add new encryption fields in organization

This commit is contained in:
Cayo Puigdefabregas 2024-02-23 19:17:14 +01:00
parent a290b2e45c
commit 8191b1aaee
2 changed files with 26 additions and 4 deletions

View File

@ -0,0 +1,22 @@
# Generated by Django 4.2.5 on 2024-02-23 13:01
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('oidc4vp', '0001_initial'),
]
operations = [
migrations.AddField(
model_name='organization',
name='encrypted_sensitive_data',
field=models.CharField(default=None, max_length=255, null=True),
),
migrations.AddField(
model_name='organization',
name='salt',
field=models.CharField(default=None, max_length=255, null=True),
),
]

View File

@ -149,24 +149,24 @@ class Organization(models.Model):
self.encrypted_sensitive_data = key_crypted self.encrypted_sensitive_data = key_crypted
def encrypt_data(self, data): def encrypt_data(self, data):
pw = self.decrypt_sensitive_data() pw = self.decrypt_sensitive_data().encode('utf-8')
sb = self.get_secret_box(pw) sb = self.get_secret_box(pw)
value_enc = sb.encrypt(data.encode('utf-8')) value_enc = sb.encrypt(data.encode('utf-8'))
return base64.b64encode(value_enc).decode('utf-8') return base64.b64encode(value_enc).decode('utf-8')
def decrypt_data(self, data): def decrypt_data(self, data):
pw = self.decrypt_sensitive_data() pw = self.decrypt_sensitive_data().encode('utf-8')
sb = self.get_secret_box(pw) sb = self.get_secret_box(pw)
value = base64.b64decode(data.encode('utf-8')) value = base64.b64decode(data.encode('utf-8'))
return sb.decrypt(value).decode('utf-8') return sb.decrypt(value).decode('utf-8')
def get_secret_box(self, password): def get_secret_box(self, password):
sb_key = self.derive_key_from_password(password) sb_key = self.derive_key_from_password(password=password)
return secret.SecretBox(sb_key) return secret.SecretBox(sb_key)
def change_password_key(self, new_password): def change_password_key(self, new_password):
data = self.decrypt_sensitive_data() data = self.decrypt_sensitive_data()
sb_key = self.derive_key_from_password(new_password) sb_key = self.derive_key_from_password(password=new_password)
sb = secret.SecretBox(sb_key) sb = secret.SecretBox(sb_key)
if not isinstance(data, bytes): if not isinstance(data, bytes):
data = data.encode('utf-8') data = data.encode('utf-8')