Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
gjl2004yn
jumpserver
提交
75be45ce
J
jumpserver
项目概览
gjl2004yn
/
jumpserver
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jumpserver
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
75be45ce
编写于
6月 11, 2020
作者:
baltery
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: 使用新的对称加密方式: aes
上级
04eb670a
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
74 addition
and
55 deletion
+74
-55
apps/common/fields/model.py
apps/common/fields/model.py
+19
-5
apps/common/utils/__init__.py
apps/common/utils/__init__.py
+1
-0
apps/common/utils/crypto.py
apps/common/utils/crypto.py
+54
-0
apps/common/utils/encode.py
apps/common/utils/encode.py
+0
-50
未找到文件。
apps/common/fields/model.py
浏览文件 @
75be45ce
...
@@ -3,8 +3,9 @@
...
@@ -3,8 +3,9 @@
import
json
import
json
from
django.db
import
models
from
django.db
import
models
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.encoding
import
force_text
from
..utils
import
signer
from
..utils
import
signer
,
aes_crypto
__all__
=
[
__all__
=
[
...
@@ -114,11 +115,22 @@ class EncryptMixin:
...
@@ -114,11 +115,22 @@ class EncryptMixin:
def
from_db_value
(
self
,
value
,
expression
,
connection
,
context
):
def
from_db_value
(
self
,
value
,
expression
,
connection
,
context
):
if
value
is
None
:
if
value
is
None
:
return
value
return
value
value
=
signer
.
unsign
(
value
)
value
=
force_text
(
value
)
plain_value
=
''
# 优先采用 aes 解密
try
:
plain_value
=
aes_crypto
.
decrypt
(
value
)
except
(
TypeError
,
ValueError
):
pass
# 如果没有解开,使用原来的signer解密
if
not
plain_value
:
plain_value
=
signer
.
unsign
(
value
)
or
''
sp
=
super
()
sp
=
super
()
if
hasattr
(
sp
,
'from_db_value'
):
if
hasattr
(
sp
,
'from_db_value'
):
return
sp
.
from_db_value
(
value
,
expression
,
connection
,
context
)
plain_value
=
sp
.
from_db_value
(
plain_
value
,
expression
,
connection
,
context
)
return
value
return
plain_
value
def
get_prep_value
(
self
,
value
):
def
get_prep_value
(
self
,
value
):
if
value
is
None
:
if
value
is
None
:
...
@@ -126,7 +138,9 @@ class EncryptMixin:
...
@@ -126,7 +138,9 @@ class EncryptMixin:
sp
=
super
()
sp
=
super
()
if
hasattr
(
sp
,
'get_prep_value'
):
if
hasattr
(
sp
,
'get_prep_value'
):
value
=
sp
.
get_prep_value
(
value
)
value
=
sp
.
get_prep_value
(
value
)
return
signer
.
sign
(
value
)
value
=
force_text
(
value
)
# 替换新的加密方式
return
aes_crypto
.
encrypt
(
value
)
class
EncryptTextField
(
EncryptMixin
,
models
.
TextField
):
class
EncryptTextField
(
EncryptMixin
,
models
.
TextField
):
...
...
apps/common/utils/__init__.py
浏览文件 @
75be45ce
...
@@ -6,3 +6,4 @@ from .django import *
...
@@ -6,3 +6,4 @@ from .django import *
from
.encode
import
*
from
.encode
import
*
from
.http
import
*
from
.http
import
*
from
.ipip
import
*
from
.ipip
import
*
from
.crypto
import
*
apps/common/utils/crypto.py
0 → 100644
浏览文件 @
75be45ce
import
base64
from
Crypto.Cipher
import
AES
from
django.conf
import
settings
class
AESCrypto
:
"""
AES
除了MODE_SIV模式key长度为:32, 48, or 64,
其余key长度为16, 24 or 32
详细见AES内部文档
CBC模式传入iv参数
本例使用常用的ECB模式
"""
def
__init__
(
self
,
key
):
if
len
(
key
)
>
32
:
key
=
key
[:
32
]
self
.
key
=
self
.
to_16
(
key
)
@
staticmethod
def
to_16
(
key
):
"""
转为16倍数的bytes数据
:param key:
:return:
"""
key
=
bytes
(
key
,
encoding
=
"utf8"
)
while
len
(
key
)
%
16
!=
0
:
key
+=
b
'
\0
'
return
key
# 返回bytes
def
aes
(
self
):
return
AES
.
new
(
self
.
key
,
AES
.
