summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVikas Varma <vikas.varma@att.com>2020-02-27 13:05:53 +0000
committerGerrit Code Review <gerrit@onap.org>2020-02-27 13:05:53 +0000
commit3620422a425ee2df035c18d96a972230d1e12da7 (patch)
treeaf68147f5f0df03997c294cc68cd51f6eb352652
parentb48a030382583b9d38e6d9b87aa8eea281087856 (diff)
parent8e62aaddc79b0e04b33b932dd8d903beb0dfc017 (diff)
Merge "encryption/decryption utility"
-rw-r--r--.gitignore3
-rw-r--r--README.md28
-rwxr-xr-xconfig/osdf_config.yaml5
-rwxr-xr-xconfig/preload_secrets.yaml96
-rw-r--r--osdf/adapters/aaf/sms.py39
-rw-r--r--osdf/cmd/encryptionUtil.py50
-rw-r--r--osdf/utils/cipherUtils.py59
-rw-r--r--requirements.txt1
-rw-r--r--setup.py53
9 files changed, 269 insertions, 65 deletions
diff --git a/.gitignore b/.gitignore
index b77a34d..9061142 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,6 +29,9 @@ wheels/
.installed.cfg
*.egg
MANIFEST
+AUTHORS
+ChangeLog
+logs/
# PyInstaller
# Usually these files are written by a python script from a template
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0e2641a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+#
+# -------------------------------------------------------------------------
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# -------------------------------------------------------------------------
+#
+
+
+#osdf
+
+
+#cipher-utility
+
+ python3 setup.py install
+ export PYTHONPATH=$PYTHONPATH:`pwd`
+
diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml
index 6cf8cec..eba89e0 100755
--- a/config/osdf_config.yaml
+++ b/config/osdf_config.yaml
@@ -51,4 +51,7 @@ configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
pciHMSUsername: test
-pciHMSPassword: passwd \ No newline at end of file
+pciHMSPassword: passwd
+
+#key
+appkey: os35@rrtky400fdntc#001t5 \ No newline at end of file
diff --git a/config/preload_secrets.yaml b/config/preload_secrets.yaml
index 3050d87..0bb2395 100755
--- a/config/preload_secrets.yaml
+++ b/config/preload_secrets.yaml
@@ -1,51 +1,51 @@
---
domain: osdf
secrets:
-- name: so
- values:
- UserName: ''
- Password: ''
-- name: conductor
- values:
- UserName: admin1
- Password: plan.15
-- name: policyPlatform
- values:
- UserName: healthcheck
- Password: zb!XztG34
-- name: dmaap
- values:
- UserName: NA
- Password: NA
-- name: sdc
- values:
- UserName: NA
- Password: NA
-- name: osdfPlacement
- values:
- UserName: test
- Password: testpwd
-- name: osdfPlacementSO
- values:
- UserName: so_test
- Password: so_testpwd
-- name: osdfPlacementVFC
- values:
- UserName: vfc_test
- Password: vfc_testpwd
-- name: osdfCMScheduler
- values:
- UserName: test1
- Password: testpwd1
-- name: configDb
- values:
- UserName: osdf
- Password: passwd
-- name: pciHMS
- values:
- UserName: ''
- Password: ''
-- name: osdfPCIOpt
- values:
- UserName: pci_test
- Password: pci_testpwd
+ - name: so
+ values:
+ UserName: ''
+ Password: ''
+ - name: conductor
+ values:
+ UserName: admin1
+ Password: 22234d3472ef5da8ecba5a096110a024f1db5cf195c665f910d558c9e83db19d
+ - name: policyPlatform
+ values:
+ UserName: healthcheck
+ Password: 49a03554e86ecdb8e9e224127791c579b44993b264549a333172af77c2ae95fc
+ - name: dmaap
+ values:
+ UserName: NA
+ Password: NA
+ - name: sdc
+ values:
+ UserName: NA
+ Password: NA
+ - name: osdfPlacement
+ values:
+ UserName: test
+ Password: c66b1570ae257375e500f9fe0e62b2a325466137ac5f29581e2e05cce1170212
+ - name: osdfPlacementSO
+ values:
+ UserName: so_test
+ Password: 3d62d49b3e4ada38fd4146d2d82f4ba2f09345a46f15970cd439924c991b8202
+ - name: osdfPlacementVFC
+ values:
+ UserName: vfc_test
+ Password: 1fb1cd581f96060d29ecad06be97151656bf29bce66bad587cd2fbaf5ea1e66d
+ - name: osdfCMScheduler
+ values:
+ UserName: test1
+ Password: c5279fb02d7bac5269b1a644ac8e36f41f6ba7a2eae03dc469cb80d71811322b
+ - name: configDb
+ values:
+ UserName: osdf
+ Password: 40697f254409c2b97763892ecdeb50c847d605f5beb6f988f1c142a7e0344d0c
+ - name: pciHMS
+ values:
+ UserName: ''
+ Password: ''
+ - name: osdfPCIOpt
+ values:
+ UserName: pci_test
+ Password: fbf4dcb7f7cda8fdfb742838b0c90ae5bea249801f3f725fdc98941a6e4c347c
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py
index 25ae7f2..fd3a5d5 100644
