• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• pgrepup-master
  • pgrepup
    • config.py
    • cli.py
    • version.py
    • helpers
      • operation_target.py
      • ui.py
      • database.py
      • replication.py
      • __init__.py
      • utils.py
      • crypt.py
      • docopt_dispatch.py
    • commands
      • fix.py
      • start.py
      • config.py
      • stop.py
      • uninstall.py
      • setup.py
      • check.py
      • __init__.py
      • status.py
    • __init__.py
  • LICENSE
  • setup.py
  • README.md
  • bin
    • pgrepup
  • .gitignore

# Copyright (C) 2016-2018 Denis Gasparin <denis@gasparin.net>
#
# This file is part of Pgrepup.
#
# Pgrepup is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Pgrepup is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Pgrepup. If not, see <http://www.gnu.org/licenses/>.
import base64
import getpass
import os
import sys
try:  # Python 2
    from ConfigParser import NoOptionError
except ImportError:  # Python 3
    from configparser import NoOptionError
from cryptography.fernet import Fernet
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.fernet import InvalidToken
from ..config import config


this = sys.modules[__name__]
this.key = None


def encrypt(string_to_encrypt):
    encrypted_passwords = config().get('Security', 'encrypted_credentials') == 'y'
    if not encrypted_passwords:
        return string_to_encrypt

    f = Fernet(_get_key())
    return f.encrypt(string_to_encrypt)


def decrypt(password):
    encrypted_passwords = config().get('Security', 'encrypted_credentials') == 'y'
    if not encrypted_passwords:
        return password

    try:
        f = Fernet(_get_key())
        return f.decrypt(password)
    except InvalidToken:
        print("Invalid master password")
        sys.exit(-1)


def _get_key():
    if this.key:
        return this.key

    secret = getpass.getpass()
    try:
        salt = config().get('Security', 'salt')
    except NoOptionError:
        salt = base64.urlsafe_b64encode(os.urandom(16))
        config().set('Security', 'salt', salt)

    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=100000,
        backend=default_backend()
    )
    this.key = base64.urlsafe_b64encode(kdf.derive(secret))
    return this.key