MODE_ECB
)
# 初始化加密器
def
encrypt
(
self
,
text
):
aes
=
self
.
aes
()
return
str
(
base64
.
encodebytes
(
aes
.
encrypt
(
self
.
to_16
(
text
))),
encoding
=
'utf8'
).
replace
(
'
\n
'
,
''
)
# 加密
def
decrypt
(
self
,
text
):
aes
=
self
.
aes
()
return
str
(
aes
.
decrypt
(
base64
.
decodebytes
(
bytes
(
text
,
encoding
=
'utf8'
))).
rstrip
(
b
'
\0
'
).
decode
(
"utf8"
))
# 解密
def
get_aes_crypto
(
key
=
None
):
if
key
is
None
:
key
=
settings
.
SECRET_KEY
a
=
AESCrypto
(
key
)
return
a
aes_crypto
=
get_aes_crypto
()
apps/common/utils/encode.py
浏览文件 @
75be45ce
...
@@ -9,7 +9,6 @@ import time
...
@@ -9,7 +9,6 @@ import time
import
hashlib
import
hashlib
from
io
import
StringIO
from
io
import
StringIO
from
itertools
import
chain
from
itertools
import
chain
from
Crypto.Cipher
import
AES
import
paramiko
import
paramiko
import
sshpubkeys
import
sshpubkeys
...
@@ -227,52 +226,3 @@ def model_to_json(instance, sort_keys=True, indent=2, cls=None):
...
@@ -227,52 +226,3 @@ def model_to_json(instance, sort_keys=True, indent=2, cls=None):
cls
=
DjangoJSONEncoder
cls
=
DjangoJSONEncoder
return
json
.
dumps
(
data
,
sort_keys
=
sort_keys
,
indent
=
indent
,
cls
=
cls
)
return
json
.
dumps
(
data
,
sort_keys
=
sort_keys
,
indent
=
indent
,
cls
=
cls
)
class
AESCrypto
:
"""
AES
除了MODE_SIV模式key长度为:32, 48, or 64,
其余key长度为16, 24 or 32
详细见AES内部文档
CBC模式传入iv参数
本例使用常用的ECB模式
"""
def
__init__
(
self
,
key
):
if
len
(
key
)
>
32
:
key
=
key
[:
32
]
self
.
key
=
self
.
to_16
(
key
)
@
staticmethod
def
to_16
(
key
):
"""
转为16倍数的bytes数据
:param key:
:return:
"""
key
=
bytes
(
key
,
encoding
=
"utf8"
)
while
len
(
key
)
%
16
!=
0
:
key
+=
b
'
\0
'
return
key
# 返回bytes
def
aes
(
self
):
return
AES
.
new
(
self
.
key
,
AES
.
MODE_ECB
)
# 初始化加密器
def
encrypt
(
self
,
text
):
aes
=
self
.
aes
()
return
str
(
base64
.
encodebytes
(
aes
.
encrypt
(
self
.
to_16
(
text
))),
encoding
=
'utf8'
).
replace
(
'
\n
'
,
''
)
# 加密
def
decrypt
(
self
,
text
):
aes
=
self
.
aes
()
return
str
(
aes
.
decrypt
(
base64
.
decodebytes
(
bytes
(
text
,
encoding
=
'utf8'
))).
rstrip
(
b
'
\0
'
).
decode
(
"utf8"
))
# 解密
def
get_aes_crypto
(
key
=
None
):
if
key
is
None
:
key
=
settings
.
SECRET_KEY
a
=
AESCrypto
(
key
)
return
a
aes
=
get_aes_crypto
()
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录