forked from p15670423/monkey
Island: Rename data_store_encryptor initialization functions
This commit is contained in:
Mike Salvatore
parent
2d414a6f7d
commit
bdf485e014
|
|
@ -44,7 +44,7 @@ class Authenticate(flask_restful.Resource):
|
||||||
username, password = get_username_password_from_request(request)
|
username, password = get_username_password_from_request(request)
|
||||||
|
|
||||||
if _credentials_match_registered_user(username, password):
|
if _credentials_match_registered_user(username, password):
|
||||||
AuthenticationService.ensure_datastore_encryptor(username, password)
|
AuthenticationService.unlock_datastore_encryptor(username, password)
|
||||||
access_token = _create_access_token(username)
|
access_token = _create_access_token(username)
|
||||||
return make_response({"access_token": access_token, "error": ""}, 200)
|
return make_response({"access_token": access_token, "error": ""}, 200)
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -13,8 +13,8 @@ from .password_based_bytes_encryptor import (
|
||||||
)
|
)
|
||||||
from .data_store_encryptor import (
|
from .data_store_encryptor import (
|
||||||
get_datastore_encryptor,
|
get_datastore_encryptor,
|
||||||
initialize_datastore_encryptor,
|
unlock_datastore_encryptor,
|
||||||
reinitialize_datastore_encryptor,
|
reset_datastore_encryptor,
|
||||||
)
|
)
|
||||||
from .dict_encryptor import (
|
from .dict_encryptor import (
|
||||||
SensitiveField,
|
SensitiveField,
|
||||||
|
|
|
||||||
|
|
@ -50,18 +50,16 @@ class DataStoreEncryptor(IEncryptor):
|
||||||
return self._key_based_encryptor.decrypt(ciphertext)
|
return self._key_based_encryptor.decrypt(ciphertext)
|
||||||
|
|
||||||
|
|
||||||
def reinitialize_datastore_encryptor(
|
def reset_datastore_encryptor(key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"):
|
||||||
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"
|
|
||||||
):
|
|
||||||
key_file_path = Path(key_file_dir) / key_file_name
|
key_file_path = Path(key_file_dir) / key_file_name
|
||||||
|
|
||||||
if key_file_path.is_file():
|
if key_file_path.is_file():
|
||||||
key_file_path.unlink()
|
key_file_path.unlink()
|
||||||
|
|
||||||
initialize_datastore_encryptor(key_file_dir, secret, key_file_name)
|
unlock_datastore_encryptor(key_file_dir, secret, key_file_name)
|
||||||
|
|
||||||
|
|
||||||
def initialize_datastore_encryptor(
|
def unlock_datastore_encryptor(
|
||||||
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"
|
key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"
|
||||||
):
|
):
|
||||||
global _encryptor
|
global _encryptor
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
get_datastore_encryptor,
|
reset_datastore_encryptor,
|
||||||
initialize_datastore_encryptor,
|
unlock_datastore_encryptor,
|
||||||
reinitialize_datastore_encryptor,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -16,19 +15,14 @@ class AuthenticationService:
|
||||||
cls.KEY_FILE_DIRECTORY = key_file_directory
|
cls.KEY_FILE_DIRECTORY = key_file_directory
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def ensure_datastore_encryptor(username: str, password: str):
|
def unlock_datastore_encryptor(username: str, password: str):
|
||||||
if not get_datastore_encryptor():
|
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||||
AuthenticationService._init_encryptor_from_credentials(username, password)
|
unlock_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def reset_datastore_encryptor(username: str, password: str):
|
def reset_datastore_encryptor(username: str, password: str):
|
||||||
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||||
reinitialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
reset_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def _init_encryptor_from_credentials(username: str, password: str):
|
|
||||||
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
|
||||||
initialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret)
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _get_secret_from_credentials(username: str, password: str) -> str:
|
def _get_secret_from_credentials(username: str, password: str) -> str:
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_bas
|
||||||
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
|
