diff --git a/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py b/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py index 91464c1fa..8cde30af0 100644 --- a/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py +++ b/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py @@ -1,7 +1,7 @@ from typing import List from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor -from monkey_island.cc.server_utils.key_encryptor import get_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor class StringListEncryptor(IFieldEncryptor): diff --git a/monkey/monkey_island/cc/resources/configuration_export.py b/monkey/monkey_island/cc/resources/configuration_export.py index c9565011b..089e9c813 100644 --- a/monkey/monkey_island/cc/resources/configuration_export.py +++ b/monkey/monkey_island/cc/resources/configuration_export.py @@ -4,8 +4,10 @@ import flask_restful from flask import request from monkey_island.cc.resources.auth.auth import jwt_required +from monkey_island.cc.server_utils.encryption.password_based_encryption import ( + PasswordBasedEncryptor, +) from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor class ConfigurationExport(flask_restful.Resource): diff --git a/monkey/monkey_island/cc/resources/configuration_import.py b/monkey/monkey_island/cc/resources/configuration_import.py index 99b43f3ba..c4b64a363 100644 --- a/monkey/monkey_island/cc/resources/configuration_import.py +++ b/monkey/monkey_island/cc/resources/configuration_import.py @@ -8,13 +8,13 @@ from flask import request from common.utils.exceptions import InvalidConfigurationError from monkey_island.cc.resources.auth.auth import jwt_required -from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.utils.password_encryption import ( +from monkey_island.cc.server_utils.encryption.password_based_encryption import ( InvalidCiphertextError, InvalidCredentialsError, PasswordBasedEncryptor, is_encrypted, ) +from monkey_island.cc.services.config import ConfigService logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/server_setup.py b/monkey/monkey_island/cc/server_setup.py index 5ed167126..e5d4dc47e 100644 --- a/monkey/monkey_island/cc/server_setup.py +++ b/monkey/monkey_island/cc/server_setup.py @@ -27,8 +27,10 @@ from monkey_island.cc.server_utils.consts import ( # noqa: E402 GEVENT_EXCEPTION_LOG, MONGO_CONNECTION_TIMEOUT, ) +from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( # noqa: E402 + initialize_encryptor, +) from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402 -from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor # noqa: E402 from monkey_island.cc.services.initialize import initialize_services # noqa: E402 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402 from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402 diff --git a/monkey/monkey_island/cc/server_utils/encryption/__init__.py b/monkey/monkey_island/cc/server_utils/encryption/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/monkey/monkey_island/cc/server_utils/key_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py similarity index 81% rename from monkey/monkey_island/cc/server_utils/key_encryptor.py rename to monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py index e41cf56f4..bdcfb97d4 100644 --- a/monkey/monkey_island/cc/server_utils/key_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py @@ -4,8 +4,8 @@ import os # is maintained. from Crypto import Random # noqa: DUO133 # nosec: B413 +from monkey_island.cc.server_utils.encryption.key_based_encryptor import KeyBasedEncryptor from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file -from monkey_island.cc.services.utils.key_encryption import KeyBasedEncryptor _encryptor = None @@ -22,6 +22,8 @@ class DataStoreEncryptor: else: self._init_key(password_file) + self._key_base_encryptor = KeyBasedEncryptor(self._cipher_key) + def _init_key(self, password_file_path: str): self._cipher_key = Random.new().read(self._BLOCK_SIZE) with open_new_securely_permissioned_file(password_file_path, "wb") as f: @@ -32,12 +34,10 @@ class DataStoreEncryptor: self._cipher_key = f.read() def enc(self, message: str): - key_encryptor = KeyBasedEncryptor(self._cipher_key) - return key_encryptor.encrypt(message) + return self._key_base_encryptor.encrypt(message) def dec(self, enc_message: str): - key_encryptor = KeyBasedEncryptor(self._cipher_key) - return key_encryptor.decrypt(enc_message) + return self._key_base_encryptor.decrypt(enc_message) def initialize_encryptor(password_file_dir): diff --git a/monkey/monkey_island/cc/services/utils/i_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/i_encryptor.py similarity index 100% rename from monkey/monkey_island/cc/services/utils/i_encryptor.py rename to monkey/monkey_island/cc/server_utils/encryption/i_encryptor.py diff --git a/monkey/monkey_island/cc/services/utils/key_encryption.py b/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py similarity index 94% rename from monkey/monkey_island/cc/services/utils/key_encryption.py rename to monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py index cb8366da8..49f67a34b 100644 --- a/monkey/monkey_island/cc/services/utils/key_encryption.py +++ b/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py @@ -6,7 +6,7 @@ import logging from Crypto import Random # noqa: DUO133 # nosec: B413 from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413 -from monkey_island.cc.services.utils.i_encryptor import IEncryptor +from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/utils/password_encryption.py b/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py similarity index 96% rename from monkey/monkey_island/cc/services/utils/password_encryption.py rename to monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py index 1854722e8..da4736e16 100644 --- a/monkey/monkey_island/cc/services/utils/password_encryption.py +++ b/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py @@ -4,7 +4,7 @@ import logging import pyAesCrypt -from monkey_island.cc.services.utils.i_encryptor import IEncryptor +from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py b/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py index 6a431f35a..88243de5d 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py @@ -1,4 +1,4 @@ -from monkey_island.cc.server_utils.key_encryptor import get_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor def parse_creds(attempt): diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 26e3ab971..7f69928c0 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -19,7 +19,7 @@ from common.config_value_paths import ( USER_LIST_PATH, ) from monkey_island.cc.database import mongo -from monkey_island.cc.server_utils.key_encryptor import get_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor from monkey_island.cc.services.config_manipulator import update_config_per_mode from monkey_island.cc.services.config_schema.config_schema import SCHEMA from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode diff --git a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py index 0a0ccce15..246176a8d 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py @@ -3,7 +3,7 @@ import copy import dateutil from monkey_island.cc.models import Monkey -from monkey_island.cc.server_utils.key_encryptor import get_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.edge.displayed_edge import EdgeService from monkey_island.cc.services.node import NodeService diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py index 1bcc61ecd..3cc1dc560 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py @@ -1,6 +1,6 @@ import logging -from monkey_island.cc.server_utils.key_encryptor import get_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501 diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py index 0d423bd6a..3ac6a7861 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py @@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce from common.cloud.scoutsuite_consts import CloudProviders from common.config_value_paths import AWS_KEYS_PATH from common.utils.exceptions import InvalidAWSKeys -from monkey_island.cc.server_utils.key_encryptor import get_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor from monkey_island.cc.services.config import ConfigService diff --git a/monkey/tests/unit_tests/monkey_island/cc/conftest.py b/monkey/tests/unit_tests/monkey_island/cc/conftest.py index c14524411..438ee3fef 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/conftest.py +++ b/monkey/tests/unit_tests/monkey_island/cc/conftest.py @@ -5,7 +5,7 @@ import os import pytest from tests.unit_tests.monkey_island.cc.mongomock_fixtures import * # noqa: F401,F403,E402 -from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import ( +from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501 MONKEY_CONFIGS_DIR_PATH, STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME, ) diff --git a/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py b/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py index fe8af8e0d..1428a0009 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py +++ b/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py @@ -1,7 +1,7 @@ import pytest from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor -from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import initialize_encryptor MOCK_STRING_LIST = ["test_1", "test_2"] EMPTY_LIST = [] diff --git a/monkey/tests/unit_tests/monkey_island/cc/resources/test_configuration_import.py b/monkey/tests/unit_tests/monkey_island/cc/resources/test_configuration_import.py index 45ef8daaf..ac72f01c2 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/resources/test_configuration_import.py +++ b/monkey/tests/unit_tests/monkey_island/cc/resources/test_configuration_import.py @@ -1,12 +1,16 @@ import pytest +from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501 + PASSWORD, +) from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import ( MALFORMED_CIPHER_TEXT_CORRUPTED, ) -from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import PASSWORD from common.utils.exceptions import InvalidConfigurationError from monkey_island.cc.resources.configuration_import import ConfigurationImport -from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor +from monkey_island.cc.server_utils.encryption.password_based_encryption import ( + PasswordBasedEncryptor, +) def test_is_config_encrypted__json(monkey_config_json): diff --git a/monkey/tests/unit_tests/monkey_island/cc/server_utils/test_key_encryptor.py b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py similarity index 86% rename from monkey/tests/unit_tests/monkey_island/cc/server_utils/test_key_encryptor.py rename to monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py index f7097ec00..e3dbd8afa 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/server_utils/test_key_encryptor.py +++ b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py @@ -1,6 +1,9 @@ import os -from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( + get_encryptor, + initialize_encryptor, +) PASSWORD_FILENAME = "mongo_key.bin" diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/utils/test_encryption.py b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_password_based_encryption.py similarity index 94% rename from monkey/tests/unit_tests/monkey_island/cc/services/utils/test_encryption.py rename to monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_password_based_encryption.py index 029e8201f..cb3756e40 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/utils/test_encryption.py +++ b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_password_based_encryption.py @@ -4,7 +4,7 @@ from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption VALID_CIPHER_TEXT, ) -from monkey_island.cc.services.utils.password_encryption import ( +from monkey_island.cc.server_utils.encryption.password_based_encryption import ( InvalidCredentialsError, PasswordBasedEncryptor, ) diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py b/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py index af47d51b5..12809dfa8 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py @@ -5,7 +5,10 @@ import pytest from common.config_value_paths import AWS_KEYS_PATH from monkey_island.cc.database import mongo -from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor +from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( + get_encryptor, + initialize_encryptor, +) from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import ( is_aws_keys_setup,