Browse Source

On my way to finish the basic gpg password server.

master
Bernd Zeimetz 7 years ago
parent
commit
ec7ddca6ea
6 changed files with 65 additions and 26 deletions
  1. 3
    0
      .gitignore
  2. 28
    13
      monkeystore/pwstore.py
  3. 27
    10
      monkeystore/web.py
  4. BIN
      pwgen/.__init__.py.swp
  5. 4
    3
      pwgen/__init__.py
  6. 3
    0
      testclient.py

+ 3
- 0
.gitignore View File

@@ -1 +1,4 @@
*.pyc
*.shelve
*.shelve.lock
.*.swp

+ 28
- 13
monkeystore/pwstore.py View File

@@ -33,7 +33,6 @@ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import os
import tempfile
from git import Repo
from pwgen import pwgen
import gnupg

class GPGpwstoreException(Exception):
@@ -42,12 +41,12 @@ class GPGpwstoreException(Exception):
#class GPGpwstoreData(object):
# def __init__(self, hostname, service, username, password_gpg, description):
# for i in ["hostname", "service", "username", "password_gpg"]:
# if not locals()[i] then:
# if not locals()[i]:
# raise GPGpwstoreException("Failed to store password: %s must be set (not %s)!" %
# (i, str(locals()[i])))
# setattr(self, i, locals()[i])
# for i in ["description"]:
# if locals()[i] then:
# if locals()[i]:
# setattr(self, i, locals()[i])
# else:
# setattr(self, i, "")
@@ -64,14 +63,11 @@ class GPGpwstore(object):
self.commit_messages = []
self.__init_directories()
self.gpg = gnupg.GPG()
self.tempdir = tempfile.mkdtemp()
self.cryptstring = pwgen(200, num_pw=1)


def __init_directories(self):
for p in [self.pw_directory]+[ os.path.join(self.pw_directory, c) for c in self.categories]:
if not os.path.exists(p):
os.mkdir(p, mode=0700)
os.mkdir(p, 0700)
else:
if not os.path.isdir(p):
raise GPGpwstoreException("%s exists but it is not a directory" %(p,))
@@ -84,7 +80,7 @@ class GPGpwstore(object):

def __get_directory__(category, hostname, service, username):
for i in ["category", "hostname", "service", "username"]:
if not locals()[i] then:
if not locals()[i]:
raise GPGpwstoreException("Failed to retrieve/set password: %s must be set (not %s)!" %
(i, str(locals()[i])))
if not category in self.categories:
@@ -97,16 +93,25 @@ class GPGpwstore(object):
username.strip().encode('hex')
)


def __encrypt_data__(data, keys, passphrase=None, symmetric=False):
gpg_data = self.gpg.encrypt(data, keys, passphrase=passphrase, symmetric=symmetric)
if not gpg_data.ok:
raise GPGpwstoreException("Failed to encrypt: \n%s" %(gpg_data.stderr,))
return gpg_data.data

def __decrypt_data__(gpg_data, passphrase=None):
data = self.gpg.decrypt(gpg_data, passphrase=passphrase, always_trust=True)
if not data.ok:
raise GPGpwstoreException("Failed to encrypt: \n%s" %(data.stderr,))
return data.data
def __crypt_password__(category, password):
try:
keys = [ self.gpg_keys[x] for x in self.category_users['category'] ]
except KeyError:
raise GPGpwstoreException("Category %s not known!" %(category,))
gpg_data = self.gpg.encrypt(password, keys)
if not data.ok:
raise GPGpwstoreException("Failed to encrypt password: \n%s" %(data.stderr,))
return data.data
return self.__encrypt_data__(password, keys)

def __write_password__(category, hostname, service, username, password):
pwfile = os.path.join(
@@ -136,3 +141,13 @@ class GPGpwstore(object):
self.commit_messages = []


def crypt_token(pwstore_user, token):
if not pwstore_user in self.users:
raise GPGpwstoreException("Unknown user: %s" %(pwstore_user,))
return self.__encrypt_data__(token, self.gpg_keys[pwstore_user])

def decrypt_with_token(gpg_data, token):
return self.__decrypt_data__(gpg_data, passphrase=token)




+ 27
- 10
monkeystore/web.py View File

@@ -32,43 +32,51 @@ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import flask
import string
from flaskext.xmlrpc import XMLRPCHandler, Fault
from flaskext.flask_shelve import init_app
from flaskext.flask_shelve import get_shelve, init_app as flask_shelve_init

from pwgen import pwgen
from .pwstore import GPGpwstore, GPGpwstoreException
app = flask.Flask(__name__)
init_app(app)

__all__ = ["app"]

app.config.from_object('monkeystore.config')
flask_shelve_init(app)

api = XMLRPCHandler('api')
api.connect(app, '/')

gpg_pwstore = GPGpwstore(app.config)

def __take_token__(pwstore_user):
db = get_shelve('c')
token=db[pwstore_user]
db[pwstore_user]=None
return token


@api.register
def add_password(pwstore_user, pwstore_token,
category, hostname, service, username, description, password_crypt):
def add_password(pwstore_user,
category, hostname, service, username, description_crypt, password_crypt):
pass

@api.register
def update_password(pwstore_user, pwstore_token,
def update_password(pwstore_user,
category, hostname, service, username, password_crypt):
pass

@api.register
def update_description(pwstore_user, pwstore_token,
category, hostname, service, username, description):
def update_description(pwstore_user,
category, hostname, service, username, description_crypt):
pass

@api.register
def search_password(search_string):
def search(search_string, in_description=False):
pass

@api.register
def list_categories():
pass
return app.config['CATEGORY_USERS'].keys()

@api.register
def list_servers(category):
@@ -85,4 +93,13 @@ def generate_password(length=8):
@api.register
def retrieve_token(pwstore_user):
token = generate_password(200)
try:
crypted_token = gpg_pwstore.crypt_token(pwstore_user, token)
except GPGpwstoreException, e:
raise Fault(str(e))
db = get_shelve('c')
db[pwstore_user] = token
return crypted_token




BIN
pwgen/.__init__.py.swp View File


+ 4
- 3
pwgen/__init__.py View File

@@ -69,9 +69,10 @@ def pwgen(pw_length=20, num_pw=1, no_numerals=False, no_capitalize=False, capita
passwd = ''
while len(passwd) < pw_length:
passwd = passwd + "".join(choice(letters) for x in range(pw_length - len(passwd)))
pwarray = list(set(passwd))
SystemRandom().shuffle(pwarray)
passwd = ''.join(pwarray)
if len(passwd) < 20:
pwarray = list(set(passwd))
SystemRandom().shuffle(pwarray)
passwd = ''.join(pwarray)
if capitalize and not HasCaps.search(passwd):
passwd = replaceRandomChar(choice(UpperCase), passwd)
if numerals and not HasNumerals.search(passwd):

+ 3
- 0
testclient.py View File

@@ -34,3 +34,6 @@ import xmlrpclib
server = xmlrpclib.ServerProxy('http://localhost:5000/')
for i in range(5):
print server.generate_password(40)

print server.test()['a']


Loading…
Cancel
Save