From 8e62aaddc79b0e04b33b932dd8d903beb0dfc017 Mon Sep 17 00:00:00 2001
From: dhebeha <dhebeha.mj71@wipro.com>
Date: Tue, 25 Feb 2020 15:03:20 +0530
Subject: encryption/decryption utility

Change-Id: I1f7d2c6fe66b1ff4341660063203662b507a669a
Issue-ID: OPTFRA-700
Signed-off-by: dhebeha <dhebeha.mj71@wipro.com>
---
 osdf/adapters/aaf/sms.py   | 39 +++++++++++++++++-------------
 osdf/cmd/encryptionUtil.py | 50 +++++++++++++++++++++++++++++++++++++++
 osdf/utils/cipherUtils.py  | 59 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 132 insertions(+), 16 deletions(-)
 create mode 100644 osdf/cmd/encryptionUtil.py
 create mode 100644 osdf/utils/cipherUtils.py

(limited to 'osdf')

diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py
index 25ae7f2..fd3a5d5 100644
--- a/osdf/adapters/aaf/sms.py
+++ b/osdf/adapters/aaf/sms.py
@@ -1,6 +1,7 @@
 #
 # -------------------------------------------------------------------------
 #   Copyright (c) 2018 Intel Corporation Intellectual Property
+#   Copyright (C) 2020 Wipro Limited.
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
@@ -20,12 +21,12 @@
 '''Secret Management Service Integration'''
 
 from onapsmsclient import Client
-
 import osdf.config.base as cfg_base
 import osdf.config.credentials as creds
 import osdf.config.loader as config_loader
 from osdf.config.base import osdf_config
 from osdf.logging.osdf_logging import debug_log
+from osdf.utils import cipherUtils
 
 config_spec = {
     "preload_secrets": "config/preload_secrets.yaml"
@@ -70,40 +71,46 @@ def retrieve_secrets():
     debug_log.debug("Secret Dictionary Retrieval Success")
     return secret_dict
 
-
 def load_secrets():
     config = osdf_config.deployment
     secret_dict = retrieve_secrets()
     config['soUsername'] = secret_dict['so']['UserName']
-    config['soPassword'] = secret_dict['so']['Password']
+    config['soPassword'] = decrypt_pass(secret_dict['so']['Password'])
     config['conductorUsername'] = secret_dict['conductor']['UserName']
-    config['conductorPassword'] = secret_dict['conductor']['Password']
+    config['conductorPassword'] = decrypt_pass(secret_dict['conductor']['Password'])
     config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName']
-    config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password']
-    config['policyClientUsername'] = secret_dict['policyClient']['UserName']
-    config['policyClientPassword'] = secret_dict['policyClient']['Password']
+    config['policyPlatformPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password'])
+    config['policyClientUsername'] = secret_dict['policyPlatform']['UserName']
+    config['policyClientPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password'])
     config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName']
-    config['messageReaderAafPassword'] = secret_dict['dmaap']['Password']
+    config['messageReaderAafPassword'] = decrypt_pass(secret_dict['dmaap']['Password'])
     config['sdcUsername'] = secret_dict['sdc']['UserName']
-    config['sdcPassword'] = secret_dict['sdc']['Password']
+    config['sdcPassword'] = decrypt_pass(secret_dict['sdc']['Password'])
     config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName']
-    config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password']
+    config['osdfPlacementPassword'] = decrypt_pass(secret_dict['osdfPlacement']['Password'])
     config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName']
-    config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password']
+    config['osdfPlacementSOPassword'] = decrypt_pass(secret_dict['osdfPlacementSO']['Password'])
     config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName']
-    config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password']
+    config['osdfPlacementVFCPassword'] = decrypt_pass(secret_dict['osdfPlacementVFC']['Password'])
     config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName']
-    config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password']
+    config['osdfCMSchedulerPassword'] = decrypt_pass(secret_dict['osdfCMScheduler']['Password'])
     config['configDbUserName'] = secret_dict['configDb']['UserName']
-    config['configDbPassword'] = secret_dict['configDb']['Password']
+    config['configDbPassword'] = decrypt_pass(secret_dict['configDb']['Password'])
     config['pciHMSUsername'] = secret_dict['pciHMS']['UserName']
-    config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
+    config['pciHMSPassword'] = decrypt_pass(secret_dict['pciHMS']['Password'])
     config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
-    config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+    config['osdfPCIOptPassword'] = decrypt_pass(secret_dict['osdfPCIOpt']['Password'])
     cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config)
     cfg_base.dmaap_creds = creds.dmaap_creds()
 
