[Checkins] SVN: cipher.encryptingstorage/ initial upload
Adam Groszer
cvs-admin at zope.org
Fri Apr 6 09:02:13 UTC 2012
Log message for revision 124994:
initial upload
Changed:
A cipher.encryptingstorage/branches/
A cipher.encryptingstorage/tags/
A cipher.encryptingstorage/trunk/
A cipher.encryptingstorage/trunk/CHANGES.txt
A cipher.encryptingstorage/trunk/COPYRIGHT.txt
A cipher.encryptingstorage/trunk/LICENSE.txt
A cipher.encryptingstorage/trunk/README.txt
A cipher.encryptingstorage/trunk/bootstrap.py
A cipher.encryptingstorage/trunk/buildout.cfg
A cipher.encryptingstorage/trunk/setup.py
A cipher.encryptingstorage/trunk/src/
A cipher.encryptingstorage/trunk/src/cipher/
A cipher.encryptingstorage/trunk/src/cipher/__init__.py
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/README.txt
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/__init__.py
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/component.xml
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/encrypt_util.py
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/__init__.py
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_doc.py
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_encrypt.py
A cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_zodb.py
A cipher.encryptingstorage/trunk/ztk-versions-1.0.1.cfg
-=-
Property changes on: cipher.encryptingstorage/trunk
___________________________________________________________________
Added: svn:ignore
+ .installed.cfg
bin
develop-eggs
parts
Added: cipher.encryptingstorage/trunk/CHANGES.txt
===================================================================
--- cipher.encryptingstorage/trunk/CHANGES.txt (rev 0)
+++ cipher.encryptingstorage/trunk/CHANGES.txt 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,11 @@
+=======
+CHANGES
+=======
+
+1.0.0 (unreleased)
+------------------
+
+0.1.0 (2012-02-14)
+------------------
+
+- Initial release as a separate package.
Property changes on: cipher.encryptingstorage/trunk/CHANGES.txt
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/COPYRIGHT.txt
===================================================================
--- cipher.encryptingstorage/trunk/COPYRIGHT.txt (rev 0)
+++ cipher.encryptingstorage/trunk/COPYRIGHT.txt 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1 @@
+Zope Foundation and Contributors
\ No newline at end of file
Property changes on: cipher.encryptingstorage/trunk/COPYRIGHT.txt
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/LICENSE.txt
===================================================================
--- cipher.encryptingstorage/trunk/LICENSE.txt (rev 0)
+++ cipher.encryptingstorage/trunk/LICENSE.txt 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,44 @@
+Zope Public License (ZPL) Version 2.1
+
+A copyright notice accompanies this license document that identifies the
+copyright holders.
+
+This license has been certified as open source. It has also been designated as
+GPL compatible by the Free Software Foundation (FSF).
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions in source code must retain the accompanying copyright
+notice, this list of conditions, and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the accompanying copyright
+notice, this list of conditions, and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+3. Names of the copyright holders must not be used to endorse or promote
+products derived from this software without prior written permission from the
+copyright holders.
+
+4. The right to distribute this software or to use it for any purpose does not
+give you the right to use Servicemarks (sm) or Trademarks (tm) of the
+copyright
+holders. Use of them is covered by separate agreement with the copyright
+holders.
+
+5. If any files are modified, you must cause the modified files to carry
+prominent notices stating that you changed the files and the date of any
+change.
+
+Disclaimer
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS'' AND ANY EXPRESSED
+OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Property changes on: cipher.encryptingstorage/trunk/LICENSE.txt
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/README.txt
===================================================================
--- cipher.encryptingstorage/trunk/README.txt (rev 0)
+++ cipher.encryptingstorage/trunk/README.txt 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,5 @@
+cipher.encryptingstorage
+=========================
+
+ZODB storage wrapper for encryption of database records.
+Actually it is doing encryption and compression.
\ No newline at end of file
Property changes on: cipher.encryptingstorage/trunk/README.txt
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/bootstrap.py
===================================================================
--- cipher.encryptingstorage/trunk/bootstrap.py (rev 0)
+++ cipher.encryptingstorage/trunk/bootstrap.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,262 @@
+##############################################################################
+#
+# Copyright (c) 2006 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Bootstrap a buildout-based project
+
+Simply run this script in a directory containing a buildout.cfg.
+The script accepts buildout command-line options, so you can
+use the -c option to specify an alternate configuration file.
+"""
+
+import os, shutil, sys, tempfile, urllib, urllib2, subprocess
+from optparse import OptionParser
+
+if sys.platform == 'win32':
+ def quote(c):
+ if ' ' in c:
+ return '"%s"' % c # work around spawn lamosity on windows
+ else:
+ return c
+else:
+ quote = str
+
+# See zc.buildout.easy_install._has_broken_dash_S for motivation and comments.
+stdout, stderr = subprocess.Popen(
+ [sys.executable, '-Sc',
+ 'try:\n'
+ ' import ConfigParser\n'
+ 'except ImportError:\n'
+ ' print 1\n'
+ 'else:\n'
+ ' print 0\n'],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate()
+has_broken_dash_S = bool(int(stdout.strip()))
+
+# In order to be more robust in the face of system Pythons, we want to
+# run without site-packages loaded. This is somewhat tricky, in
+# particular because Python 2.6's distutils imports site, so starting
+# with the -S flag is not sufficient. However, we'll start with that:
+if not has_broken_dash_S and 'site' in sys.modules:
+ # We will restart with python -S.
+ args = sys.argv[:]
+ args[0:0] = [sys.executable, '-S']
+ args = map(quote, args)
+ os.execv(sys.executable, args)
+# Now we are running with -S. We'll get the clean sys.path, import site
+# because distutils will do it later, and then reset the path and clean
+# out any namespace packages from site-packages that might have been
+# loaded by .pth files.
+clean_path = sys.path[:]
+import site # imported because of its side effects
+sys.path[:] = clean_path
+for k, v in sys.modules.items():
+ if k in ('setuptools', 'pkg_resources') or (
+ hasattr(v, '__path__') and
+ len(v.__path__) == 1 and
+ not os.path.exists(os.path.join(v.__path__[0], '__init__.py'))):
+ # This is a namespace package. Remove it.
+ sys.modules.pop(k)
+
+is_jython = sys.platform.startswith('java')
+
+setuptools_source = 'http://peak.telecommunity.com/dist/ez_setup.py'
+distribute_source = 'http://python-distribute.org/distribute_setup.py'
+
+
+# parsing arguments
+def normalize_to_url(option, opt_str, value, parser):
+ if value:
+ if '://' not in value: # It doesn't smell like a URL.
+ value = 'file://%s' % (
+ urllib.pathname2url(
+ os.path.abspath(os.path.expanduser(value))),)
+ if opt_str == '--download-base' and not value.endswith('/'):
+ # Download base needs a trailing slash to make the world happy.
+ value += '/'
+ else:
+ value = None
+ name = opt_str[2:].replace('-', '_')
+ setattr(parser.values, name, value)
+
+usage = '''\
+[DESIRED PYTHON FOR BUILDOUT] bootstrap.py [options]
+
+Bootstraps a buildout-based project.
+
+Simply run this script in a directory containing a buildout.cfg, using the
+Python that you want bin/buildout to use.
+
+Note that by using --setup-source and --download-base to point to
+local resources, you can keep this script from going over the network.