--- a/osdf/adapters/aaf/sms.py
+++ b/osdf/adapters/aaf/sms.py
@@ -1,6 +1,7 @@
#
# -------------------------------------------------------------------------
# Copyright (c) 2018 Intel Corporation Intellectual Property
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,12 +21,12 @@
'''Secret Management Service Integration'''
from onapsmsclient import Client
-
import osdf.config.base as cfg_base
import osdf.config.credentials as creds
import osdf.config.loader as config_loader
from osdf.config.base import osdf_config
from osdf.logging.osdf_logging import debug_log
+from osdf.utils import cipherUtils
config_spec = {
"preload_secrets": "config/preload_secrets.yaml"
@@ -70,40 +71,46 @@ def retrieve_secrets():
debug_log.debug("Secret Dictionary Retrieval Success")
return secret_dict
-
def load_secrets():
config = osdf_config.deployment
secret_dict = retrieve_secrets()
config['soUsername'] = secret_dict['so']['UserName']
- config['soPassword'] = secret_dict['so']['Password']
+ config['soPassword'] = decrypt_pass(secret_dict['so']['Password'])
config['conductorUsername'] = secret_dict['conductor']['UserName']
- config['conductorPassword'] = secret_dict['conductor']['Password']
+ config['conductorPassword'] = decrypt_pass(secret_dict['conductor']['Password'])
config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName']
- config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password']
- config['policyClientUsername'] = secret_dict['policyClient']['UserName']
- config['policyClientPassword'] = secret_dict['policyClient']['Password']
+ config['policyPlatformPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password'])
+ config['policyClientUsername'] = secret_dict['policyPlatform']['UserName']
+ config['policyClientPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password'])
config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName']
- config['messageReaderAafPassword'] = secret_dict['dmaap']['Password']
+ config['messageReaderAafPassword'] = decrypt_pass(secret_dict['dmaap']['Password'])
config['sdcUsername'] = secret_dict['sdc']['UserName']
- config['sdcPassword'] = secret_dict['sdc']['Password']
+ config['sdcPassword'] = decrypt_pass(secret_dict['sdc']['Password'])
config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName']
- config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password']
+ config['osdfPlacementPassword'] = decrypt_pass(secret_dict['osdfPlacement']['Password'])
config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName']
- config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password']
+ config['osdfPlacementSOPassword'] = decrypt_pass(secret_dict['osdfPlacementSO']['Password'])
config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName']
- config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password']
+ config['osdfPlacementVFCPassword'] = decrypt_pass(secret_dict['osdfPlacementVFC']['Password'])
config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName']
- config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password']
+ config['osdfCMSchedulerPassword'] = decrypt_pass(secret_dict['osdfCMScheduler']['Password'])
config['configDbUserName'] = secret_dict['configDb']['UserName']
- config['configDbPassword'] = secret_dict['configDb']['Password']
+ config['configDbPassword'] = decrypt_pass(secret_dict['configDb']['Password'])
config['pciHMSUsername'] = secret_dict['pciHMS']['UserName']
- config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
+ config['pciHMSPassword'] = decrypt_pass(secret_dict['pciHMS']['Password'])
config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
- config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+ config['osdfPCIOptPassword'] = decrypt_pass(secret_dict['osdfPCIOpt']['Password'])
cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config)
cfg_base.dmaap_creds = creds.dmaap_creds()
+def decrypt_pass(passwd):
+ if passwd == '' or passwd == 'NA':
+ return passwd
+ else:
+ return cipherUtils.AESCipher.get_instance().decrypt(passwd)
+
+
def delete_secrets():
""" This is intended to delete the secrets for a clean initialization for
testing Application. Actual deployment will have a preload script.
diff --git a/osdf/cmd/encryptionUtil.py b/osdf/cmd/encryptionUtil.py
new file mode 100644
index 0000000..6c0cae2
--- /dev/null
+++ b/osdf/cmd/encryptionUtil.py
@@ -0,0 +1,50 @@
+#
+# -------------------------------------------------------------------------
+# Copyright (c) 2015-2018 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# -------------------------------------------------------------------------
+#
+import sys
+from osdf.utils import cipherUtils
+
+
+def main():
+
+ if len(sys.argv) != 4:
+ print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)")
+ return
+
+ enc_dec = sys.argv[1]
+ valid_option_values = ['encrypt', 'decrypt']
+ if enc_dec not in valid_option_values:
+ print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)")
+ print("Option value can only be one of {}".format(valid_option_values))
+ print("You entered '{}'".format(enc_dec))
+ return
+
+ input_string = sys.argv[2]
+ with_key = sys.argv[3]
+
+ print("You've requested '{}' to be '{}ed' using key '{}'".format(input_string, enc_dec, with_key))
+ print("You can always perform the reverse operation (encrypt/decrypt) using the same key"
+ "to be certain you get the same results back'")
+
+ util = cipherUtils.AESCipher.get_instance(with_key)
+ if enc_dec.lower() == 'encrypt':
+ result = util.encrypt(input_string)
+ else:
+ result = util.decrypt(input_string)
+
+ print("Your resultt: {}".format(result)) \ No newline at end of file
diff --git a/osdf/utils/cipherUtils.py b/osdf/utils/cipherUtils.py
new file mode 100644
index 0000000..169f1a1
--- /dev/null
+++ b/osdf/utils/cipherUtils.py
@@ -0,0 +1,59 @@
+#
+# -------------------------------------------------------------------------
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# -------------------------------------------------------------------------
+
+from Crypto.Cipher import AES
+from osdf.config.base import osdf_config
+from Crypto.Util.Padding import unpad
+from Crypto.Util.Padding import pad
+
+
+class AESCipher(object):
+ __instance = None
+
+ @staticmethod
+ def get_instance(key = None):
+ if AESCipher.__instance is None:
+ print("Creating the singleton instance")
+ AESCipher(key)
+ return AESCipher.__instance
+
+ def __init__(self, key=None):
+ if AESCipher.__instance is not None:
+ raise Exception("This class is a singleton!")
+ else:
+ AESCipher.__instance = self
+
+ self.bs = 32
+ if key is None:
+ key = osdf_config.deployment["appkey"]
+
+ self.key = key.encode()
+
+ def encrypt(self, data):
+ data = data.encode()
+ cipher = AES.new(self.key, AES.MODE_CBC)
+ ciphered_data = cipher.encrypt(pad(data, AES.block_size))
+ enc = (cipher.iv.hex())+(ciphered_data.hex())
+ return enc
+
+ def decrypt(self, enc):
+ iv = bytes.fromhex(enc[:32])
+ ciphered_data = bytes.fromhex(enc[32:])
+ cipher = AES.new(self.key, AES.MODE_CBC, iv=iv)
+ original_data = unpad(cipher.decrypt(ciphered_data), AES.block_size).decode()
+ return original_data
diff --git a/requirements.txt b/requirements.txt
index 140fa57..c3749e8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,3 +14,4 @@ onapsmsclient>=0.0.4
pymzn>=0.18.3
onappylog>=1.0.9
pathtools>=0.1.2
+pycryptodome>=3.9.6
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..1dffa77
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,53 @@
+# -*- encoding: utf-8 -*-
+# -------------------------------------------------------------------------
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# -------------------------------------------------------------------------
+#
+
+'''Setup'''
+
+import setuptools
+
+setuptools.setup(name='of-osdf',
+ version='1.0',
+ description='Python Distribution Utilities',
+ author='xyz',
+ author_email='xyz@wipro.com',
+ url='https://wiki.onap.org/display/DW/Optimization+Service+Design+Framework',
+ classifiers=[
+ 'Development Status :: 4 - Beta',
+ 'Environment :: ONAP',
+ 'Intended Audience :: Information Technology',
+ 'Intended Audience :: System Administrators',
+ 'License :: OSI Approved :: Apache Software License',
+ 'Operating System :: POSIX :: Linux',
+ 'Programming Language :: Python',
+ 'Programming Language :: Python :: 3'
+ 'Programming Language :: Python :: 3.5'
+ 'Topic :: Communications :: Email',
+ 'Topic :: Office/Business',
+ 'Topic :: Software Development :: Bug Tracking',],
+ keywords=['onap','osdf'],
+ packages=['osdf'],
+ entry_points = {
+ 'console_scripts': [
+ 'cipher-utility = osdf.cmd.encryptionUtil:main',
+ ],
+ 'oslo.config.opts': [
+ 'osdf = osdf.opts:list_opts',
+ ],
+ }
+ )