enc_utils.py
48 lines
| 1.4 KiB
| text/x-python
|
PythonLexer
r4995 | from rhodecode.lib.str_utils import safe_bytes | |||
from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data | ||||
from rhodecode.lib.encrypt2 import Encryptor | ||||
ALLOWED_ALGOS = ['aes', 'fernet'] | ||||
def get_default_algo(): | ||||
import rhodecode | ||||
return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes' | ||||
def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''): | ||||
if not algo: | ||||
# not explicit algo, just use what's set by config | ||||
algo = get_default_algo() | ||||
if algo not in ALLOWED_ALGOS: | ||||
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}') | ||||
enc_key = safe_bytes(enc_key) | ||||
value = safe_bytes(value) | ||||
if algo == 'aes': | ||||
return encrypt_data(value, enc_key=enc_key) | ||||
if algo == 'fernet': | ||||
return Encryptor(enc_key).encrypt(value) | ||||
return value | ||||
def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False): | ||||
if not algo: | ||||
# not explicit algo, just use what's set by config | ||||
algo = get_default_algo() | ||||
if algo not in ALLOWED_ALGOS: | ||||
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}') | ||||
enc_key = safe_bytes(enc_key) | ||||
value = safe_bytes(value) | ||||
safe = not strict_mode | ||||
if algo == 'aes': | ||||
return validate_and_decrypt_data(value, enc_key, safe=safe) | ||||
if algo == 'fernet': | ||||
return Encryptor(enc_key).decrypt(value, safe=safe) | ||||
return value | ||||