|
|
from rhodecode.lib.str_utils import safe_bytes
|
|
|
from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
|
|
|
from rhodecode.lib.encrypt2 import Encryptor
|
|
|
|
|
|
ALLOWED_ALGOS = ['aes', 'fernet']
|
|
|
|
|
|
|
|
|
def get_default_algo():
|
|
|
import rhodecode
|
|
|
return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
|
|
|
|
|
|
|
|
|
def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
|
|
|
if not algo:
|
|
|
# not explicit algo, just use what's set by config
|
|
|
algo = get_default_algo()
|
|
|
if algo not in ALLOWED_ALGOS:
|
|
|
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
|
|
|
|
|
|
enc_key = safe_bytes(enc_key)
|
|
|
value = safe_bytes(value)
|
|
|
|
|
|
if algo == 'aes':
|
|
|
return encrypt_data(value, enc_key=enc_key)
|
|
|
if algo == 'fernet':
|
|
|
return Encryptor(enc_key).encrypt(value)
|
|
|
|
|
|
return value
|
|
|
|
|
|
|
|
|
def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
|
|
|
|
|
|
if not algo:
|
|
|
# not explicit algo, just use what's set by config
|
|
|
algo = get_default_algo()
|
|
|
if algo not in ALLOWED_ALGOS:
|
|
|
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
|
|
|
|
|
|
enc_key = safe_bytes(enc_key)
|
|
|
value = safe_bytes(value)
|
|
|
safe = not strict_mode
|
|
|
|
|
|
if algo == 'aes':
|
|
|
return validate_and_decrypt_data(value, enc_key, safe=safe)
|
|
|
if algo == 'fernet':
|
|
|
return Encryptor(enc_key).decrypt(value, safe=safe)
|
|
|
|
|
|
return value
|
|
|
|