1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
import keyring
from leap.base.config import get_config_file
#############
# Disclaimer
#############
# This currently is not a keyring, it's more like a joke.
# No, seriously.
# We're affected by this **bug**
# https://bitbucket.org/kang/python-keyring-lib/
# issue/65/dbusexception-method-opensession-with
# so using the gnome keyring does not seem feasible right now.
# I thought this was the next best option to store secrets in plain sight.
# in the future we should move to use the gnome/kde/macosx/win keyrings.
class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring):
filename = ".secrets"
@property
def file_path(self):
return get_config_file(self.filename)
def __init__(self, seed=None):
self.seed = seed
def _get_new_password(self):
# XXX every time this method is called,
# $deity kills a kitten.
return "secret%s" % self.seed
def _init_file(self):
self.keyring_key = self._get_new_password()
self.set_password('keyring_setting', 'pass_ref', 'pass_ref_value')
def _unlock(self):
self.keyring_key = self._get_new_password()
print 'keyring key ', self.keyring_key
try:
ref_pw = self.get_password(
'keyring_setting',
'pass_ref')
print 'ref pw ', ref_pw
assert ref_pw == "pass_ref_value"
except AssertionError:
self._lock()
raise ValueError('Incorrect password')
def leap_set_password(key, value, seed="xxx"):
keyring.set_keyring(LeapCryptedFileKeyring(seed=seed))
keyring.set_password('leap', key, value)
def leap_get_password(key, seed="xxx"):
keyring.set_keyring(LeapCryptedFileKeyring(seed=seed))
return keyring.get_password('leap', key)
if __name__ == "__main__":
leap_set_password('test', 'bar')
passwd = leap_get_password('test')
assert passwd == 'bar'
|
