encrypted_data_bag_item module refactored. Removed nested classes

kamilbednarz · kamilbednarz · commit 96f7ea5c3e9e · 2014-01-12T19:27:32.000+01:00
diff --git a/chef/encrypted_data_bag_item.py b/chef/encrypted_data_bag_item.py
@@ -18,122 +18,117 @@ def __getitem__(self, key):
         if key == 'id':
             return self.raw_data[key]
         else:
-            return EncryptedDataBagItem.Decryptors.create_decryptor(self.api.encryption_key, self.raw_data[key]).decrypt()
+            return create_decryptor(self.api.encryption_key, self.raw_data[key]).decrypt()
 
     def __setitem__(self, key, value):
         if key == 'id':
             self.raw_data[key] = value
         else:
-            self.raw_data[key] = EncryptedDataBagItem.Encryptors.create_encryptor(self.api.encryption_key, value, self.api.encryption_version).to_dict()
-
-    @staticmethod
-    def get_version(data):
-        if data.has_key('version'):
-            if str(data['version']) in map(str, EncryptedDataBagItem.SUPPORTED_ENCRYPTION_VERSIONS):
-                return data['version']
-            else:
-                raise ChefUnsupportedEncryptionVersionError(data['version'])
+            self.raw_data[key] = create_encryptor(self.api.encryption_key, value, self.api.encryption_version).to_dict()
+
+def create_encryptor(key, data, version):
+    try:
+        return {
+            1: EncryptorVersion1(key, data),
+            2: EncryptorVersion2(key, data)
+            }[version]
+    except KeyError:
+        raise ChefUnsupportedEncryptionVersionError(version)
+
+class EncryptorVersion1(object):
+    VERSION = 1
+
+    def __init__(self, key, data):
+        self.plain_key = key
+        self.key = hashlib.sha256(key).digest()
+        self.data = data
+        self.iv = os.urandom(8).encode('hex')
+        self.encryptor = AES256Cipher(key=self.key, iv=self.iv)
+        self.encrypted_data = None
+
+    def encrypt(self):
+        if self.encrypted_data is None:
+            data = json.dumps({'json_wrapper': self.data})
+            self.encrypted_data = self.encryptor.encrypt(data)
+        return self.encrypted_data
+
+    def to_dict(self):
+        return {
+            "encrypted_data": base64.standard_b64encode(self.encrypt()),
+            "iv": base64.standard_b64encode(self.iv),
+            "version": self.VERSION,
+            "cipher": "aes-256-cbc"
+            }
+
+class EncryptorVersion2(EncryptorVersion1):
+    VERSION = 2
+
+    def __init__(self, key, data):
+        super(EncryptorVersion2, self).__init__(key, data)
+        self.hmac = None
+
+    def encrypt(self):
+        self.encrypted_data = super(EncryptorVersion2, self).encrypt()
+        self.hmac = (self.hmac if self.hmac is not None else self._generate_hmac())
+        return self.encrypted_data
+
+    def _generate_hmac(self):
+        raw_hmac = hmac.new(self.plain_key, base64.standard_b64encode(self.encrypted_data), hashlib.sha256).digest()
+        return raw_hmac
+
+    def to_dict(self):
+        result = super(EncryptorVersion2, self).to_dict()
+        result['hmac'] = base64.standard_b64encode(self.hmac)
+        return result
+
+def get_decryption_version(data):
+    if data.has_key('version'):
+        if str(data['version']) in map(str, EncryptedDataBagItem.SUPPORTED_ENCRYPTION_VERSIONS):
+            return data['version']
         else:
-            return 1
-
-    class Encryptors(object):
-        @staticmethod
-        def create_encryptor(key, data, version):
-            try:
-                return {
-                    1: EncryptedDataBagItem.Encryptors.EncryptorVersion1(key, data),
-                    2: EncryptedDataBagItem.Encryptors.EncryptorVersion2(key, data)
-                    }[version]
-            except KeyError:
-                raise ChefUnsupportedEncryptionVersionError(version)
-
-        class EncryptorVersion1(object):
-            VERSION = 1
-            def __init__(self, key, data):
-                self.plain_key = key
-                self.key = hashlib.sha256(key).digest()
-                self.data = data
-                self.iv = os.urandom(8).encode('hex')
-                self.encryptor = AES256Cipher(key=self.key, iv=self.iv)
-                self.encrypted_data = None
-
-            def encrypt(self):
-                if self.encrypted_data is None:
-                    data = json.dumps({'json_wrapper': self.data})
-                    self.encrypted_data = self.encryptor.encrypt(data)
-                return self.encrypted_data
-
-            def to_dict(self):
-                return {
-                        "encrypted_data": base64.standard_b64encode(self.encrypt()),
-                        "iv": base64.standard_b64encode(self.iv),
-                        "version": self.VERSION,
-                        "cipher": "aes-256-cbc"
-                        }
-
-        class EncryptorVersion2(EncryptorVersion1):
-            VERSION = 2
-
-            def __init__(self, key, data):
