jumpserver/apps/authentication/utils.py

# -*- coding: utf-8 -*-
#
import base64
from Cryptodome.PublicKey import RSA
from Cryptodome.Cipher import PKCS1_v1_5
from Cryptodome import Random

from common.utils import get_logger

logger = get_logger(__file__)


def gen_key_pair():
    """ 生成加密key
    用于登录页面提交用户名/密码时，对密码进行加密（前端）/解密（后端）
    """
    random_generator = Random.new().read
    rsa = RSA.generate(1024, random_generator)
    rsa_private_key = rsa.exportKey().decode()
    rsa_public_key = rsa.publickey().exportKey().decode()
    return rsa_private_key, rsa_public_key


def rsa_encrypt(message, rsa_public_key):
    """ 加密登录密码 """
    key = RSA.importKey(rsa_public_key)
    cipher = PKCS1_v1_5.new(key)
    cipher_text = base64.b64encode(cipher.encrypt(message.encode())).decode()
    return cipher_text


def rsa_decrypt(cipher_text, rsa_private_key=None):
    """ 解密登录密码 """
    if rsa_private_key is None:
        # rsa_private_key 为 None，可以能是API请求认证，不需要解密
        return cipher_text

    key = RSA.importKey(rsa_private_key)
    cipher = PKCS1_v1_5.new(key)
    cipher_decoded = base64.b64decode(cipher_text.encode())
    # Todo: 弄明白为何要以下这么写，https://xbuba.com/questions/57035263
    if len(cipher_decoded) == 127:
        hex_fixed = '00' + cipher_decoded.hex()
        cipher_decoded = base64.b16decode(hex_fixed.upper())
    message = cipher.decrypt(cipher_decoded, b'error').decode()
    return message
-												[Update] Stash

											
										
										
											6 years ago
+								# -*- coding: utf-8 -*-
 								#
-												feat(login password ecrypt): 登录密码加密传输

											
										
										
											4 years ago
+								import base64
-												perf: 删除`pycryptodome`依赖包安装(因为`pycryptodome`和`pycrypto`安装包目录冲突);只安装 `pycryptodomex`依赖包; 修改 `from crypto` 为 `from cryptodome`

											
										
										
											4 years ago
+								from Cryptodome.PublicKey import RSA
 								from Cryptodome.Cipher import PKCS1_v1_5
 								from Cryptodome import Random
-												Dev beta (#3048)

* [Update] 统一url地址

* [Update] 修改api

* [Update] 使用规范的签名

* [Update] 修改url

* [Update] 修改swagger

* [Update] 添加serializer class避免报错

* [Update] 修改token

* [Update] 支持api key

* [Update] 支持生成api key

* [Update] 修改api重定向

* [Update] 修改翻译

* [Update] 添加说明文档

* [Update] 修复浏览器关闭后session不失效的问题

* [Update] 修改一些内容

* [Update] 修改 jms脚本

* [Update] 修改重定向

* [Update] 修改搜索trim

* [Update] 修改搜索trim

* [Update] 添加sys log

* [Bugfix] 修改登陆错误

* [Update] 优化User操作private_token的接口 (#3091)

* [Update] 优化User操作private_token的接口

* [Update] 优化User操作private_token的接口 2

* [Bugfix] 解决授权了一个节点，当移动节点后，被移动的节点下的资产会放到未分组节点下的问题

* [Update] 升级jquery

* [Update] 默认使用page

* [Update] 修改使用Orgmodel view set

* [Update] 支持 nv的硬盘 https://github.com/jumpserver/jumpserver/issues/1804

* [UPdate] 解决命令执行宽度问题

* [Update] 优化节点

* [Update] 修改nodes过多时创建比较麻烦

* [Update] 修改导入

* [Update] 节点获取更新

* [Update] 修改nodes

* [Update] nodes显示full value

* [Update] 统一使用nodes select2 函数

* [Update] 修改磁盘大小小数

* [Update] 修改 Node service

* [Update] 优化授权节点

* [Update] 修改 node permission

* [Update] 修改asset permission

* [Stash]

* [Update] 修改node assets api

* [Update] 修改tree service，支持资产数量

* [Update] 修改暂时完成

* [Update] 修改一些bug

											
										
										
											5 years ago
-												feat(login password ecrypt): 登录密码加密传输

											
										
										
											4 years ago
+								from common.utils import get_logger
 								logger = get_logger(__file__)
 								def gen_key_pair():
 								    """ 生成加密key
 								    用于登录页面提交用户名/密码时，对密码进行加密（前端）/解密（后端）
 								    """
 								    random_generator = Random.new().read
 								    rsa = RSA.generate(1024, random_generator)
 								    rsa_private_key = rsa.exportKey().decode()
 								    rsa_public_key = rsa.publickey().exportKey().decode()
 								    return rsa_private_key, rsa_public_key
-												feat(login password ecrypt): 登录密码加密传输 4

											
										
										
											4 years ago
+								def rsa_encrypt(message, rsa_public_key):
 								    """ 加密登录密码 """
 								    key = RSA.importKey(rsa_public_key)
 								    cipher = PKCS1_v1_5.new(key)
 								    cipher_text = base64.b64encode(cipher.encrypt(message.encode())).decode()
 								    return cipher_text
-												feat(login password ecrypt): 登录密码加密传输

											
										
										
											4 years ago
+								def rsa_decrypt(cipher_text, rsa_private_key=None):
 								    """ 解密登录密码 """
 								    if rsa_private_key is None:
 								        # rsa_private_key 为 None，可以能是API请求认证，不需要解密
 								        return cipher_text
-												fix(authentication): 修复登录时有时解密失败

											
										
										
											4 years ago
-												feat(login password ecrypt): 登录密码加密传输

											
										
										
											4 years ago
+								    key = RSA.importKey(rsa_private_key)
 								    cipher = PKCS1_v1_5.new(key)
-												fix(authentication): 修复登录时有时解密失败

											
										
										
											4 years ago
+								    cipher_decoded = base64.b64decode(cipher_text.encode())
 								    # Todo: 弄明白为何要以下这么写，https://xbuba.com/questions/57035263
 								    if len(cipher_decoded) == 127:
 								        hex_fixed = '00' + cipher_decoded.hex()
 								        cipher_decoded = base64.b16decode(hex_fixed.upper())
 								    message = cipher.decrypt(cipher_decoded, b'error').decode()
-												feat(login password ecrypt): 登录密码加密传输

											
										
										
											4 years ago
+								    return message