| Dir : /proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/ |
| Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
| Dir : //proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/hashutils.py |
"""
A collection of hashing and encoding utils.
"""
import base64
import hashlib
import hmac
import os
import random
import salt.utils.files
import salt.utils.platform
import salt.utils.stringutils
from salt.utils.decorators.jinja import jinja_filter
@jinja_filter("base64_encode")
def base64_b64encode(instr):
"""
Encode a string as base64 using the "modern" Python interface.
Among other possible differences, the "modern" encoder does not include
newline ('\\n') characters in the encoded output.
"""
return salt.utils.stringutils.to_unicode(
base64.b64encode(salt.utils.stringutils.to_bytes(instr)),
encoding="utf8" if salt.utils.platform.is_windows() else None,
)
@jinja_filter("base64_decode")
def base64_b64decode(instr):
"""
Decode a base64-encoded string using the "modern" Python interface.
"""
decoded = base64.b64decode(salt.utils.stringutils.to_bytes(instr))
try:
return salt.utils.stringutils.to_unicode(
decoded, encoding="utf8" if salt.utils.platform.is_windows() else None
)
except UnicodeDecodeError:
return decoded
def base64_encodestring(instr):
"""
Encode a byte-like object as base64 using the "modern" Python interface.
Among other possible differences, the "modern" encoder includes
a newline ('\\n') character after every 76 characters and always
at the end of the encoded string.
"""
return salt.utils.stringutils.to_unicode(
base64.encodebytes(salt.utils.stringutils.to_bytes(instr)),
encoding="utf8" if salt.utils.platform.is_windows() else None,
)
def base64_decodestring(instr):
"""
Decode a base64-encoded byte-like object using the "modern" Python interface.
"""
bvalue = salt.utils.stringutils.to_bytes(instr)
decoded = base64.decodebytes(bvalue)
try:
return salt.utils.stringutils.to_unicode(
decoded, encoding="utf8" if salt.utils.platform.is_windows() else None
)
except UnicodeDecodeError:
return decoded
@jinja_filter("md5")
def md5_digest(instr):
"""
Generate an md5 hash of a given string.
"""
return salt.utils.stringutils.to_unicode(
hashlib.md5(salt.utils.stringutils.to_bytes(instr)).hexdigest()
)
@jinja_filter("sha1")
def sha1_digest(instr):
"""
Generate an sha1 hash of a given string.
"""
return hashlib.sha1(salt.utils.stringutils.to_bytes(instr)).hexdigest()
@jinja_filter("sha256")
def sha256_digest(instr):
"""
Generate a sha256 hash of a given string.
"""
return salt.utils.stringutils.to_unicode(
hashlib.sha256(salt.utils.stringutils.to_bytes(instr)).hexdigest()
)
@jinja_filter("sha512")
def sha512_digest(instr):
"""
Generate a sha512 hash of a given string
"""
return salt.utils.stringutils.to_unicode(
hashlib.sha512(salt.utils.stringutils.to_bytes(instr)).hexdigest()
)
@jinja_filter("hmac")
def hmac_signature(string, shared_secret, challenge_hmac):
"""
Verify a challenging hmac signature against a string / shared-secret
Returns a boolean if the verification succeeded or failed.
"""
msg = salt.utils.stringutils.to_bytes(string)
key = salt.utils.stringutils.to_bytes(shared_secret)
challenge = salt.utils.stringutils.to_bytes(challenge_hmac)
hmac_hash = hmac.new(key, msg, hashlib.sha256)
valid_hmac = base64.b64encode(hmac_hash.digest())
return valid_hmac == challenge
@jinja_filter("hmac_compute")
def hmac_compute(string, shared_secret):
"""
Create an hmac digest.
"""
msg = salt.utils.stringutils.to_bytes(string)
key = salt.utils.stringutils.to_bytes(shared_secret)
hmac_hash = hmac.new(key, msg, hashlib.sha256).hexdigest()
return hmac_hash
@jinja_filter("rand_str")
@jinja_filter("random_hash")
def random_hash(size=9999999999, hash_type=None):
"""
Return a hash of a randomized data from random.SystemRandom()
"""
if not hash_type:
hash_type = "md5"
hasher = getattr(hashlib, hash_type)
return hasher(
salt.utils.stringutils.to_bytes(str(random.SystemRandom().randint(0, size)))
).hexdigest()
@jinja_filter("file_hashsum")
def get_hash(path, form="sha256", chunk_size=65536):
"""
Get the hash sum of a file
This is better than ``get_sum`` for the following reasons:
- It does not read the entire file into memory.
- It does not return a string on error. The returned value of
``get_sum`` cannot really be trusted since it is vulnerable to
collisions: ``get_sum(..., 'xyz') == 'Hash xyz not supported'``
"""
hash_type = hasattr(hashlib, form) and getattr(hashlib, form) or None
if hash_type is None:
raise ValueError(f"Invalid hash type: {form}")
with salt.utils.files.fopen(path, "rb") as ifile:
hash_obj = hash_type()
# read the file in in chunks, not the entire file
for chunk in iter(lambda: ifile.read(chunk_size), b""):
hash_obj.update(chunk)
return hash_obj.hexdigest()
class DigestCollector:
"""
Class to collect digest of the file tree.
"""
def __init__(self, form="sha256", buff=0x10000):
"""
Constructor of the class.
:param form:
"""
self.__digest = hasattr(hashlib, form) and getattr(hashlib, form)() or None
if self.__digest is None:
raise ValueError(f"Invalid hash type: {form}")
self.__buff = buff
def add(self, path):
"""
Update digest with the file content by path.
:param path:
:return:
"""
with salt.utils.files.fopen(path, "rb") as ifile:
for chunk in iter(lambda: ifile.read(self.__buff), b""):
self.__digest.update(chunk)
def digest(self):
"""
Get digest.
:return:
"""
return salt.utils.stringutils.to_str(self.__digest.hexdigest() + os.linesep)