+'''
+
+parser = OptionParser(usage=usage)
+parser.add_option("-v", "--version", dest="version",
+ help="use a specific zc.buildout version")
+parser.add_option("-d", "--distribute",
+ action="store_true", dest="use_distribute", default=False,
+ help="Use Distribute rather than Setuptools.")
+parser.add_option("--setup-source", action="callback", dest="setup_source",
+ callback=normalize_to_url, nargs=1, type="string",
+ help=("Specify a URL or file location for the setup file. "
+ "If you use Setuptools, this will default to " +
+ setuptools_source + "; if you use Distribute, this "
+ "will default to " + distribute_source + "."))
+parser.add_option("--download-base", action="callback", dest="download_base",
+ callback=normalize_to_url, nargs=1, type="string",
+ help=("Specify a URL or directory for downloading "
+ "zc.buildout and either Setuptools or Distribute. "
+ "Defaults to PyPI."))
+parser.add_option("--eggs",
+ help=("Specify a directory for storing eggs. Defaults to "
+ "a temporary directory that is deleted when the "
+ "bootstrap script completes."))
+parser.add_option("-t", "--accept-buildout-test-releases",
+ dest='accept_buildout_test_releases',
+ action="store_true", default=False,
+ help=("Normally, if you do not specify a --version, the "
+ "bootstrap script and buildout gets the newest "
+ "*final* versions of zc.buildout and its recipes and "
+ "extensions for you. If you use this flag, "
+ "bootstrap and buildout will get the newest releases "
+ "even if they are alphas or betas."))
+parser.add_option("-c", None, action="store", dest="config_file",
+ help=("Specify the path to the buildout configuration "
+ "file to be used."))
+
+options, args = parser.parse_args()
+
+# if -c was provided, we push it back into args for buildout's main function
+if options.config_file is not None:
+ args += ['-c', options.config_file]
+
+if options.eggs:
+ eggs_dir = os.path.abspath(os.path.expanduser(options.eggs))
+else:
+ eggs_dir = tempfile.mkdtemp()
+
+if options.setup_source is None:
+ if options.use_distribute:
+ options.setup_source = distribute_source
+ else:
+ options.setup_source = setuptools_source
+
+if options.accept_buildout_test_releases:
+ args.append('buildout:accept-buildout-test-releases=true')
+args.append('bootstrap')
+
+try:
+ import pkg_resources
+ import setuptools # A flag. Sometimes pkg_resources is installed alone.
+ if not hasattr(pkg_resources, '_distribute'):
+ raise ImportError
+except ImportError:
+ ez_code = urllib2.urlopen(
+ options.setup_source).read().replace('\r\n', '\n')
+ ez = {}
+ exec ez_code in ez
+ setup_args = dict(to_dir=eggs_dir, download_delay=0)
+ if options.download_base:
+ setup_args['download_base'] = options.download_base
+ if options.use_distribute:
+ setup_args['no_fake'] = True
+ ez['use_setuptools'](**setup_args)
+ if 'pkg_resources' in sys.modules:
+ reload(sys.modules['pkg_resources'])
+ import pkg_resources
+ # This does not (always?) update the default working set. We will
+ # do it.
+ for path in sys.path:
+ if path not in pkg_resources.working_set.entries:
+ pkg_resources.working_set.add_entry(path)
+
+cmd = [quote(sys.executable),
+ '-c',
+ quote('from setuptools.command.easy_install import main; main()'),
+ '-mqNxd',
+ quote(eggs_dir)]
+
+if not has_broken_dash_S:
+ cmd.insert(1, '-S')
+
+find_links = options.download_base
+if not find_links:
+ find_links = os.environ.get('bootstrap-testing-find-links')
+if find_links:
+ cmd.extend(['-f', quote(find_links)])
+
+if options.use_distribute:
+ setup_requirement = 'distribute'
+else:
+ setup_requirement = 'setuptools'
+ws = pkg_resources.working_set
+setup_requirement_path = ws.find(
+ pkg_resources.Requirement.parse(setup_requirement)).location
+env = dict(
+ os.environ,
+ PYTHONPATH=setup_requirement_path)
+
+requirement = 'zc.buildout'
+version = options.version
+if version is None and not options.accept_buildout_test_releases:
+ # Figure out the most recent final version of zc.buildout.
+ import setuptools.package_index
+ _final_parts = '*final-', '*final'
+
+ def _final_version(parsed_version):
+ for part in parsed_version:
+ if (part[:1] == '*') and (part not in _final_parts):
+ return False
+ return True
+ index = setuptools.package_index.PackageIndex(
+ search_path=[setup_requirement_path])
+ if find_links:
+ index.add_find_links((find_links,))
+ req = pkg_resources.Requirement.parse(requirement)
+ if index.obtain(req) is not None:
+ best = []
+ bestv = None
+ for dist in index[req.project_name]:
+ distv = dist.parsed_version
+ if _final_version(distv):
+ if bestv is None or distv > bestv:
+ best = [dist]
+ bestv = distv
+ elif distv == bestv:
+ best.append(dist)
+ if best:
+ best.sort()
+ version = best[-1].version
+if version:
+ requirement = '=='.join((requirement, version))
+cmd.append(requirement)
+
+if is_jython:
+ import subprocess
+ exitcode = subprocess.Popen(cmd, env=env).wait()
+else: # Windows prefers this, apparently; otherwise we would prefer subprocess
+ exitcode = os.spawnle(*([os.P_WAIT, sys.executable] + cmd + [env]))
+if exitcode != 0:
+ sys.stdout.flush()
+ sys.stderr.flush()
+ print ("An error occurred when trying to install zc.buildout. "
+ "Look above this message for any errors that "
+ "were output by easy_install.")
+ sys.exit(exitcode)
+
+ws.add_entry(eggs_dir)
+ws.require(requirement)
+import zc.buildout.buildout
+zc.buildout.buildout.main(args)
+if not options.eggs: # clean up temporary egg directory
+ shutil.rmtree(eggs_dir)
Property changes on: cipher.encryptingstorage/trunk/bootstrap.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/buildout.cfg
===================================================================
--- cipher.encryptingstorage/trunk/buildout.cfg (rev 0)
+++ cipher.encryptingstorage/trunk/buildout.cfg 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,68 @@
+[buildout]
+extends = ztk-versions-1.0.1.cfg
+develop = .