-                super(EncryptedDataBagItem.Encryptors.EncryptorVersion2, self).__init__(key, data)
-                self.hmac = None
-
-            def encrypt(self):
-                self.encrypted_data = super(EncryptedDataBagItem.Encryptors.EncryptorVersion2, self).encrypt()
-                self.hmac = (self.hmac if self.hmac is not None else self._generate_hmac())
-                return self.encrypted_data
-
-            def _generate_hmac(self):
-                raw_hmac = hmac.new(self.plain_key, base64.standard_b64encode(self.encrypted_data), hashlib.sha256).digest()
-                return raw_hmac
-
-            def to_dict(self):
-                result = super(EncryptedDataBagItem.Encryptors.EncryptorVersion2, self).to_dict()
-                result['hmac'] = base64.standard_b64encode(self.hmac)
-                return result
-
-    class Decryptors(object):
-        @staticmethod
-        def create_decryptor(key, data):
-            version = EncryptedDataBagItem.get_version(data)
-            if version == 1:
-                return EncryptedDataBagItem.Decryptors.DecryptorVersion1(key, data['encrypted_data'], data['iv'])
-            elif version == 2:
-                return EncryptedDataBagItem.Decryptors.DecryptorVersion2(key, data['encrypted_data'], data['iv'], data['hmac'])
-
-        class DecryptorVersion1(object):
-            def __init__(self, key, data, iv):
-                self.key = hashlib.sha256(key).digest()
-                self.data = base64.standard_b64decode(data)
-                self.iv = base64.standard_b64decode(iv)
-                self.decryptor = AES256Cipher(key=self.key, iv=self.iv)
-
-            def decrypt(self):
-                value = self.decryptor.decrypt(self.data)
-                # After decryption we should get a string with JSON
-                try:
-                    value = json.loads(value)
-                except ValueError:
-                    raise ChefDecryptionError("Error decrypting data bag value. Most likely the provided key is incorrect")
-                return value['json_wrapper']
-
-        class DecryptorVersion2(DecryptorVersion1):
-
-            def __init__(self, key, data, iv, hmac):
-                super(EncryptedDataBagItem.Decryptors.DecryptorVersion2, self).__init__(key, data, iv)
-                self.hmac = base64.standard_b64decode(hmac)
-                self.encoded_data = data
-
-            def _validate_hmac(self):
-                expected_hmac = hmac.new(self.key, self.encoded_data, hashlib.sha256).digest()
-                valid = len(expected_hmac) ^ len(self.hmac)
-                for expected_char, candidate_char in itertools.izip_longest(expected_hmac, self.hmac):
-                    valid |= ord(expected_char) ^ ord(candidate_char)
-                return valid == 0
-
-            def decrypt(self):
-                if self._validate_hmac():
-                    return super(EncryptedDataBagItem.Decryptors.DecryptorVersion2, self).decrypt()
-                else:
-                    raise ChefDecryptionError("Error decrypting data bag value. HMAC validation failed.")
+            raise ChefUnsupportedEncryptionVersionError(data['version'])
+    else:
+        return 1
+
+def create_decryptor(key, data):
+    version = get_decryption_version(data)
+    if version == 1:
+        return DecryptorVersion1(key, data['encrypted_data'], data['iv'])
+    elif version == 2:
+        return DecryptorVersion2(key, data['encrypted_data'], data['iv'], data['hmac'])
+
+class DecryptorVersion1(object):
+    def __init__(self, key, data, iv):
+        self.key = hashlib.sha256(key).digest()
+        self.data = base64.standard_b64decode(data)
+        self.iv = base64.standard_b64decode(iv)
+        self.decryptor = AES256Cipher(key=self.key, iv=self.iv)
+
+    def decrypt(self):
+        value = self.decryptor.decrypt(self.data)
+        # After decryption we should get a string with JSON
+        try:
+            value = json.loads(value)
+        except ValueError:
+            raise ChefDecryptionError("Error decrypting data bag value. Most likely the provided key is incorrect")
+        return value['json_wrapper']
+
+class DecryptorVersion2(DecryptorVersion1):
+    def __init__(self, key, data, iv, hmac):
+        super(DecryptorVersion2, self).__init__(key, data, iv)
+        self.hmac = base64.standard_b64decode(hmac)
+        self.encoded_data = data
+
+    def _validate_hmac(self):
+        expected_hmac = hmac.new(self.key, self.encoded_data, hashlib.sha256).digest()
+        valid = len(expected_hmac) ^ len(self.hmac)
+        for expected_char, candidate_char in itertools.izip_longest(expected_hmac, self.hmac):
+            valid |= ord(expected_char) ^ ord(candidate_char)
+        return valid == 0
+
+    def decrypt(self):
+        if self._validate_hmac():
+            return super(DecryptorVersion2, self).decrypt()
+        else:
+            raise ChefDecryptionError("Error decrypting data bag value. HMAC validation failed.")
 
