encryption.py
58 lines
| 1.8 KiB
| text/x-python
|
PythonLexer
r2 | # -*- coding: utf-8 -*- | |||
r112 | # Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors | |||
r2 | # | |||
r112 | # Licensed under the Apache License, Version 2.0 (the "License"); | |||
# you may not use this file except in compliance with the License. | ||||
# You may obtain a copy of the License at | ||||
r2 | # | |||
r112 | # http://www.apache.org/licenses/LICENSE-2.0 | |||
r2 | # | |||
r112 | # Unless required by applicable law or agreed to in writing, software | |||
# distributed under the License is distributed on an "AS IS" BASIS, | ||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
# See the License for the specific language governing permissions and | ||||
# limitations under the License. | ||||
r2 | ||||
# this gets set on runtime | ||||
from cryptography.fernet import Fernet | ||||
ENCRYPTION_SECRET = None | ||||
def encrypt_fernet(value): | ||||
# avoid double encryption | ||||
# not sure if this is needed but it won't hurt too much to have this | ||||
r153 | if value.startswith("enc$fernet$"): | |||
r2 | return value | |||
f = Fernet(ENCRYPTION_SECRET) | ||||
r153 | return "enc$fernet${}".format(f.encrypt(value.encode("utf8")).decode("utf8")) | |||
r2 | ||||
def decrypt_fernet(value): | ||||
r153 | parts = value.split("$", 3) | |||
r2 | if not len(parts) == 3: | |||
# not encrypted values | ||||
return value | ||||
else: | ||||
f = Fernet(ENCRYPTION_SECRET) | ||||
r153 | decrypted_data = f.decrypt(parts[2].encode("utf8")).decode("utf8") | |||
r2 | return decrypted_data | |||
def encrypt_dictionary_keys(_dict, exclude_keys=None): | ||||
if not exclude_keys: | ||||
exclude_keys = [] | ||||
keys = [k for k in _dict.keys() if k not in exclude_keys] | ||||
for k in keys: | ||||
_dict[k] = encrypt_fernet(_dict[k]) | ||||
return _dict | ||||
def decrypt_dictionary_keys(_dict, exclude_keys=None): | ||||
if not exclude_keys: | ||||
exclude_keys = [] | ||||
keys = [k for k in _dict.keys() if k not in exclude_keys] | ||||
for k in keys: | ||||
_dict[k] = decrypt_fernet(_dict[k]) | ||||
return _dict | ||||