+parts = test coverage coverage-test coverage2-test coverage-report python tags
+versions = versions
+newest = false
+include-site-packages = false
+unzip = true
+
+[python]
+recipe = z3c.recipe.scripts
+eggs = cipher.encryptingstorage [test]
+interpreter = python
+
+[tags]
+recipe = z3c.recipe.tag
+eggs = ${python:eggs}
+
+[test]
+recipe = zc.recipe.testrunner
+eggs = ${python:eggs}
+defaults = ['--tests-pattern', '^f?tests$$', '-v']
+
+[coverage]
+recipe = z3c.recipe.scripts
+eggs = coverage
+
+[coverage-test]
+recipe = zc.recipe.testrunner
+eggs = ${python:eggs}
+ coverage
+defaults = ['--tests-pattern', '^f?tests$$', '-v']
+initialization =
+ # haaaaack because zc.testrunner 1.4.0 produces an _insane_ bin/test
+ # that cannot be run with bin/coverage run bin/test, or even
+ # bin/python bin/test
+ import coverage, atexit
+ c = coverage.coverage(data_file='${buildout:directory}/.coverage',
+ source=['cipher.encryptingstorage'])
+ def _when_done(c=c): c.stop(), c.save()
+ atexit.register(_when_done)
+ c.start()
+
+[coverage2-test]
+recipe = zc.recipe.testrunner
+eggs = ${python:eggs}
+defaults = ['--coverage', '${buildout:directory}/coverage']
+
+[coverage-report]
+recipe = z3c.recipe.scripts
+eggs = z3c.coverage
+scripts = coveragereport=coverage-report
+arguments =
+ ('${buildout:directory}/coverage',
+ '${buildout:directory}/coverage/report')
+
+[versions]
+# we're getting buildout 1.5.0 anyway from our bootstrap
+zc.buildout = 1.5.0
+
+# required by zc.buildout 1.5.0
+zc.recipe.egg = 1.3.0
+
+# required by zc.buildout 1.5.0 for include-site-packages=false to work
+zc.recipe.testrunner = 1.4.0
+
+ZODB3 = 3.10.5
+mechanize = 0.2.5
\ No newline at end of file
Property changes on: cipher.encryptingstorage/trunk/buildout.cfg
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/setup.py
===================================================================
--- cipher.encryptingstorage/trunk/setup.py (rev 0)
+++ cipher.encryptingstorage/trunk/setup.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,52 @@
+##############################################################################
+#
+# Copyright (c) Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Setup for package cipher.encryptingstorage
+"""
+import os
+from setuptools import setup, find_packages
+
+
+def read(*rnames):
+ return open(os.path.join(os.path.dirname(__file__), *rnames)).read()
+
+setup(
+ name='cipher.encryptingstorage',
+ version='1.0.0.dev0',
+ url="http://pypi.python.org/pypi/cipher.encryptingstorage/",
+ author='Zope Foundation and Contributors',
+ author_email='zope-dev at zope.org',
+ description="ZODB storage wrapper for encryption of database records",
+ long_description=(
+ read('README.txt')
+ + '\n\n' +
+ read('CHANGES.txt')
+ ),
+ license='ZPL 2.1',
+
+ packages=find_packages('src'),
+ namespace_packages=['cipher'],
+ package_dir={'': 'src'},
+ install_requires=[
+ 'ZODB3 >=3.10.0b1',
+ 'setuptools',
+ 'keas.kmi',
+ ],
+ extras_require=dict(
+ test=[
+ 'zope.testing',
+ 'zope.app.testing',
+ 'manuel']),
+ include_package_data=True,
+ zip_safe=False,
+ )
Property changes on: cipher.encryptingstorage/trunk/setup.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Property changes on: cipher.encryptingstorage/trunk/src
___________________________________________________________________
Added: svn:ignore
+ cipher.encryptingstorage.egg-info
Added: cipher.encryptingstorage/trunk/src/cipher/__init__.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/__init__.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/__init__.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,5 @@
+try:
+ __import__('pkg_resources').declare_namespace(__name__)
+except ImportError:
+ from pkgutil import extend_path
+ __path__ = extend_path(__path__, __name__)
Property changes on: cipher.encryptingstorage/trunk/src/cipher/__init__.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/README.txt
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/README.txt (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/README.txt 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,214 @@
+=============================================================
+ZODB storage wrapper for encryption of database records
+=============================================================
+
+Idea and quite of lot of code taken from zc.zlibstorage.
+
+The ``cipher.encryptingstorage`` package provides ZODB storage wrapper
+implementations that provides encryption of database records.
+
+.. contents::
+
+Usage
+=====
+
+The primary storage is ``cipher.encryptingstorage.EncryptingStorage``.
+It is used as a wrapper around a lower-level storage. From Python, it is
+constructed by passing another storage, as in::
+
+ import ZODB.FileStorage, cipher.encryptingstorage
+
+ storage = cipher.encryptingstorage.EncryptingStorage(
+ ZODB.FileStorage.FileStorage('data.fs'))
+
+.. -> src
+
+ >>> exec src
+ >>> data = 'x' * 100
+ >>> storage.transform_record_data(data).startswith('.e')
+ True
+ >>> storage.close()
+
+When using a ZODB configuration file, the encryptingstorage tag is used::
+
+ %import cipher.encryptingstorage
+
+ <zodb>
+ <encryptingstorage>
+ <filestorage>
+ path data.fs
+ </filestorage>
+ </encryptingstorage>
+ </zodb>
+
+.. -> src
+
+ >>> import ZODB.config
+ >>> db = ZODB.config.databaseFromString(src)
+ >>> db.storage.transform_record_data(data).startswith('.e')
+ True
+ >>> db.close()
+
+Note the ``%import`` used to load the definition of the
+``encryptingstorage`` tag.
+
+Use with ZEO
+============
+
+When used with a ZEO ClientStorage, you'll need to use a server encrypting
+storage on the storage server. This is necessary so that server
+operations that need to get at unencrypted record data can do so.
+This is accomplished using the ``serverencryptingstorage`` tag in your ZEO
+server configuration file::
+
+ %import cipher.encryptingstorage
+
+ <zeo>
+ address 8100
+ </zeo>
+
+ <serverencryptingstorage>
+ <filestorage>
+ path data.fs
+ </filestorage>
+ </serverencryptingstorage>
+
+.. -> src
+
+ >>> src = src[:src.find('<zeo>')]+src[src.find('</zeo>')+7:]
+
+ >>> storage = ZODB.config.storageFromString(src)
+ >>> storage.transform_record_data(data).startswith('.e')
+ True
+ >>> storage.__class__.__name__
+ 'ServerEncryptingStorage'
+
+ >>> storage.close()
+
+#Applying encryption on the client this way is attractive because, in
+#addition to reducing the size of stored database records on the
+#server, you also reduce the size of records sent from the server to the
+#client and the size of records stored in the client's ZEO cache.
+
+Decrypting only
+==================
+
+By default, records are encrypted when written to the storage and
+decrypted when read from the storage. An ``encrypt`` option can be
+used to disable encryption of records but still decrypt encrypted
+records if they are encountered. Here's an example from in Python::
+
+ import ZODB.FileStorage, cipher.encryptingstorage
+
+ storage = cipher.encryptingstorage.EncryptingStorage(
+ ZODB.FileStorage.FileStorage('data.fs'),
+ encrypt=False)
+
+.. -> src
+
+ >>> exec src
+ >>> storage.transform_record_data(data) == data
+ True
+ >>> storage.close()
+
+and using the configurationb syntax::
+
+ %import cipher.encryptingstorage
+
+ <zodb>
+ <encryptingstorage>
+ encrypt false
+ <filestorage>
+ path data.fs
+ </filestorage>
+ </encryptingstorage>
+ </zodb>
+
+.. -> src
+
+ >>> db = ZODB.config.databaseFromString(src)
+ >>> db.storage.transform_record_data(data) == data
+ True
+ >>> db.close()
+
+This option is useful when deploying the storage when there are
+multiple clients. If you don't want to update all of the clients at
+once, you can gradually update all of the clients with a encryptingstorage
+that doesn't do encryption, but recognizes encrypted records. Then,
+in a second phase, you can update the clients to encrypt records, at
+which point, all of the clients will be able to read the encrypted
+records produced.
