forked from p15670423/monkey
Island: Rename data_store_encryptor initialization functions
This commit is contained in:
Mike Salvatore
parent
2d414a6f7d
commit
bdf485e014
|
|
@ -44,7 +44,7 @@ class Authenticate(flask_restful.Resource):
|
|||
username, password = get_username_password_from_request(request)
|
||||
|
||||
if _credentials_match_registered_user(username, password):
|
||||
AuthenticationService.ensure_datastore_encryptor(username, password)
|
||||
AuthenticationService.unlock_datastore_encryptor(username, password)
|
||||
access_token = _create_access_token(username)
|
||||
return make_response({"access_token": access_token, "error": ""}, 200)
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ from .password_based_bytes_encryptor import (
|
|||
)
|
||||
from .data_store_encryptor import (
|
||||
get_datastore_encryptor,
|
||||
initialize_datastore_encryptor,
|
||||
reinitialize_datastore_encryptor,
|
||||
unlock_datastore_encryptor,
|
||||
reset_datastore_encryptor,
|
||||
)
|
||||
from .dict_encryptor import (
|
||||
SensitiveField,
|
||||
|
|
|
|||
|
|
@ -50,18 +50,16 @@ class DataStoreEncryptor(IEncryptor):
|
|||
return self._key_based_encryptor.decrypt(ciphertext)
|
||||
|
||||
|
||||
def reinitialize_datastore_encryptor(
|
||||
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"
|
||||
):
|
||||
def reset_datastore_encryptor(key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"):
|
||||
key_file_path = Path(key_file_dir) / key_file_name
|
||||
|
||||
if key_file_path.is_file():
|
||||
key_file_path.unlink()
|
||||
|
||||
initialize_datastore_encryptor(key_file_dir, secret, key_file_name)
|
||||
unlock_datastore_encryptor(key_file_dir, secret, key_file_name)
|
||||
|
||||
|
||||
def initialize_datastore_encryptor(
|
||||
def unlock_datastore_encryptor(
|
||||
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"
|
||||
):
|
||||
global _encryptor
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from monkey_island.cc.server_utils.encryption import (
|
||||
get_datastore_encryptor,
|
||||
initialize_datastore_encryptor,
|
||||
reinitialize_datastore_encryptor,
|
||||
reset_datastore_encryptor,
|
||||
unlock_datastore_encryptor,
|
||||
)
|
||||
|
||||
|
||||
|
|
@ -16,19 +15,14 @@ class AuthenticationService:
|
|||
cls.KEY_FILE_DIRECTORY = key_file_directory
|
||||
|
||||
@staticmethod
|
||||
def ensure_datastore_encryptor(username: str, password: str):
|
||||
if not get_datastore_encryptor():
|
||||
AuthenticationService._init_encryptor_from_credentials(username, password)
|
||||
def unlock_datastore_encryptor(username: str, password: str):
|
||||
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||
unlock_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||
|
||||
@staticmethod
|
||||
def reset_datastore_encryptor(username: str, password: str):
|
||||
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||
reinitialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||
|
||||
@staticmethod
|
||||
def _init_encryptor_from_credentials(username: str, password: str):
|
||||
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||
initialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||
reset_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||
|
||||
@staticmethod
|
||||
def _get_secret_from_credentials(username: str, password: str) -> str:
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_bas
|
|||
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
|
||||
)
|
||||
|
||||
from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import unlock_datastore_encryptor
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
|
|
@ -30,4 +30,4 @@ def monkey_config_json(monkey_config):
|
|||
@pytest.fixture
|
||||
def uses_encryptor(data_for_tests_dir):
|
||||
secret = "m0nk3y_u53r:3cr3t_p455w0rd"
|
||||
initialize_datastore_encryptor(data_for_tests_dir, secret)
|
||||
unlock_datastore_encryptor(data_for_tests_dir, secret)
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@ from common.utils.file_utils import get_file_sha256_hash
|
|||
from monkey_island.cc.server_utils.encryption import (
|
||||
data_store_encryptor,
|
||||
get_datastore_encryptor,
|
||||
initialize_datastore_encryptor,
|
||||
reinitialize_datastore_encryptor,
|
||||
reset_datastore_encryptor,
|
||||
unlock_datastore_encryptor,
|
||||
)
|
||||
|
||||
# Mark all tests in this module as slow
|
||||
|
|
@ -27,7 +27,7 @@ def key_file(tmp_path):
|
|||
|
||||
|
||||
def test_encryption(tmp_path):
|
||||
initialize_datastore_encryptor(tmp_path, MOCK_SECRET)
|
||||
unlock_datastore_encryptor(tmp_path, MOCK_SECRET)
|
||||
|
||||
encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT)
|
||||
assert encrypted_data != PLAINTEXT
|
||||
|
|
@ -38,46 +38,46 @@ def test_encryption(tmp_path):
|
|||
|
||||
def test_key_creation(key_file):
|
||||
assert not key_file.is_file()
|
||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
assert key_file.is_file()
|
||||
|
||||
|
||||
def test_existing_key_reused(key_file):
|
||||
assert not key_file.is_file()
|
||||
|
||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
key_file_hash_1 = get_file_sha256_hash(key_file)
|
||||
|
||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
key_file_hash_2 = get_file_sha256_hash(key_file)
|
||||
|
||||
assert key_file_hash_1 == key_file_hash_2
|
||||
|
||||
|
||||
def test_reinitialize_datastore_encryptor(key_file):
|
||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
def test_reset_datastore_encryptor(key_file):
|
||||
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
key_file_hash_1 = get_file_sha256_hash(key_file)
|
||||
|
||||
reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
key_file_hash_2 = get_file_sha256_hash(key_file)
|
||||
|
||||
assert key_file_hash_1 != key_file_hash_2
|
||||
|
||||
|
||||
def test_reinitialize_when_encryptor_is_none(key_file):
|
||||
def test_reset_when_encryptor_is_none(key_file):
|
||||
with key_file.open(mode="w") as f:
|
||||
f.write("")
|
||||
|
||||
reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
assert (
|
||||
get_file_sha256_hash(key_file)
|
||||
!= "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
||||
)
|
||||
|
||||
|
||||
def test_reinitialize_when_file_not_found(key_file):
|
||||
def test_reset_when_file_not_found(key_file):
|
||||
assert not key_file.is_file()
|
||||
reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||
|
||||
encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT)
|
||||
assert encrypted_data != PLAINTEXT
|
||||
|
|
|
|||
Loading…
Reference in New Issue