diff --git a/chef/tests/test_encrypted_data_bag_item.py b/chef/tests/test_encrypted_data_bag_item.py
@@ -2,6 +2,7 @@
 from chef.exceptions import ChefError, ChefUnsupportedEncryptionVersionError, ChefDecryptionError
 from chef.tests import ChefTestCase, TEST_ROOT
 from chef.api import ChefAPI
+from chef.encrypted_data_bag_item import get_decryption_version
 
 import copy
 import os
@@ -31,14 +32,6 @@ def setUp(self):
                 }
             }
 
-    def test_get_version(self):
-        self.assertEqual(EncryptedDataBagItem.get_version({"version": "1"}), '1')
-        self.assertEqual(EncryptedDataBagItem.get_version({"version": 1}), 1)
-        self.assertEqual(EncryptedDataBagItem.get_version({"version": "2"}), '2')
-        self.assertEqual(EncryptedDataBagItem.get_version({"version": 2}), 2)
-        self.assertRaises(ChefUnsupportedEncryptionVersionError, EncryptedDataBagItem.get_version, {"version": 0})
-        self.assertRaises(ChefUnsupportedEncryptionVersionError, EncryptedDataBagItem.get_version, {"version": "not a number"})
-
     def test__getitem__(self):
         api = ChefAPI('https://chef_test:3000', os.path.join(TEST_ROOT, 'client.pem'), 'admin', secret_file=os.path.join(TEST_ROOT, 'encryption_key'))
         bag = DataBag('test_1')
@@ -81,3 +74,13 @@ def test__set_item__(self):
         self.assertIsNotNone(item.raw_data['pychef_test_ver2']['iv'])
         self.assertIsNotNone(item.raw_data['pychef_test_ver2']['hmac'])
         self.assertIsNotNone(item.raw_data['pychef_test_ver2']['encrypted_data'])
+
+class EncryptedDataBagItemHelpersTestCase(ChefTestCase):
+    def test_get_version(self):
+        self.assertEqual(get_decryption_version({"version": "1"}), '1')
+        self.assertEqual(get_decryption_version({"version": 1}), 1)
+        self.assertEqual(get_decryption_version({"version": "2"}), '2')
+        self.assertEqual(get_decryption_version({"version": 2}), 2)
+        self.assertRaises(ChefUnsupportedEncryptionVersionError, get_decryption_version, {"version": 0})
+        self.assertRaises(ChefUnsupportedEncryptionVersionError, get_decryption_version, {"version": "not a number"})
+