+
+Encrypting entire databases
+============================
+
+One way to encrypt all of the records in a database is to copy data
+from an decrypted database to a encrypted one, as in::
+
+ import ZODB.FileStorage, cipher.encryptingstorage
+
+ orig = ZODB.FileStorage.FileStorage('data.fs')
+ new = cipher.encryptingstorage.EncryptingStorage(
+ ZODB.FileStorage.FileStorage('data.fs-copy'))
+ new.copyTransactionsFrom(orig)
+
+ orig.close()
+ new.close()
+
+.. -> src
+
+ >>> conn = ZODB.connection('data.fs', create=True)
+ >>> conn.root.a = conn.root().__class__([(i,i) for i in range(1000)])
+ >>> conn.root.b = conn.root().__class__([(i,i) for i in range(2000)])
+ >>> import transaction
+ >>> transaction.commit()
+ >>> conn.close()
+
+ >>> exec(src)
+
+ >>> new = cipher.encryptingstorage.EncryptingStorage(
+ ... ZODB.FileStorage.FileStorage('data.fs-copy'))
+ >>> conn = ZODB.connection(new)
+ >>> dict(conn.root.a) == dict([(i,i) for i in range(1000)])
+ True
+ >>> dict(conn.root.b) == dict([(i,i) for i in range(2000)])
+ True
+
+ >>> import ZODB.utils
+ >>> for i in range(3):
+ ... if not new.base.load(ZODB.utils.p64(i))[0][:2] == '.e':
+ ... print 'oops', i
+ >>> len(new)
+ 3
+
+ >>> conn.close()
+
+Record prefix
+=============
+
+Encrypted records have a prefix of ".e". This allows a database to
+have a mix of encrypted and not encrypted records.
+
+Stand-alone encryption and decryption functions
+===================================================
+
+In anticipation of wanting to plug the encryption and decryption
+logic into other tools without creating storages, the functions used
+to decrypt and decrypt data records are available as
+``cipher.encryptingstorage`` module-level functions:
+
+``encrypt(data)``
+ Encrypt the given data if:
+
+ - it doesn't start with the encrypted-record marker, ``'.e'``
+
+ The encrypted data are returned.
+
+``decrypt(data)``
+ Decrypt the data if it is encrypted.
+
+ The decrypted (or original) data are returned.
+
+.. basic sanity check :)
+
+ >>> _ = (cipher.encryptingstorage.compress, cipher.encryptingstorage.decompress)
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/README.txt
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/__init__.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/__init__.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/__init__.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,224 @@
+##############################################################################
+#
+# Copyright (c) Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+import zlib
+import ZODB.interfaces
+import zope.interface
+
+from cipher.encryptingstorage import encrypt_util
+
+class EncryptingStorage(object):
+
+ zope.interface.implements(ZODB.interfaces.IStorageWrapper)
+
+ copied_methods = (
+ 'close', 'getName', 'getSize', 'history', 'isReadOnly',
+ 'lastTransaction', 'new_oid', 'sortKey',
+ 'tpc_abort', 'tpc_begin', 'tpc_finish', 'tpc_vote',
+ 'loadBlob', 'openCommittedBlobFile', 'temporaryDirectory',
+ 'supportsUndo', 'undo', 'undoLog', 'undoInfo',
+ )
+
+ def __init__(self, base, *args, **kw):
+ self.base = base
+
+ if (lambda encrypt=True: encrypt)(*args, **kw):
+ self._transform = encrypt # Refering to module func below!
+ else:
+ self._transform = lambda data: data
+
+ self._untransform = decrypt
+
+ for name in self.copied_methods:
+ v = getattr(base, name, None)
+ if v is not None:
+ setattr(self, name, v)
+
+ zope.interface.directlyProvides(self, zope.interface.providedBy(base))
+
+ base.registerDB(self)
+
+ def __getattr__(self, name):
+ return getattr(self.base, name)
+
+ def __len__(self):
+ return len(self.base)
+
+ def load(self, oid, version=''):
+ data, serial = self.base.load(oid, version)
+ return self._untransform(data), serial
+
+ def loadBefore(self, oid, tid):
+ r = self.base.loadBefore(oid, tid)
+ if r is not None:
+ data, serial, after = r
+ return self._untransform(data), serial, after
+ else:
+ return r
+
+ def loadSerial(self, oid, serial):
+ return self._untransform(self.base.loadSerial(oid, serial))
+
+ def pack(self, pack_time, referencesf, gc=None):
+ _untransform = self._untransform
+ def refs(p, oids=None):
+ return referencesf(_untransform(p), oids)
+ if gc is not None:
+ return self.base.pack(pack_time, refs, gc)
+ else:
+ return self.base.pack(pack_time, refs)
+
+ def registerDB(self, db):
+ self.db = db
+ self._db_transform = db.transform_record_data
+ self._db_untransform = db.untransform_record_data
+
+ _db_transform = _db_untransform = lambda self, data: data
+
+ def store(self, oid, serial, data, version, transaction):
+ return self.base.store(oid, serial, self._transform(data), version,
+ transaction)
+
+ def restore(self, oid, serial, data, version, prev_txn, transaction):
+ return self.base.restore(
+ oid, serial, self._transform(data), version, prev_txn, transaction)
+
+ def iterator(self, start=None, stop=None):
+ for t in self.base.iterator(start, stop):
+ yield Transaction(t)
+
+ def storeBlob(self, oid, oldserial, data, blobfilename, version,
+ transaction):
+ return self.base.storeBlob(
+ oid, oldserial, self._transform(data), blobfilename, version,
+ transaction)
+
+ def restoreBlob(self, oid, serial, data, blobfilename, prev_txn,
+ transaction):
+ return self.base.restoreBlob(oid, serial, self._transform(data),
+ blobfilename, prev_txn, transaction)
+
+ def invalidateCache(self):
+ return self.db.invalidateCache()
+
+ def invalidate(self, transaction_id, oids, version=''):
+ return self.db.invalidate(transaction_id, oids, version)
+
+ def references(self, record, oids=None):
+ return self.db.references(self._untransform(record), oids)
+
+ def transform_record_data(self, data):
+ return self._transform(self._db_transform(data))
+
+ def untransform_record_data(self, data):
+ return self._db_untransform(self._untransform(data))
+
+ def record_iternext(self, next=None):
+ oid, tid, data, next = self.base.record_iternext(next)
+ return oid, tid, self._untransform(data), next
+
+ def copyTransactionsFrom(self, other):
+ ZODB.blob.copyTransactionsFromTo(other, self)
+
+ def copyTransactionsFrom(self, other):
+ ZODB.blob.copyTransactionsFromTo(other, self)
+
+
+def compress(data):
+ if data and (len(data) > 20) and data[:2] != '.z':
+ compressed = '.z'+zlib.compress(data)
+ if len(compressed) < len(data):
+ return compressed
+ return data
+
+def decompress(data):
+ return data[:2] == '.z' and zlib.decompress(data[2:]) or data
+
+def encrypt(data):
+ try:
+ if data[:2] == '.e':
+ return data
+ except TypeError:
+ # a ZODB test passes None as data, be forgiving about that
+ return data
+
+ # 1. compress
+ data = compress(data)
+
+ # 2. encrypt here!!!
+ data = encrypt_util.ENCRYPTION_UTILITY.encryptBytes(data)
+ return '.e'+data
+
+def decrypt(data):
+ try:
+ if data[:2] != '.e':
+ # not an encrypted record, return as is
+ return data
+ except TypeError:
+ return data
+ # 1. decrypt here!!!
+ data = encrypt_util.ENCRYPTION_UTILITY.decryptBytes(data[2:])
+ # 2. decompress
+ data = decompress(data)
+ return data
+
+class ServerEncryptingStorage(EncryptingStorage):
+ """Use on ZEO storage server when EncryptingStorage is used on client
+
+ Don't do conversion as part of load/store, but provide
+ pickle decoding.
