add secrets and encrypt system to organization
This commit is contained in:
Cayo Puigdefabregas
parent
22bca789bc
commit
365c58d87a
|
|
@ -1,6 +1,11 @@
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
import secrets
|
import secrets
|
||||||
|
import nacl
|
||||||
|
import base64
|
||||||
|
|
||||||
|
from nacl import pwhash, secret
|
||||||
|
from django.core.cache import cache
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.http import QueryDict
|
from django.http import QueryDict
|
||||||
|
|
@ -64,6 +69,8 @@ class Organization(models.Model):
|
||||||
help_text=_("Url where to send the verificable presentation"),
|
help_text=_("Url where to send the verificable presentation"),
|
||||||
max_length=250
|
max_length=250
|
||||||
)
|
)
|
||||||
|
encrypted_sensitive_data = models.CharField(max_length=255)
|
||||||
|
salt = models.CharField(max_length=255)
|
||||||
|
|
||||||
def send(self, vp, code):
|
def send(self, vp, code):
|
||||||
"""
|
"""
|
||||||
|
|
@ -90,6 +97,65 @@ class Organization(models.Model):
|
||||||
auth = (self.my_client_id, self.my_client_secret)
|
auth = (self.my_client_id, self.my_client_secret)
|
||||||
return requests.get(url, auth=auth)
|
return requests.get(url, auth=auth)
|
||||||
|
|
||||||
|
def derive_key_from_password(self, password=None):
|
||||||
|
if not password:
|
||||||
|
password = cache.get("KEY_DIDS").encode('utf-8')
|
||||||
|
|
||||||
|
kdf = pwhash.argon2i.kdf
|
||||||
|
ops = pwhash.argon2i.OPSLIMIT_INTERACTIVE
|
||||||
|
mem = pwhash.argon2i.MEMLIMIT_INTERACTIVE
|
||||||
|
return kdf(
|
||||||
|
secret.SecretBox.KEY_SIZE,
|
||||||
|
password,
|
||||||
|
self.get_salt(),
|
||||||
|
opslimit=ops,
|
||||||
|
memlimit=mem
|
||||||
|
)
|
||||||
|
|
||||||
|
def decrypt_sensitive_data(self, data=None):
|
||||||
|
sb_key = self.derive_key_from_password()
|
||||||
|
sb = secret.SecretBox(sb_key)
|
||||||
|
if not data:
|
||||||
|
data = self.get_encrypted_sensitive_data()
|
||||||
|
if not isinstance(data, bytes):
|
||||||
|
data = data.encode('utf-8')
|
||||||
|
|
||||||
|
return sb.decrypt(data).decode('utf-8')
|
||||||
|
|
||||||
|
def encrypt_sensitive_data(self, data):
|
||||||
|
sb_key = self.derive_key_from_password()
|
||||||
|
sb = secret.SecretBox(sb_key)
|
||||||
|
if not isinstance(data, bytes):
|
||||||
|
data = data.encode('utf-8')
|
||||||
|
|
||||||
|
return base64.b64encode(sb.encrypt(data)).decode('utf-8')
|
||||||
|
|
||||||
|
def get_salt(self):
|
||||||
|
return base64.b64decode(self.salt.encode('utf-8'))
|
||||||
|
|
||||||
|
def set_salt(self):
|
||||||
|
self.salt = base64.b64encode(nacl.utils.random(16)).decode('utf-8')
|
||||||
|
|
||||||
|
def get_encrypted_sensitive_data(self):
|
||||||
|
return base64.b64decode(self.encrypted_sensitive_data.encode('utf-8'))
|
||||||
|
|
||||||
|
def set_encrypted_sensitive_data(self):
|
||||||
|
key = base64.b64encode(nacl.utils.random(64))
|
||||||
|
self.set_salt()
|
||||||
|
|
||||||
|
key_crypted = self.encrypt_sensitive_data(key)
|
||||||
|
self.encrypted_sensitive_data = key_crypted
|
||||||
|
|
||||||
|
def change_password_key(self, new_password):
|
||||||
|
data = self.decrypt_sensitive_data()
|
||||||
|
sb_key = self.derive_key_from_password(new_password)
|
||||||
|
sb = secret.SecretBox(sb_key)
|
||||||
|
if not isinstance(data, bytes):
|
||||||
|
data = data.encode('utf-8')
|
||||||
|
|
||||||
|
encrypted_data = base64.b64encode(sb.encrypt(data)).decode('utf-8')
|
||||||
|
self.encrypted_sensitive_data = encrypted_data
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.name
|
return self.name
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue