decrypt(auth_info):
"""Decrypt function for data that has been encrypted using an older
version of Heat.
Note: the encrypt function returns the function that is needed to
decrypt the data. The database then stores this. When the data is
then retrieved (potentially by a later version of Heat) the decrypt
function must still exist. So whilst it my seem that this function
is not referenced, it will be referenced from the database.
"""
if auth_info is None:
return None
auth = base64.b64decode(auth_info)
iv = auth[:AES.block_size]
cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
res = cipher.decrypt(auth[AES.block_size:])
return res