+ """
+
+ copied_methods = EncryptingStorage.copied_methods + (
+ 'load', 'loadBefore', 'loadSerial', 'store', 'restore',
+ 'iterator', 'storeBlob', 'restoreBlob', 'record_iternext',
+ )
+
+class Transaction(object):
+
+ def __init__(self, trans):
+ self.__trans = trans
+
+ def __iter__(self):
+ for r in self.__trans:
+ if r.data:
+ r.data = decrypt(r.data)
+ yield r
+
+ def __getattr__(self, name):
+ return getattr(self.__trans, name)
+
+
+class ZConfig:
+
+ _factory = EncryptingStorage
+
+ def __init__(self, config):
+ self.config = config
+ self.name = config.getSectionName()
+
+ def open(self):
+ base = self.config.base.open()
+ encrypt = self.config.encrypt
+ if encrypt is None:
+ encrypt = True
+ cfg = self.config.config
+ if cfg is not None:
+ # XXX: how to figure `here`?
+ encrypt_util.init_local_facility(
+ {'__file__': cfg, 'here': '.'})
+ return self._factory(base, encrypt)
+
+class ZConfigServer(ZConfig):
+
+ _factory = ServerEncryptingStorage
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/__init__.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/component.xml
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/component.xml (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/component.xml 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,32 @@
+<component>
+ <sectiontype name="encryptingstorage" datatype="cipher.encryptingstorage.ZConfig"
+ implements="ZODB.storage">
+ <section type="ZODB.storage" name="*" attribute="base" required="yes" />
+ <key name="encrypt" datatype="boolean" required="no">
+ <description>
+ An option to switch encrypt (and compression) on/off
+ When omitted it defaults to ON
+ </description>
+ </key>
+ <key name="config" datatype="existing-file" required="no">
+ <description>
+ filename of the encryption configuration
+ </description>
+ </key>
+ </sectiontype>
+ <sectiontype name="serverencryptingstorage" datatype="cipher.encryptingstorage.ZConfigServer"
+ implements="ZODB.storage">
+ <section type="ZODB.storage" name="*" attribute="base" required="yes" />
+ <key name="encrypt" datatype="boolean" required="no">
+ <description>
+ An option to switch encrypt (and compression) on/off
+ When omitted it defaults to ON
+ </description>
+ </key>
+ <key name="config" datatype="existing-file" required="no">
+ <description>
+ filename of the encryption configuration
+ </description>
+ </key>
+ </sectiontype>
+</component>
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/component.xml
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/encrypt_util.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/encrypt_util.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/encrypt_util.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,117 @@
+##############################################################################
+#
+# Copyright (c) Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+
+from __future__ import absolute_import
+import ConfigParser
+import os
+
+import M2Crypto
+import zope.component
+import zope.interface
+from keas.kmi import facility
+from keas.kmi.interfaces import IKeyHolder
+
+
+class IEncryptionUtility(zope.interface.Interface):
+
+ def encrypt(data):
+ """Returns the encrypted data"""
+
+ def decrypt(data):
+ """Returns the decrypted data"""
+
+ def encryptBytes(data):
+ """Returns the encrypted data uses str, without utf-8 conversion"""
+
+ def decryptBytes(data):
+ """Returns the decrypted data uses str, without utf-8 conversion"""
+
+
+class TrivialEncryptionUtility(object):
+
+ def encrypt(self, data):
+ return self.encryptBytes(data.encode('utf-8'))
+
+ def decrypt(self, data):
+ return self.decryptBytes(data).decode('utf-8')
+
+ def encryptBytes(self, data):
+ return data
+
+ def decryptBytes(self, data):
+ return data
+
+
+class EncryptionUtility(TrivialEncryptionUtility):
+ zope.interface.implements(IEncryptionUtility, IKeyHolder)
+
+ def __init__(self, kek_path, facility):
+ self.facility = facility
+ if os.path.exists(kek_path):
+ with open(kek_path, 'rb') as file:
+ self.key = file.read()
+ else:
+ self.key = self.facility.generate()
+ with open(kek_path, 'wb') as file:
+ file.write(self.key)
+
+ def encryptBytes(self, data):
+ return self.facility.encrypt(self.key, data)
+
+ def decryptBytes(self, data):
+ try:
+ return self.facility.decrypt(self.key, data)
+ except M2Crypto.EVP.EVPError:
+ return data
+
+
+ENCRYPTION_UTILITY = TrivialEncryptionUtility()
+
+
+def init_local_facility(conf):
+ config = ConfigParser.RawConfigParser()
+ config.readfp(open(conf['__file__'], 'r'))
+
+ global ENCRYPTION_UTILITY
+
+ enabled = False
+ if config.has_option('encryptingstorage:encryption', 'enabled'):
+ enabled = config.getboolean('encryptingstorage:encryption', 'enabled')
+
+ if enabled:
+ kek_path = config.get('encryptingstorage:encryption', 'kek-path')
+
+ if config.has_option('encryptingstorage:encryption', 'kmi-server'):
+ kmf = facility.LocalKeyManagementFacility(
+ config.get('encryptingstorage:encryption', 'kmi-server'))
+ else:
+ kmf = facility.KeyManagementFacility(
+ config.get('encryptingstorage:encryption', 'dek-storage-path'))
+
+ if kek_path.startswith('/'):
+ path = kek_path
+ else:
+ path = os.path.join(conf['here'], kek_path)
+
+ ENCRYPTION_UTILITY = EncryptionUtility(path, kmf)
+
+ # encryptingstorage specific:
+ # just don't provide utilities, who knows what will be defined
+ # by the main app
+
+ #provideUtility(ENCRYPTION_UTILITY, IKeyHolder)
+ #provideUtility(kmf)
+
+ else:
+ ENCRYPTION_UTILITY = TrivialEncryptionUtility()
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/encrypt_util.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/__init__.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/__init__.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/__init__.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1 @@
+# Make a package.
