self.secret_key = None
self.secret_key = self._join_secret_key(new_secret_key)
+ def get_secret_key(self):
+ """
+ Get the database secret key in case it is not done when "connect" is called. It can happens when database is
+ empty after an initial install. It should skip if secret is already obtained.
+ """
+ pass
+
def encrypt(self, value, schema_version=None, salt=None):
"""
Encrypt a value
:param salt: optional salt to be used. Must be str
:return: Encrypted content of value
"""
+ self.get_secret_key()
if not self.secret_key or not schema_version or schema_version == '1.0':
return value
else:
:param salt: optional salt to be used
:return: Plain content of value
"""
+ self.get_secret_key()
if not self.secret_key or not schema_version or schema_version == '1.0':
return value
else:
def encrypt_decrypt_fields(self, item, action, fields=None, flags=re.I, schema_version=None, salt=None):
if not fields:
return
+ self.get_secret_key()
actions = ['encrypt', 'decrypt']
if action.lower() not in actions:
raise DbException("Unknown action ({}): Must be one of {}".format(action, actions),
super().__init__(logger_name, lock)
self.client = None
self.db = None
+ self.database_key = None
+ self.secret_obtained = False
+ # ^ This is used to know if database serial has been got. Database is inited by NBI, who generates the serial
+ # In case it is not ready when connected, it should be got later on before any decrypt operation
+
+ def get_secret_key(self):
+ if self.secret_obtained:
+ return
+
+ self.secret_key = None
+ if self.database_key:
+ self.set_secret_key(self.database_key)
+ version_data = self.get_one("admin", {"_id": "version"}, fail_on_empty=False, fail_on_more=True)
+ if version_data and version_data.get("serial"):
+ self.set_secret_key(b64decode(version_data["serial"]))
+ self.secret_obtained = True
def db_connect(self, config, target_version=None):
"""
self.logger = logging.getLogger(config["logger_name"])
master_key = config.get("commonkey") or config.get("masterpassword")
if master_key:
+ self.database_key = master_key
self.set_secret_key(master_key)
if config.get("uri"):
self.client = MongoClient(config["uri"])
raise DbException("Invalid database version {}. Expected {}".format(db_version, target_version))
# get serial
if version_data and version_data.get("serial"):
+ self.secret_obtained = True
self.set_secret_key(b64decode(version_data["serial"]))
self.logger.info("Connected to database {} version {}".format(config["name"], db_version))
return
projects / osm / common.git / commitdiff