3 (È\X ã@s’dZddlmZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZdZe jd Zd d „Zd d „Zdd„Zdd„ZdS)z This File Provides Cryptography.é)ÚdivisionN)Údefault_backend)ÚCipher)ÚAES)ÚCFB8ó}écCs\tjtƒ}ttt|ƒƒt|ƒtƒƒ}|jƒ}t |t j ƒr@|j ƒ}t j||j|ƒ|jƒƒS)z— Encrypt the plaintext with AES method. Parameters: plaintext -- String to be encrypted. key -- Key for encryption. )ÚosÚurandomÚiv_sizerrÚpadrrÚ encryptorÚ isinstanceÚsixÚ text_typeÚencodeÚbase64Z b64encodeÚupdateÚfinalize)Z plaintextÚkeyÚivÚcipherr ©rú//usr/share/pgadmin4/web/pgadmin/utils/crypto.pyÚencrypts  rcCsRtj|ƒ}|dt…}ttt|ƒƒt|ƒtƒƒ}|jƒ}|j |td…ƒ|j ƒS)z¯ Decrypt the AES encrypted string. Parameters: ciphertext -- Encrypted string with AES method. key -- key to decrypt the encrypted string. N) rZ b64decoder rrr rrÚ decryptorrr)Z ciphertextrrrrrrrÚdecrypt3s  rcCs<t|tjƒr|jƒ}|dd…}t|ƒdkr0|S|jdtƒS)zAdd padding to the key.Né éé)rrr)rrrrÚlenÚljustÚpadding_string)rrrrr Ds    r cCsXtjƒ}ttdƒr(|jdƒ}|jdƒ}n|jƒ}|jƒ}|j|ƒ|j|ƒd|jƒS)aÑ pqencryptpassword -- to encrypt a password This is intended to be used by client applications that wish to send commands like ALTER USER joe PASSWORD 'pwd'. The password need not be sent in cleartext if it is encrypted on the client side. This is good because it ensures the cleartext password won't end up in logs, pg_stat displays, etc. We export the function so that clients won't be dependent on low-level details like whether the enceyption is MD5 or something else. Arguments are the cleartext password, and the SQL name of the user it is for. Return value is "md5" followed by a 32-hex-digit MD5 checksum.. Args: password: user: Returns: Údecodezutf-8Úmd5)Úhashlibr$ÚhasattrÚstrrrZ hexdigest)ZpasswordÚuserÚmrrrÚpqencryptpasswordUs     r*)Ú__doc__Z __future__rrr%r rZcryptography.hazmat.backendsrZ&cryptography.hazmat.primitives.ciphersrZ1cryptography.hazmat.primitives.ciphers.algorithmsrZ,cryptography.hazmat.primitives.ciphers.modesrr"Z block_sizer rrr r*rrrrÚ s