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/__init__.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_doc.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_doc.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_doc.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,29 @@
+##############################################################################
+#
+# Copyright (c) Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from zope.testing import setupstack
+
+import manuel.capture
+import manuel.doctest
+import manuel.testing
+import unittest
+
+
+def test_suite():
+ suite = unittest.TestSuite()
+ suite.addTest(manuel.testing.TestSuite(
+ manuel.doctest.Manuel() + manuel.capture.Manuel(),
+ '../README.txt',
+ setUp=setupstack.setUpDirectory, tearDown=setupstack.tearDown
+ ))
+ return suite
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_doc.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_encrypt.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_encrypt.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_encrypt.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,137 @@
+##############################################################################
+#
+# Copyright (c) Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Python utility tests"""
+import doctest
+import os
+import tempfile
+import shutil
+
+from keas.kmi import facility
+from zope.app.testing import setup
+
+from cipher.encryptingstorage import encrypt_util
+
+
+def doctest_EncryptionUtility():
+ r"""Encryption Utility
+
+ First we set up an encryption utility using a local key management
+ facility:
+
+ >>> storage_dir = tempfile.mkdtemp()
+ >>> kek_path = os.path.join(storage_dir, 'key.kek')
+ >>> kmf = facility.KeyManagementFacility(storage_dir)
+ >>> util = encrypt_util.EncryptionUtility(kek_path, kmf)
+
+ Re-iniitalizing the utility will reuse the generated key:
+
+ >>> util = encrypt_util.EncryptionUtility(kek_path, kmf)
+
+ Encrypt text:
+
+ >>> data = util.encrypt(u'test')
+ >>> len(data)
+ 16
+
+ Decrypt text:
+
+ >>> util.decrypt(data)
+ u'test'
+ >>> util.decrypt('bad')
+ u'bad'
+
+ >>> shutil.rmtree(storage_dir)
+ """
+
+def doctest_init_local_facility():
+ r"""Initialize Local Facility
+
+ Encryption disabled:
+
+ >>> conf_path = tempfile.mktemp()
+ >>> with open(conf_path, 'w') as f:
+ ... f.write('''
+ ... [encryptingstorage:encryption]
+ ... enabled = false
+ ... ''')
+
+ >>> encrypt_util.init_local_facility({'__file__': conf_path})
+ >>> encrypt_util.ENCRYPTION_UTILITY
+ <cipher.encryptingstorage.encrypt_util.TrivialEncryptionUtility object at ...>
+
+ Local Encryption:
+
+ >>> storage_dir = tempfile.mkdtemp()
+ >>> kek_path = tempfile.mktemp()
+
+ >>> with open(conf_path, 'w') as f:
+ ... f.write('''
+ ... [encryptingstorage:encryption]
+ ... enabled = true
+ ... kek-path = %s
+ ... dek-storage-path = %s
+ ... ''' %(kek_path, storage_dir))
+
+ >>> encrypt_util.init_local_facility({'__file__': conf_path, 'here': '.'})
+ >>> encrypt_util.ENCRYPTION_UTILITY
+ <cipher.encryptingstorage.encrypt_util.EncryptionUtility object at ...>
+ >>> encrypt_util.ENCRYPTION_UTILITY.facility
+ <KeyManagementFacility (1)>
+
+ >>> shutil.rmtree(storage_dir)
+ >>> os.remove(kek_path)
+
+ Remote Encryption:
+
+ >>> storage_dir = tempfile.mkdtemp()
+ >>> kek_path = tempfile.mktemp()
+
+ >>> with open(conf_path, 'w') as f:
+ ... f.write('''
+ ... [encryptingstorage:encryption]
+ ... enabled = true
+ ... kek-path = %s
+ ... kmi-server = http://localhost:8001/
+ ... ''' %kek_path)
+
+ >>> encrypt_util.init_local_facility({'__file__': conf_path, 'here': '.'})
+ >>> encrypt_util.ENCRYPTION_UTILITY
+ <cipher.encryptingstorage.encrypt_util.EncryptionUtility object at ...>
+ >>> encrypt_util.ENCRYPTION_UTILITY.facility
+ <LocalKeyManagementFacility 'http://localhost:8001/'>
+
+ >>> shutil.rmtree(storage_dir)
+ >>> os.remove(kek_path)
+
+ >>> os.remove(conf_path)
+ """
+
+def setUp(test):
+ setup.placelessSetUp(test)
+ test.generate = facility.LocalKeyManagementFacility.generate
+ facility.LocalKeyManagementFacility.generate = lambda s: 'foo'
+
+def tearDown(test):
+ facility.LocalKeyManagementFacility.generate = test.generate
+ encrypt_util.ENCRYPTION_UTILITY = encrypt_util.TrivialEncryptionUtility()
+ setup.placelessTearDown()
+
+def test_suite():
+ return doctest.DocTestSuite(
+ setUp=setUp, tearDown=tearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|
+ doctest.ELLIPSIS|
+ doctest.REPORT_ONLY_FIRST_FAILURE
+ #|doctest.REPORT_NDIFF
+ )
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_encrypt.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_zodb.py
===================================================================
--- cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_zodb.py (rev 0)
+++ cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_zodb.py 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,420 @@
+##############################################################################
+#
+# Copyright (c) Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from zope.testing import setupstack
+
+import doctest
+import transaction
+import unittest
+import cipher.encryptingstorage
+import ZEO.tests.testZEO
+import zlib
+import ZODB.config
+import ZODB.FileStorage
+import ZODB.interfaces
+import ZODB.MappingStorage
+import ZODB.tests.StorageTestBase
+import ZODB.tests.testFileStorage
+import ZODB.utils
+import zope.interface.verify
+
+
+def test_config():
+ r"""
+
+To configure a encryptingstorage, import cipher.encryptingstorage and use the
+encryptingstorage tag:
+
+ >>> config = '''
+ ... %import cipher.encryptingstorage
+ ... <zodb>
+ ... <encryptingstorage>
+ ... <filestorage>
+ ... path data.fs
+ ... blob-dir blobs
+ ... </filestorage>
+ ... </encryptingstorage>
+ ... </zodb>
+ ... '''
+ >>> db = ZODB.config.databaseFromString(config)
+
+ >>> conn = db.open()
+ >>> conn.root()['a'] = 1
+ >>> transaction.commit()
+ >>> conn.root()['b'] = ZODB.blob.Blob('Hi\nworld.\n')
+ >>> transaction.commit()
+
+ >>> db.close()
+
+ >>> db = ZODB.config.databaseFromString(config)
+ >>> conn = db.open()
+ >>> conn.root()['a']
+ 1
+ >>> conn.root()['b'].open().read()
+ 'Hi\nworld.\n'
+ >>> db.close()
+
+After putting some data in, the records will be encrypted:
+
+ >>> for t in ZODB.FileStorage.FileIterator('data.fs'):
+ ... for r in t:
+ ... data = r.data
+ ... if r.data[:2] != '.e':
+ ... print 'oops', `r.oid`
+ """
+
+def test_config_no_encrypt():
+ r"""
+
+You can disable encryption.
+
+ >>> config = '''
+ ... %import cipher.encryptingstorage
+ ... <zodb>
+ ... <encryptingstorage>
+ ... encrypt no
+ ... <filestorage>
+ ... path data.fs
+ ... blob-dir blobs
+ ... </filestorage>
+ ... </encryptingstorage>
+ ... </zodb>
+ ... '''
+ >>> db = ZODB.config.databaseFromString(config)
+
+ >>> conn = db.open()
+ >>> conn.root()['a'] = 1
+ >>> transaction.commit()
+ >>> conn.root()['b'] = ZODB.blob.Blob('Hi\nworld.\n')
+ >>> transaction.commit()
+
+ >>> db.close()
+
+Since we didn't encrypt, we can open the storage using a plain file storage:
+
+ >>> db = ZODB.DB(ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs'))
+ >>> conn = db.open()
+ >>> conn.root()['a']
+ 1
+ >>> conn.root()['b'].open().read()
+ 'Hi\nworld.\n'
+ >>> db.close()
+ """
+
+def test_config_fileconfig():
+ r"""
+
+You can pass the encryption options.
+
+Create a sample config:
+
+ >>> import tempfile
+ >>> conf_path = tempfile.mktemp()
+ >>> with open(conf_path, 'w') as f:
+ ... f.write('''
+ ... [cipher:encryption]
+ ... enabled = false
+ ... ''')
+
+Ditch the default utility:
+
+ >>> from cipher.encryptingstorage import encrypt_util
+ >>> encrypt_util.ENCRYPTION_UTILITY = None
+
+Use the config tag to pass the filename:
+
+ >>> config = '''
+ ... %import cipher.encryptingstorage
+ ... <zodb>
+ ... <encryptingstorage>
+ ... encrypt no
+ ... config __filename__
+ ... <filestorage>
+ ... path data.fs
+ ... blob-dir blobs
+ ... </filestorage>
+ ... </encryptingstorage>
+ ... </zodb>
+ ... '''
+ >>> config = config.replace('__filename__', conf_path)
+
+ >>> db = ZODB.config.databaseFromString(config)
+
+It's enough for now that the utility gets replaced:
+
+ >>> encrypt_util.ENCRYPTION_UTILITY # doctest: +ELLIPSIS
+ <cipher.encryptingstorage.encrypt_util.TrivialEncryptionUtility object at ...>
+
+ """
+
+def test_mixed_encrypted_and_unencrypted_and_packing():
+ r"""
+We can deal with a mixture of encrypted and unencrypted data.