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
|
||||||
)
|
)
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor
|
from monkey_island.cc.server_utils.encryption import unlock_datastore_encryptor
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
|
|
@ -30,4 +30,4 @@ def monkey_config_json(monkey_config):
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def uses_encryptor(data_for_tests_dir):
|
def uses_encryptor(data_for_tests_dir):
|
||||||
secret = "m0nk3y_u53r:3cr3t_p455w0rd"
|
secret = "m0nk3y_u53r:3cr3t_p455w0rd"
|
||||||
initialize_datastore_encryptor(data_for_tests_dir, secret)
|
unlock_datastore_encryptor(data_for_tests_dir, secret)
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,8 @@ from common.utils.file_utils import get_file_sha256_hash
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
data_store_encryptor,
|
data_store_encryptor,
|
||||||
get_datastore_encryptor,
|
get_datastore_encryptor,
|
||||||
initialize_datastore_encryptor,
|
reset_datastore_encryptor,
|
||||||
reinitialize_datastore_encryptor,
|
unlock_datastore_encryptor,
|
||||||
)
|
)
|
||||||
|
|
||||||
# Mark all tests in this module as slow
|
# Mark all tests in this module as slow
|
||||||
|
|
@ -27,7 +27,7 @@ def key_file(tmp_path):
|
||||||
|
|
||||||
|
|
||||||
def test_encryption(tmp_path):
|
def test_encryption(tmp_path):
|
||||||
initialize_datastore_encryptor(tmp_path, MOCK_SECRET)
|
unlock_datastore_encryptor(tmp_path, MOCK_SECRET)
|
||||||
|
|
||||||
encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT)
|
encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT)
|
||||||
assert encrypted_data != PLAINTEXT
|
assert encrypted_data != PLAINTEXT
|
||||||
|
|
@ -38,46 +38,46 @@ def test_encryption(tmp_path):
|
||||||
|
|
||||||
def test_key_creation(key_file):
|
def test_key_creation(key_file):
|
||||||
assert not key_file.is_file()
|
assert not key_file.is_file()
|
||||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
assert key_file.is_file()
|
assert key_file.is_file()
|
||||||
|
|
||||||
|
|
||||||
def test_existing_key_reused(key_file):
|
def test_existing_key_reused(key_file):
|
||||||
assert not key_file.is_file()
|
assert not key_file.is_file()
|
||||||
|
|
||||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
key_file_hash_1 = get_file_sha256_hash(key_file)
|
key_file_hash_1 = get_file_sha256_hash(key_file)
|
||||||
|
|
||||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
key_file_hash_2 = get_file_sha256_hash(key_file)
|
key_file_hash_2 = get_file_sha256_hash(key_file)
|
||||||
|
|
||||||
assert key_file_hash_1 == key_file_hash_2
|
assert key_file_hash_1 == key_file_hash_2
|
||||||
|
|
||||||
|
|
||||||
def test_reinitialize_datastore_encryptor(key_file):
|
def test_reset_datastore_encryptor(key_file):
|
||||||
initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
key_file_hash_1 = get_file_sha256_hash(key_file)
|
key_file_hash_1 = get_file_sha256_hash(key_file)
|
||||||
|
|
||||||
reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
key_file_hash_2 = get_file_sha256_hash(key_file)
|
key_file_hash_2 = get_file_sha256_hash(key_file)
|
||||||
|
|
||||||
assert key_file_hash_1 != key_file_hash_2
|
assert key_file_hash_1 != key_file_hash_2
|
||||||
|
|
||||||
|
|
||||||
def test_reinitialize_when_encryptor_is_none(key_file):
|
def test_reset_when_encryptor_is_none(key_file):
|
||||||
with key_file.open(mode="w") as f:
|
with key_file.open(mode="w") as f:
|
||||||
f.write("")
|
f.write("")
|
||||||
|
|
||||||
reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
assert (
|
assert (
|
||||||
get_file_sha256_hash(key_file)
|
get_file_sha256_hash(key_file)
|
||||||
!= "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
!= "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def test_reinitialize_when_file_not_found(key_file):
|
def test_reset_when_file_not_found(key_file):
|
||||||
assert not key_file.is_file()
|
assert not key_file.is_file()
|
||||||
reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name)
|
||||||
|
|
||||||
encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT)
|
encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT)
|
||||||
assert encrypted_data != PLAINTEXT
|
assert encrypted_data != PLAINTEXT
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue