X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_common%2Fdbbase.py;h=7428ed969509860ef2cf4af999fa5f9024a28afb;hb=refs%2Fchanges%2F80%2F8380%2F3;hp=d199ddebe00918f830c4c33e0a61b9419e676998;hpb=d63ea273e23c9e1350ed300872f703faf4ddc3c7;p=osm%2Fcommon.git diff --git a/osm_common/dbbase.py b/osm_common/dbbase.py index d199dde..7428ed9 100644 --- a/osm_common/dbbase.py +++ b/osm_common/dbbase.py @@ -17,6 +17,7 @@ import yaml import logging +import re from http import HTTPStatus from copy import deepcopy from Crypto.Cipher import AES @@ -88,6 +89,16 @@ class DbBase(object): """ raise DbException("Method 'get_list' not implemented") + def count(self, table, q_filter=None): + """ + Count the number of entries matching q_filter + :param table: collection or table + :param q_filter: Filter + :return: number of entries found (can be zero) + :raise: DbException on error + """ + raise DbException("Method 'count' not implemented") + def get_one(self, table, q_filter=None, fail_on_empty=True, fail_on_more=True): """ Obtain one entry matching q_filter @@ -201,6 +212,13 @@ class DbBase(object): self.secret_key = None self.secret_key = self._join_secret_key(new_secret_key) + def get_secret_key(self): + """ + Get the database secret key in case it is not done when "connect" is called. It can happens when database is + empty after an initial install. It should skip if secret is already obtained. + """ + pass + def encrypt(self, value, schema_version=None, salt=None): """ Encrypt a value @@ -210,6 +228,7 @@ class DbBase(object): :param salt: optional salt to be used. Must be str :return: Encrypted content of value """ + self.get_secret_key() if not self.secret_key or not schema_version or schema_version == '1.0': return value else: @@ -229,6 +248,7 @@ class DbBase(object): :param salt: optional salt to be used :return: Plain content of value """ + self.get_secret_key() if not self.secret_key or not schema_version or schema_version == '1.0': return value else: @@ -236,9 +256,36 @@ class DbBase(object): encrypted_msg = b64decode(value) cipher = AES.new(secret_key) decrypted_msg = cipher.decrypt(encrypted_msg) - unpadded_private_msg = decrypted_msg.decode().rstrip('\0') + try: + unpadded_private_msg = decrypted_msg.decode().rstrip('\0') + except UnicodeDecodeError: + raise DbException("Cannot decrypt information. Are you using same COMMONKEY in all OSM components?", + http_code=HTTPStatus.INTERNAL_SERVER_ERROR) return unpadded_private_msg + def encrypt_decrypt_fields(self, item, action, fields=None, flags=re.I, schema_version=None, salt=None): + if not fields: + return + self.get_secret_key() + actions = ['encrypt', 'decrypt'] + if action.lower() not in actions: + raise DbException("Unknown action ({}): Must be one of {}".format(action, actions), + http_code=HTTPStatus.INTERNAL_SERVER_ERROR) + method = self.encrypt if action.lower() == 'encrypt' else self.decrypt + + def process(item): + if isinstance(item, list): + for elem in item: + process(elem) + elif isinstance(item, dict): + for key, val in item.items(): + if any(re.search(f, key, flags) for f in fields) and isinstance(val, str): + item[key] = method(val, schema_version, salt) + else: + process(val) + + process(item) + def deep_update_rfc7396(dict_to_change, dict_reference, key_list=None): """ @@ -255,7 +302,7 @@ def deep_update_rfc7396(dict_to_change, dict_reference, key_list=None): Nothing happens if no match is found. If the value is None the matched elements are deleted. $key: val In case a dictionary is passed in yaml format, if looks for all items in the array dict_to_change that are dictionaries and contains this equal to . Several keys can be used by yaml - format '{key: val, key: val, ...}'; and all of them mast match. Nothing happens if no match is + format '{key: val, key: val, ...}'; and all of them must match. Nothing happens if no match is found. If value is None the matched items are deleted, otherwise they are edited. $+val If no match if found (see '$val'), the value is appended to the array. If any match is found nothing is changed. A value of None has not sense.