+
+First, we'll create an existing file storage:
+
+ >>> db = ZODB.DB(ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs'))
+ >>> conn = db.open()
+ >>> conn.root.a = 1
+ >>> transaction.commit()
+ >>> conn.root.b = ZODB.blob.Blob('Hi\nworld.\n')
+ >>> transaction.commit()
+ >>> conn.root.c = conn.root().__class__((i,i) for i in range(100))
+ >>> transaction.commit()
+ >>> db.close()
+
+Now let's open the database encrypted:
+
+ >>> db = ZODB.DB(cipher.encryptingstorage.EncryptingStorage(
+ ... ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs')))
+ >>> conn = db.open()
+ >>> conn.root()['a']
+ 1
+ >>> conn.root()['b'].open().read()
+ 'Hi\nworld.\n'
+ >>> conn.root()['b'] = ZODB.blob.Blob('Hello\nworld.\n')
+ >>> transaction.commit()
+ >>> db.close()
+
+Having updated the root, it is now encrypted. To see this, we'll
+open it as a file storage and inspect the record for object 0:
+
+ >>> storage = ZODB.FileStorage.FileStorage('data.fs')
+ >>> data, _ = storage.load('\0'*8)
+ >>> data[:2] == '.e'
+ True
+
+Records that we didn't modify remain unencrypted
+
+ >>> storage.load('\0'*7+'\2')[0] # doctest: +ELLIPSIS
+ 'cpersistent.mapping\nPersistentMapping...
+
+
+ >>> storage.close()
+
+Let's try packing the file 4 ways:
+
+- using the encrypted storage:
+
+ >>> open('data.fs.save', 'wb').write(open('data.fs', 'rb').read())
+ >>> db = ZODB.DB(cipher.encryptingstorage.EncryptingStorage(
+ ... ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs')))
+ >>> db.pack()
+ >>> sorted(ZODB.utils.u64(i[0]) for i in record_iter(db.storage))
+ [0, 2, 3]
+ >>> db.close()
+
+- using the storage in non-encrypt mode:
+
+ >>> open('data.fs', 'wb').write(open('data.fs.save', 'rb').read())
+ >>> db = ZODB.DB(cipher.encryptingstorage.EncryptingStorage(
+ ... ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs'),
+ ... encrypt=False))
+
+ >>> db.pack()
+ >>> sorted(ZODB.utils.u64(i[0]) for i in record_iter(db.storage))
+ [0, 2, 3]
+ >>> db.close()
+
+- using the server storage:
+
+ >>> open('data.fs', 'wb').write(open('data.fs.save', 'rb').read())
+ >>> db = ZODB.DB(cipher.encryptingstorage.ServerEncryptingStorage(
+ ... ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs'),
+ ... encrypt=False))
+
+ >>> db.pack()
+ >>> sorted(ZODB.utils.u64(i[0]) for i in record_iter(db.storage))
+ [0, 2, 3]
+ >>> db.close()
+
+- using the server storage in non-encrypted mode:
+
+ >>> open('data.fs', 'wb').write(open('data.fs.save', 'rb').read())
+ >>> db = ZODB.DB(cipher.encryptingstorage.ServerEncryptingStorage(
+ ... ZODB.FileStorage.FileStorage('data.fs', blob_dir='blobs'),
+ ... encrypt=False))
+
+ >>> db.pack()
+ >>> sorted(ZODB.utils.u64(i[0]) for i in record_iter(db.storage))
+ [0, 2, 3]
+ >>> db.close()
+ """
+
+class Dummy:
+
+ def invalidateCache(self):
+ print 'invalidateCache called'
+
+ def invalidate(self, *args):
+ print 'invalidate', args
+
+ def references(self, record, oids=None):
+ if oids is None:
+ oids = []
+ oids.extend(record.decode('hex').split())
+ return oids
+
+ def transform_record_data(self, data):
+ return data.encode('hex')
+
+ def untransform_record_data(self, data):
+ return data.decode('hex')
+
+
+def test_wrapping():
+ r"""
+Make sure the wrapping methods do what's expected.
+
+ >>> s = cipher.encryptingstorage.EncryptingStorage(ZODB.MappingStorage.MappingStorage())
+ >>> zope.interface.verify.verifyObject(ZODB.interfaces.IStorageWrapper, s)
+ True
+
+ >>> s.registerDB(Dummy())
+ >>> s.invalidateCache()
+ invalidateCache called
+
+ >>> s.invalidate('1', range(3), '')
+ invalidate ('1', [0, 1, 2], '')
+
+ >>> data = ' '.join(map(str, range(9)))
+ >>> transformed = s.transform_record_data(data)
+ >>> transformed
+ '.e.zx\x9c360206\x04b# 6\x06b\x13 6\x05b3 6\x07b\x0b\x00t,\x06\xb0'
+
+ >>> s.untransform_record_data(transformed) == data
+ True
+
+ >>> s.references(transformed)
+ ['0', '1', '2', '3', '4', '5', '6', '7', '8']
+
+ >>> l = range(3)
+ >>> s.references(transformed, l)
+ [0, 1, 2, '0', '1', '2', '3', '4', '5', '6', '7', '8']
+
+ >>> l
+ [0, 1, 2, '0', '1', '2', '3', '4', '5', '6', '7', '8']
+
+ """
+
+def dont_double_encrypt():
+ """
+ This test is a bit artificial in that we want to make sure we
+ don't double encrypt and we don't want to rely on not double
+ encrypting simply because doing so would make the pickle smaller.
+ So this test is actually testing that we don't encrypt strings
+ that start with the encrypted marker.
+
+ >>> data = '.e'+'x'*80
+ >>> store = cipher.encryptingstorage.EncryptingStorage(ZODB.MappingStorage.MappingStorage())
+ >>> store._transform(data) == data
+ True
+ """
+
+def record_iter(store):
+ next = None
+ while 1:
+ oid, tid, data, next = store.record_iternext(next)
+ yield oid, tid, data
+ if next is None:
+ break
+
+
+class FileStorageZlibTests(ZODB.tests.testFileStorage.FileStorageTests):
+
+ def open(self, **kwargs):
+ self._storage = cipher.encryptingstorage.EncryptingStorage(
+ ZODB.FileStorage.FileStorage('FileStorageTests.fs',**kwargs))
+
+class FileStorageZlibTestsWithBlobsEnabled(
+ ZODB.tests.testFileStorage.FileStorageTests):
+
+ def open(self, **kwargs):
+ if 'blob_dir' not in kwargs:
+ kwargs = kwargs.copy()
+ kwargs['blob_dir'] = 'blobs'
+ ZODB.tests.testFileStorage.FileStorageTests.open(self, **kwargs)
+ self._storage = cipher.encryptingstorage.EncryptingStorage(self._storage)
+
+class FileStorageZlibRecoveryTest(
+ ZODB.tests.testFileStorage.FileStorageRecoveryTest):
+
+ def setUp(self):
+ ZODB.tests.StorageTestBase.StorageTestBase.setUp(self)
+ self._storage = cipher.encryptingstorage.EncryptingStorage(
+ ZODB.FileStorage.FileStorage("Source.fs", create=True))
+ self._dst = cipher.encryptingstorage.EncryptingStorage(
+ ZODB.FileStorage.FileStorage("Dest.fs", create=True))
+
+
+
+class FileStorageZEOZlibTests(ZEO.tests.testZEO.FileStorageTests):
+ _expected_interfaces = (
+ ('ZODB.interfaces', 'IStorageRestoreable'),
+ ('ZODB.interfaces', 'IStorageIteration'),
+ ('ZODB.interfaces', 'IStorageUndoable'),
+ ('ZODB.interfaces', 'IStorageCurrentRecordIteration'),
+ ('ZODB.interfaces', 'IExternalGC'),
+ ('ZODB.interfaces', 'IStorage'),
+ ('ZODB.interfaces', 'IStorageWrapper'),
+ ('zope.interface', 'Interface'),
+ )
+
+ def getConfig(self):
+ return """\
+ %import cipher.encryptingstorage
+ <encryptingstorage>
+ <filestorage 1>
+ path Data.fs
+ </filestorage>
+ </encryptingstorage>
+ """
+
+class FileStorageClientZlibZEOZlibTests(FileStorageZEOZlibTests):
+
+ def _wrap_client(self, client):
+ return cipher.encryptingstorage.EncryptingStorage(client)
+
+class FileStorageClientZlibZEOServerZlibTests(
+ FileStorageClientZlibZEOZlibTests
+ ):
+
+ def getConfig(self):
+ return """\
+ %import cipher.encryptingstorage
+ <serverencryptingstorage>
+ <filestorage 1>
+ path Data.fs
+ </filestorage>
+ </serverencryptingstorage>
+ """
+
+def test_suite():
+ suite = unittest.TestSuite()
+ for class_ in (
+ FileStorageZlibTests,
+ FileStorageZlibTestsWithBlobsEnabled,
+ FileStorageZlibRecoveryTest,
+ FileStorageZEOZlibTests,
+ FileStorageClientZlibZEOZlibTests,
+ FileStorageClientZlibZEOServerZlibTests,
+ ):
+ s = unittest.makeSuite(class_, "check")
+ s.layer = ZODB.tests.util.MininalTestLayer(
+ 'encryptingstoragetests.%s' % class_.__name__)
+ suite.addTest(s)
+
+ suite.addTest(doctest.DocTestSuite(
+ setUp=setupstack.setUpDirectory, tearDown=setupstack.tearDown
+ ))
+ return suite
Property changes on: cipher.encryptingstorage/trunk/src/cipher/encryptingstorage/tests/test_zodb.py
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Added: cipher.encryptingstorage/trunk/ztk-versions-1.0.1.cfg
===================================================================
--- cipher.encryptingstorage/trunk/ztk-versions-1.0.1.cfg (rev 0)
+++ cipher.encryptingstorage/trunk/ztk-versions-1.0.1.cfg 2012-04-06 09:02:09 UTC (rev 124994)
@@ -0,0 +1,110 @@
+[versions]
+# ZTK
+zope.annotation = 3.5.0
+zope.applicationcontrol = 3.5.5
+zope.authentication = 3.7.1
+zope.broken = 3.6.0
+zope.browser = 1.3
+zope.browsermenu = 3.9.1
+zope.browserpage = 3.12.2
+zope.browserresource = 3.10.3
+zope.cachedescriptors = 3.5.1
+zope.catalog = 3.8.1
+zope.component = 3.9.5
+zope.componentvocabulary = 1.0.1
+zope.configuration = 3.7.2
+zope.container = 3.11.2
+zope.contentprovider = 3.7.2
+zope.contenttype = 3.5.1
+zope.copy = 3.5.0
+zope.copypastemove = 3.6.0
+zope.datetime = 3.4.0
+zope.deferredimport = 3.5.3
+zope.deprecation = 3.4.0
+zope.dottedname = 3.4.6
+zope.dublincore = 3.7.0
+zope.error = 3.7.2
+zope.event = 3.5.0-1
+zope.exceptions = 3.6.1
+zope.filerepresentation = 3.6.0
+zope.formlib = 4.0.5
+zope.hookable = 3.4.1
+zope.i18n = 3.7.4
+zope.i18nmessageid = 3.5.3
+zope.index = 3.6.1
+zope.interface = 3.6.1
+zope.intid = 3.7.2
+zope.keyreference = 3.6.2
+zope.lifecycleevent = 3.6.2
+zope.location = 3.9.0
+zope.login = 1.0.0
+zope.mimetype = 1.3.1
+zope.minmax = 1.1.2
+zope.pagetemplate = 3.5.2
+zope.password = 3.6.1
+zope.pluggableauth = 1.0.3
+zope.principalannotation = 3.6.1
+zope.principalregistry = 3.7.1
+zope.processlifetime = 1.0
+zope.proxy = 3.6.1
+zope.ptresource = 3.9.0
+zope.publisher = 3.12.4
+zope.ramcache = 1.0
+zope.schema = 3.7.0
+zope.security = 3.7.4
+zope.securitypolicy = 3.7.0
+zope.sendmail = 3.7.4
+zope.sequencesort = 3.4.0
+zope.server = 3.6.2
+zope.session = 3.9.3
+zope.site = 3.9.2
+zope.size = 3.4.1
+zope.structuredtext = 3.5.0
+zope.tal = 3.5.2
+zope.tales = 3.5.1
+zope.testing = 3.9.5
+zope.traversing = 3.13
+zope.viewlet = 3.7.2
+
+# Deprecating
+zope.documenttemplate = 3.4.2
+
+# Dependencies
+# Needed for the mechanize 0.1.x.
+ClientForm = 0.2.10
+distribute = 0.6.14
+docutils = 0.7
+Jinja2 = 2.5.5
+# Newer versions of mechanize are not fully py24 compatible.
+mechanize = 0.1.11
+Paste = 1.7.5.1
+PasteDeploy = 1.3.4
+PasteScript = 1.7.3
+py = 1.3.4
+Pygments = 1.3.1
+python-gettext = 1.0
+pytz = 2010l
+RestrictedPython = 3.6.0
+setuptools = 0.6c11
+Sphinx = 1.0.5
+transaction = 1.1.1
+z3c.recipe.sphinxdoc = 0.0.8
+zc.buildout = 1.4.4
+zc.lockfile = 1.0.0
+ZConfig = 2.8.0
+zc.recipe.egg = 1.2.2
+zc.recipe.testrunner = 1.2.1
+zc.resourcelibrary = 1.3.1
+zdaemon = 2.0.4
+ZODB3 = 3.9.7
+zope.mkzeoinstance = 3.9.4
+
+# toolchain
+argparse = 1.1
+lxml = 2.2.8
+mr.developer = 1.16
+tl.eggdeps = 0.4
+z3c.checkversions = 0.4.1
+z3c.recipe.compattest = 0.12.2
+z3c.recipe.depgraph = 0.5
+zope.kgs = 1.2.0
Property changes on: cipher.encryptingstorage/trunk/ztk-versions-1.0.1.cfg
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
More information about the checkins
mailing list