From 8e62aaddc79b0e04b33b932dd8d903beb0dfc017 Mon Sep 17 00:00:00 2001 From: dhebeha Date: Tue, 25 Feb 2020 15:03:20 +0530 Subject: encryption/decryption utility Change-Id: I1f7d2c6fe66b1ff4341660063203662b507a669a Issue-ID: OPTFRA-700 Signed-off-by: dhebeha --- .gitignore | 3 ++ README.md | 28 +++++++++++++ config/osdf_config.yaml | 5 ++- config/preload_secrets.yaml | 96 ++++++++++++++++++++++----------------------- osdf/adapters/aaf/sms.py | 39 ++++++++++-------- osdf/cmd/encryptionUtil.py | 50 +++++++++++++++++++++++ osdf/utils/cipherUtils.py | 59 ++++++++++++++++++++++++++++ requirements.txt | 1 + setup.py | 53 +++++++++++++++++++++++++ 9 files changed, 269 insertions(+), 65 deletions(-) create mode 100644 README.md create mode 100644 osdf/cmd/encryptionUtil.py create mode 100644 osdf/utils/cipherUtils.py create mode 100644 setup.py diff --git a/.gitignore b/.gitignore index b77a34d..9061142 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,9 @@ wheels/ .installed.cfg *.egg MANIFEST +AUTHORS +ChangeLog +logs/ # PyInstaller # Usually these files are written by a python script from a template diff --git a/README.md b/README.md new file mode 100644 index 0000000..0e2641a --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# +# ------------------------------------------------------------------------- +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- +# + + +#osdf + + +#cipher-utility + + python3 setup.py install + export PYTHONPATH=$PYTHONPATH:`pwd` + diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml index 6cf8cec..eba89e0 100755 --- a/config/osdf_config.yaml +++ b/config/osdf_config.yaml @@ -51,4 +51,7 @@ configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' pciHMSUsername: test -pciHMSPassword: passwd \ No newline at end of file +pciHMSPassword: passwd + +#key +appkey: os35@rrtky400fdntc#001t5 \ No newline at end of file diff --git a/config/preload_secrets.yaml b/config/preload_secrets.yaml index 3050d87..0bb2395 100755 --- a/config/preload_secrets.yaml +++ b/config/preload_secrets.yaml @@ -1,51 +1,51 @@ --- domain: osdf secrets: -- name: so - values: - UserName: '' - Password: '' -- name: conductor - values: - UserName: admin1 - Password: plan.15 -- name: policyPlatform - values: - UserName: healthcheck - Password: zb!XztG34 -- name: dmaap - values: - UserName: NA - Password: NA -- name: sdc - values: - UserName: NA - Password: NA -- name: osdfPlacement - values: - UserName: test - Password: testpwd -- name: osdfPlacementSO - values: - UserName: so_test - Password: so_testpwd -- name: osdfPlacementVFC - values: - UserName: vfc_test - Password: vfc_testpwd -- name: osdfCMScheduler - values: - UserName: test1 - Password: testpwd1 -- name: configDb - values: - UserName: osdf - Password: passwd -- name: pciHMS - values: - UserName: '' - Password: '' -- name: osdfPCIOpt - values: - UserName: pci_test - Password: pci_testpwd + - name: so + values: + UserName: '' + Password: '' + - name: conductor + values: + UserName: admin1 + Password: 22234d3472ef5da8ecba5a096110a024f1db5cf195c665f910d558c9e83db19d + - name: policyPlatform + values: + UserName: healthcheck + Password: 49a03554e86ecdb8e9e224127791c579b44993b264549a333172af77c2ae95fc + - name: dmaap + values: + UserName: NA + Password: NA + - name: sdc + values: + UserName: NA + Password: NA + - name: osdfPlacement + values: + UserName: test + Password: c66b1570ae257375e500f9fe0e62b2a325466137ac5f29581e2e05cce1170212 + - name: osdfPlacementSO + values: + UserName: so_test + Password: 3d62d49b3e4ada38fd4146d2d82f4ba2f09345a46f15970cd439924c991b8202 + - name: osdfPlacementVFC + values: + UserName: vfc_test + Password: 1fb1cd581f96060d29ecad06be97151656bf29bce66bad587cd2fbaf5ea1e66d + - name: osdfCMScheduler + values: + UserName: test1 + Password: c5279fb02d7bac5269b1a644ac8e36f41f6ba7a2eae03dc469cb80d71811322b + - name: configDb + values: + UserName: osdf + Password: 40697f254409c2b97763892ecdeb50c847d605f5beb6f988f1c142a7e0344d0c + - name: pciHMS + values: + UserName: '' + Password: '' + - name: osdfPCIOpt + values: + UserName: pci_test + Password: fbf4dcb7f7cda8fdfb742838b0c90ae5bea249801f3f725fdc98941a6e4c347c diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py index 25ae7f2..fd3a5d5 