p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Island: Add reinitialize_datastore_encryptor()

This commit is contained in:
Mike Salvatore 2021-10-05 16:42:49 -04:00
parent c0b257127a
commit 95221ef53a
4 changed files with 49 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/monkey_island/cc/server_utils/encryption/__init__.py
View File

@ -12,9 +12,9 @@ from .password_based_bytes_encryptor import (
InvalidCiphertextError, InvalidCiphertextError,
) )
from .data_store_encryptor import ( from .data_store_encryptor import (
initialize_datastore_encryptor,
get_datastore_encryptor, get_datastore_encryptor,
remove_old_datastore_key, initialize_datastore_encryptor,
reinitialize_datastore_encryptor,
) )
from .dict_encryptor import ( from .dict_encryptor import (
SensitiveField, SensitiveField,

15
monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
View File

@ -53,11 +53,24 @@ class DataStoreEncryptor(IEncryptor):
if self._key_file_path.is_file(): if self._key_file_path.is_file():
self._key_file_path.unlink() self._key_file_path.unlink()
self._key_based_encryptor = None
def reinitialize_datastore_encryptor(
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"
):
_delete_encryptor()
initialize_datastore_encryptor(key_file_dir, secret, key_file_name)
def _delete_encryptor():
global _encryptor
def remove_old_datastore_key():
if _encryptor: if _encryptor:
_encryptor.erase_key() _encryptor.erase_key()
_encryptor = None
def initialize_datastore_encryptor( def initialize_datastore_encryptor(
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin" key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"

6
monkey/monkey_island/cc/services/authentication.py
View File

@ -1,7 +1,7 @@
from monkey_island.cc.server_utils.encryption import ( from monkey_island.cc.server_utils.encryption import (
get_datastore_encryptor, get_datastore_encryptor,
initialize_datastore_encryptor, initialize_datastore_encryptor,
remove_old_datastore_key, reinitialize_datastore_encryptor,
) )
@ -22,8 +22,8 @@ class AuthenticationService:
@staticmethod @staticmethod
def reset_datastore_encryptor(username: str, password: str): def reset_datastore_encryptor(username: str, password: str):
remove_old_datastore_key() secret = AuthenticationService._get_secret_from_credentials(username, password)
AuthenticationService._init_encryptor_from_credentials(username, password) reinitialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
@staticmethod @staticmethod
def _init_encryptor_from_credentials(username: str, password: str): def _init_encryptor_from_credentials(username: str, password: str):

40
monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py
View File

@ -1,10 +1,11 @@
import pytest import pytest
from common.utils.file_utils import get_file_sha256_hash
from monkey_island.cc.server_utils.encryption import ( from monkey_island.cc.server_utils.encryption import (
data_store_encryptor, data_store_encryptor,
get_datastore_encryptor, get_datastore_encryptor,
initialize_datastore_encryptor, initialize_datastore_encryptor,
remove_old_datastore_key, reinitialize_datastore_encryptor,
) )
PLAINTEXT = "Hello, Monkey!" PLAINTEXT = "Hello, Monkey!"
@ -42,28 +43,47 @@ def test_key_creation(key_file, tmp_path):
assert key_file.is_file() assert key_file.is_file()
@pytest.mark.slow
def test_existing_key_reused(key_file, tmp_path):
assert not key_file.is_file()
initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME)
key_file_hash_1 = get_file_sha256_hash(key_file)
initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME)
key_file_hash_2 = get_file_sha256_hash(key_file)
assert key_file_hash_1 == key_file_hash_2
@pytest.mark.slow @pytest.mark.slow
def test_key_removal(key_file, tmp_path): def test_key_removal(key_file, tmp_path):
initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME) initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME)
assert key_file.is_file() assert key_file.is_file()
remove_old_datastore_key() get_datastore_encryptor().erase_key()
assert not key_file.is_file() assert not key_file.is_file()
def test_key_removal__no_key(key_file): @pytest.mark.slow
assert not key_file.is_file() def test_key_removal__no_key(key_file, tmp_path):
# Make sure no error thrown when we try to remove an non-existing key
remove_old_datastore_key()
def test_key_removal__no_key_2(key_file, tmp_path):
assert not key_file.is_file() assert not key_file.is_file()
initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME) initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME)
assert key_file.is_file() assert key_file.is_file()
key_file.unlink() get_datastore_encryptor().erase_key()
assert not key_file.is_file() assert not key_file.is_file()
# Make sure no error thrown when we try to remove an non-existing key # Make sure no error thrown when we try to remove an non-existing key
get_datastore_encryptor().erase_key() get_datastore_encryptor().erase_key()
@pytest.mark.slow
def test_reinitialize_datastore_encryptor(key_file, tmp_path):
initialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME)
key_file_hash_1 = get_file_sha256_hash(key_file)
reinitialize_datastore_encryptor(tmp_path, MOCK_SECRET, KEY_FILENAME)
key_file_hash_2 = get_file_sha256_hash(key_file)
assert key_file_hash_1 != key_file_hash_2