 
+def decrypt_pass(passwd):
+    if passwd == '' or passwd == 'NA':
+        return passwd
+    else:
+        return cipherUtils.AESCipher.get_instance().decrypt(passwd)
+
+
 def delete_secrets():
     """ This is intended to delete the secrets for a clean initialization for
         testing Application. Actual deployment will have a preload script.
diff --git a/osdf/cmd/encryptionUtil.py b/osdf/cmd/encryptionUtil.py
new file mode 100644
index 0000000..6c0cae2
--- /dev/null
+++ b/osdf/cmd/encryptionUtil.py
@@ -0,0 +1,50 @@
+#
+# -------------------------------------------------------------------------
+#   Copyright (c) 2015-2018 AT&T Intellectual Property
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# -------------------------------------------------------------------------
+#
+import sys
+from osdf.utils import cipherUtils
+
+
+def main():
+
+    if len(sys.argv) != 4:
+        print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)")
+        return
+
+    enc_dec = sys.argv[1]
+    valid_option_values = ['encrypt', 'decrypt']
+    if enc_dec not in valid_option_values:
+        print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)")
+        print("Option value can only be one of {}".format(valid_option_values))
+        print("You entered '{}'".format(enc_dec))
+        return
+
+    input_string = sys.argv[2]
+    with_key = sys.argv[3]
+
+    print("You've requested '{}' to be '{}ed' using key '{}'".format(input_string, enc_dec, with_key))
+    print("You can always perform the reverse operation (encrypt/decrypt) using the same key"
+          "to be certain you get the same results back'")
+
+    util = cipherUtils.AESCipher.get_instance(with_key)
+    if enc_dec.lower() == 'encrypt':
+        result = util.encrypt(input_string)
+    else:
+        result = util.decrypt(input_string)
+
+    print("Your resultt: {}".format(result))
\ No newline at end of file
diff --git a/osdf/utils/cipherUtils.py b/osdf/utils/cipherUtils.py
new file mode 100644
index 0000000..169f1a1
--- /dev/null
+++ b/osdf/utils/cipherUtils.py
@@ -0,0 +1,59 @@
+#
+# -------------------------------------------------------------------------
+#   Copyright (C) 2020 Wipro Limited.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# -------------------------------------------------------------------------
+
+from Crypto.Cipher import AES
+from osdf.config.base import osdf_config
+from Crypto.Util.Padding import unpad
+from Crypto.Util.Padding import pad
+
+
+class AESCipher(object):
+    __instance = None
+
+    @staticmethod
+    def get_instance(key = None):
+        if AESCipher.__instance is None:
+            print("Creating the singleton instance")
+            AESCipher(key)
+        return AESCipher.__instance
+
+    def __init__(self, key=None):
+        if AESCipher.__instance is not None:
+            raise Exception("This class is a singleton!")
+        else:
+            AESCipher.__instance = self
+
+        self.bs = 32
+        if key is None:
+            key = osdf_config.deployment["appkey"]
+
+        self.key = key.encode()
+
+    def encrypt(self, data):
+        data = data.encode()
+        cipher = AES.new(self.key, AES.MODE_CBC)
+        ciphered_data = cipher.encrypt(pad(data, AES.block_size))
+        enc = (cipher.iv.hex())+(ciphered_data.hex())
+        return enc
+
+    def decrypt(self, enc):
+        iv = bytes.fromhex(enc[:32])
+        ciphered_data = bytes.fromhex(enc[32:])
+        cipher = AES.new(self.key, AES.MODE_CBC, iv=iv)
+        original_data = unpad(cipher.decrypt(ciphered_data), AES.block_size).decode()
+        return original_data
-- 
cgit 1.2.3-korg