PageRenderTime 1675ms CodeModel.GetById 31ms RepoModel.GetById 1ms app.codeStats 0ms

/lib/galaxy/web/security/__init__.py

https://bitbucket.org/chapmanb/galaxy-central/
Python | 75 lines | 59 code | 9 blank | 7 comment | 5 complexity | 221f5cb836f2d9173e552d12c9f9c3fd MD5 | raw file
  1. import os, os.path, logging
  2. import pkg_resources
  3. pkg_resources.require( "pycrypto" )
  4. from Crypto.Cipher import Blowfish
  5. from Crypto.Util.randpool import RandomPool
  6. from Crypto.Util import number
  7. log = logging.getLogger( __name__ )
  8. if os.path.exists( "/dev/urandom" ):
  9. # We have urandom, use it as the source of random data
  10. random_fd = os.open( "/dev/urandom", os.O_RDONLY )
  11. def get_random_bytes( nbytes ):
  12. value = os.read( random_fd, nbytes )
  13. # Normally we should get as much as we need
  14. if len( value ) == nbytes:
  15. return value.encode( "hex" )
  16. # If we don't, keep reading (this is slow and should never happen)
  17. while len( value ) < nbytes:
  18. value += os.read( random_fd, nbytes - len( value ) )
  19. return value.encode( "hex" )
  20. else:
  21. def get_random_bytes( nbytes ):
  22. nbits = nbytes * 8
  23. random_pool = RandomPool( 1064 )
  24. while random_pool.entropy < nbits:
  25. random_pool.add_event()
  26. random_pool.stir()
  27. return str( number.getRandomNumber( nbits, random_pool.get_bytes ) )
  28. class SecurityHelper( object ):
  29. def __init__( self, **config ):
  30. self.id_secret = config['id_secret']
  31. self.id_cipher = Blowfish.new( self.id_secret )
  32. def encode_id( self, obj_id ):
  33. # Convert to string
  34. s = str( obj_id )
  35. # Pad to a multiple of 8 with leading "!"
  36. s = ( "!" * ( 8 - len(s) % 8 ) ) + s
  37. # Encrypt
  38. return self.id_cipher.encrypt( s ).encode( 'hex' )
  39. def encode_dict_ids( self, a_dict ):
  40. """
  41. Encode all ids in dictionary. Ids are identified by (a) an 'id' key or
  42. (b) a key that ends with '_id'
  43. """
  44. for key, val in a_dict.items():
  45. if key == 'id' or key.endswith('_id'):
  46. a_dict[ key ] = self.encode_id( val )
  47. return a_dict
  48. def decode_id( self, obj_id ):
  49. return int( self.id_cipher.decrypt( obj_id.decode( 'hex' ) ).lstrip( "!" ) )
  50. def encode_guid( self, session_key ):
  51. # Session keys are strings
  52. # Pad to a multiple of 8 with leading "!"
  53. s = ( "!" * ( 8 - len( session_key ) % 8 ) ) + session_key
  54. # Encrypt
  55. return self.id_cipher.encrypt( s ).encode( 'hex' )
  56. def decode_guid( self, session_key ):
  57. # Session keys are strings
  58. return self.id_cipher.decrypt( session_key.decode( 'hex' ) ).lstrip( "!" )
  59. def get_new_guid( self ):
  60. # Generate a unique, high entropy 128 bit random number
  61. return get_random_bytes( 16 )