100644 --- a/osdf/adapters/aaf/sms.py +++ b/osdf/adapters/aaf/sms.py @@ -1,6 +1,7 @@ # # ------------------------------------------------------------------------- # Copyright (c) 2018 Intel Corporation Intellectual Property +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,12 +21,12 @@ '''Secret Management Service Integration''' from onapsmsclient import Client - import osdf.config.base as cfg_base import osdf.config.credentials as creds import osdf.config.loader as config_loader from osdf.config.base import osdf_config from osdf.logging.osdf_logging import debug_log +from osdf.utils import cipherUtils config_spec = { "preload_secrets": "config/preload_secrets.yaml" @@ -70,40 +71,46 @@ def retrieve_secrets(): debug_log.debug("Secret Dictionary Retrieval Success") return secret_dict - def load_secrets(): config = osdf_config.deployment secret_dict = retrieve_secrets() config['soUsername'] = secret_dict['so']['UserName'] - config['soPassword'] = secret_dict['so']['Password'] + config['soPassword'] = decrypt_pass(secret_dict['so']['Password']) config['conductorUsername'] = secret_dict['conductor']['UserName'] - config['conductorPassword'] = secret_dict['conductor']['Password'] + config['conductorPassword'] = decrypt_pass(secret_dict['conductor']['Password']) config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName'] - config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password'] - config['policyClientUsername'] = secret_dict['policyClient']['UserName'] - config['policyClientPassword'] = secret_dict['policyClient']['Password'] + config['policyPlatformPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password']) + config['policyClientUsername'] = secret_dict['policyPlatform']['UserName'] + config['policyClientPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password']) config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName'] - config['messageReaderAafPassword'] = secret_dict['dmaap']['Password'] + config['messageReaderAafPassword'] = decrypt_pass(secret_dict['dmaap']['Password']) config['sdcUsername'] = secret_dict['sdc']['UserName'] - config['sdcPassword'] = secret_dict['sdc']['Password'] + config['sdcPassword'] = decrypt_pass(secret_dict['sdc']['Password']) config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName'] - config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password'] + config['osdfPlacementPassword'] = decrypt_pass(secret_dict['osdfPlacement']['Password']) config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName'] - config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password'] + config['osdfPlacementSOPassword'] = decrypt_pass(secret_dict['osdfPlacementSO']['Password']) config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName'] - config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password'] + config['osdfPlacementVFCPassword'] = decrypt_pass(secret_dict['osdfPlacementVFC']['Password']) config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName'] - config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password'] + config['osdfCMSchedulerPassword'] = decrypt_pass(secret_dict['osdfCMScheduler']['Password']) config['configDbUserName'] = secret_dict['configDb']['UserName'] - config['configDbPassword'] = secret_dict['configDb']['Password'] + config['configDbPassword'] = decrypt_pass(secret_dict['configDb']['Password']) config['pciHMSUsername'] = secret_dict['pciHMS']['UserName'] - config['pciHMSPassword'] = secret_dict['pciHMS']['Password'] + config['pciHMSPassword'] = decrypt_pass(secret_dict['pciHMS']['Password']) config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName'] - config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password'] + config['osdfPCIOptPassword'] = decrypt_pass(secret_dict['osdfPCIOpt']['Password']) cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config) cfg_base.dmaap_creds = creds.dmaap_creds() +def decrypt_pass(passwd): + if passwd == '' or passwd == 'NA': + return passwd + else: + return cipherUtils.AESCipher.get_instance().decrypt(passwd) + + def delete_secrets(): """ This is intended to delete the secrets for a clean initialization for testing Application. Actual deployment will have a preload script. diff --git a/osdf/cmd/encryptionUtil.py b/osdf/cmd/encryptionUtil.py new file mode 100644 index 0000000..6c0cae2 --- /dev/null +++ b/osdf/cmd/encryptionUtil.py @@ -0,0 +1,50 @@ +# +# ------------------------------------------------------------------------- +# Copyright (c) 2015-2018 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- +# +import sys +from osdf.utils import cipherUtils + + +def main(): + + if len(sys.argv) != 4: + print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)") + return + + enc_dec = sys.argv[1] + valid_option_values = ['encrypt', 'decrypt'] + if enc_dec not in valid_option_values: + print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)") + print("Option value can only be one of {}".format(valid_option_values)) + print("You entered '{}'".format(enc_dec)) + return + + input_string = sys.argv[2] + with_key = sys.argv[3] + + print("You've requested '{}' to be '{}ed' using key '{}'".format(input_string, enc_dec, with_key)) + print("You can always perform the reverse operation (encrypt/decrypt) using the same key" + "to be certain you get the same results back'") + + util = cipherUtils.AESCipher.get_instance(with_key) + if enc_dec.lower() == 'encrypt': + result = util.encrypt(input_string) + else: + result = util.decrypt(input_string) + + print("Your resultt: {}".format(result)) \ No newline at end of file diff --git a/osdf/utils/cipherUtils.py b/osdf/utils/cipherUtils.py new file mode 100644 index 0000000..169f1a1 --- /dev/null +++ b/osdf/utils/cipherUtils.py @@ -0,0 +1,59 @@ +# +# ------------------------------------------------------------------------- +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- + +from Crypto.Cipher import AES +from osdf.config.base import osdf_config +from Crypto.Util.Padding import unpad +from Crypto.Util.Padding import pad + + +class AESCipher(object): + __instance = None + + @staticmethod + def get_instance(key = None): + if AESCipher.__instance is None: + print("Creating the singleton instance") + AESCipher(key) + return AESCipher.__instance + + def __init__(self, key=None): + if AESCipher.__instance is not None: + raise Exception("This class is a singleton!") + else: + AESCipher.__instance = self + + self.bs = 32 + if key is None: + key = osdf_config.deployment["appkey"] + + self.key = key.encode() + + def encrypt(self, data): + data = data.encode() + cipher = AES.new(self.key, AES.MODE_CBC) + ciphered_data = cipher.encrypt(pad(data, AES.block_size)) + enc = (cipher.iv.hex())+(ciphered_data.hex()) + return enc + + def decrypt(self, enc): + iv = bytes.fromhex(enc[:32]) + ciphered_data = bytes.fromhex(enc[32:]) + cipher = AES.new(self.key, AES.MODE_CBC, iv=iv) + original_data = unpad(cipher.decrypt(ciphered_data), AES.block_size).decode() + return original_data diff --git a/requirements.txt b/requirements.txt index 140fa57..c3749e8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,3 +14,4 @@ onapsmsclient>=0.0.4 pymzn>=0.18.3 onappylog>=1.0.9 pathtools>=0.1.2 +pycryptodome>=3.9.6 diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..1dffa77 --- /dev/null +++ b/setup.py @@ -0,0 +1,53 @@ +# -*- encoding: utf-8 -*- +# ------------------------------------------------------------------------- +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- +# + +'''Setup''' + +import setuptools + +setuptools.setup(name='of-osdf', + version='1.0', + description='Python Distribution Utilities', + author='xyz', + author_email='xyz@wipro.com', + url='https://wiki.onap.org/display/DW/Optimization+Service+Design+Framework', + classifiers=[ + 'Development Status :: 4 - Beta', + 'Environment :: ONAP', + 'Intended Audience :: Information Technology', + 'Intended Audience :: System Administrators', + 'License :: OSI Approved :: Apache Software License', + 'Operating System :: POSIX :: Linux', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3' + 'Programming Language :: Python :: 3.5' + 'Topic :: Communications :: Email', + 'Topic :: Office/Business', + 'Topic :: Software Development :: Bug Tracking',], + keywords=['onap','osdf'], + packages=['osdf'], + entry_points = { + 'console_scripts': [ + 'cipher-utility = osdf.cmd.encryptionUtil:main', + ], + 'oslo.config.opts': [ + 'osdf = osdf.opts:list_opts', + ], + } + ) -- cgit 1.2.3-korg