For #105, #118 (#9)

* For #105, #118 - The project now attempts to force `keyring` module to use specific back end libraries. - For Windows: `WinVaultKeyring`. - For Linux (Ubuntu): `LibSecret`. - The key's length is set back to `1024`; as `4096` seems too unstable and causes crashes of the keys_generator tool on Windows. - Improved the regular expressions in the `cqlsh` project to get rid of the warnings. - Updated the `keyring` part in the `cqlsh` project as well. * Length changed to be 2048 * Partially rollback --------- Co-authored-by: Sergio Rua <[email protected]>
axonops · Jul 19, 2024 · d779019 · d779019
1 parent 7a03080
commit d779019
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 16 deletions.
diff --git a/keys_generator/keys_generator.py b/keys_generator/keys_generator.py
@@ -1,5 +1,5 @@
 #  © 2024 AxonOps Limited. All rights reserved.
- 
+
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
@@ -11,7 +11,7 @@
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
- 
+
 # Cassandra Workbench tool to generate RSA keys,
 # that will be used to encrypt/decrypt credentials securely with cqlsh tool
 
@@ -21,7 +21,21 @@
 import os
 
 if system() == 'Windows':
-   set_keyring(backends.Windows.WinVaultKeyring()) 
+    try:
+        from keyring.backends.Windows import WinVaultKeyring
+        set_keyring(WinVaultKeyring())
+    except:
+        pass
+
+if system() == 'Linux':
+    try:
+        get_password("AxonOpsDeveloperWorkbenchPublicKey", "key")
+    except:
+        try:
+            from keyring.backends import libsecret
+            set_keyring(libsecret.Keyring())
+        except:
+            pass
 
 # First, attempt get the keys from the OS keychain
 publicKey, privateKey = get_password("AxonOpsDeveloperWorkbenchPublicKey", "key"), \
@@ -31,7 +45,7 @@
 # If not, then create both keys
 if publicKey is None or privateKey is None or \
         len(publicKey) != 271 or len(privateKey) != 886:
-    keys = RSA.generate(int(os.getenv("RSA_KEY_LENGTH", 4096)))
+    keys = RSA.generate(int(os.getenv("RSA_KEY_LENGTH", 2048))) # Setting the length to 2048 caused a failure on Windows (issue #105)
 
     # Get public and private keys,
     # encode them with base64, and convert them from bytes to string

diff --git a/v6.0.0-ACv4.0.7/cqlsh.py b/v6.0.0-ACv4.0.7/cqlsh.py
@@ -131,7 +131,21 @@ def custom_exit(*args, **kwargs):
 cqlruleset = None
 
 if platform.system() == 'Windows':
-   set_keyring(backends.Windows.WinVaultKeyring())
+    try:
+        from keyring.backends.Windows import WinVaultKeyring
+        set_keyring(WinVaultKeyring())
+    except:
+        pass
+
+if platform.system() == 'Linux':
+    try:
+        get_password("AxonOpsDeveloperWorkbenchPublicKey", "key")
+    except:
+        try:
+            from keyring.backends import libsecret
+            set_keyring(libsecret.Keyring())
+        except:
+            pass
 
 epilog = """Connects to %(DEFAULT_HOST)s:%(DEFAULT_PORT)d by default. These
 defaults can be changed by setting $CQLSH_HOST and/or $CQLSH_PORT. When a
@@ -994,13 +1008,13 @@ def strip_comment_blocks(self, statementtext):
             if '*/' in result:
                 result = re.sub('.*[*][/]', "", result)
                 self.in_comment = False
-            if self.in_comment and not re.findall('[/][*]|[*][/]', statementtext):
+            if self.in_comment and not re.findall(r'[/][*]|[*][/]', statementtext):
                 result = ''
             return result
         return statementtext
 
     def onecmd(self, statementtext):
-        if len(re.findall("KEYWORD:STATEMENT:IGNORE-\d+", statementtext)) > 0:
+        if len(re.findall(r'KEYWORD:STATEMENT:IGNORE-\d+', statementtext)) > 0:
             return True
 
         """
@@ -2243,7 +2257,7 @@ def read_options(cmdlineargs, environment):
                     for option in options:
                         for variable in variables:
                             value = configs.get(section, option)
-                            matchedVars = re.findall("\$\{(" + variable["name"] + ")\}", value)
+                            matchedVars = re.findall(r'\${(' + variable["name"] + ')}', value)
                             for matchedVar in matchedVars:
                                 newValue = value.replace("${" + matchedVar + "}", variable["value"])
                                 configs.set(section, option, value=newValue)
@@ -2256,7 +2270,7 @@ def read_options(cmdlineargs, environment):
                     for option in options:
                         for variable in variables:
                             value = rawconfigs.get(section, option)
-                            matchedVars = re.findall("\$\{(" + variable["name"] + ")\}", value)
+                            matchedVars = re.findall(r'\${(' + variable["name"] + ')}', value)
                             for matchedVar in matchedVars:
                                 newValue = value.replace("${" + matchedVar + "}", variable["value"])
                                 rawconfigs.set(section, option, value=newValue)

diff --git a/v6.0.0-ACv4.0.7/cqlshlib/sslhandling.py b/v6.0.0-ACv4.0.7/cqlshlib/sslhandling.py
@@ -77,7 +77,7 @@ def ssl_settings(host, config_file, env=os.environ, varsManifest=None, varsValue
                     for option in options:
                         for variable in variables:
                             value = configs.get(section, option)
-                            matchedVars = re.findall("\$\{(" + variable["name"] + ")\}", value)
+                            matchedVars = re.findall(r"\${(" + variable["name"] + ")}", value)
                             for matchedVar in matchedVars:
                                 newValue = value.replace("${" + matchedVar + "}", variable["value"])
                                 configs.set(section, option, value=newValue)

diff --git a/v6.1.0-ACv4.1.0/cqlsh.py b/v6.1.0-ACv4.1.0/cqlsh.py
@@ -125,7 +125,21 @@ def custom_exit(*args, **kwargs):
 
 
 if platform.system() == 'Windows':
-   set_keyring(backends.Windows.WinVaultKeyring())
+    try:
+        from keyring.backends.Windows import WinVaultKeyring
+        set_keyring(WinVaultKeyring())
+    except:
+        pass
+
+if platform.system() == 'Linux':
+    try:
+        get_password("AxonOpsDeveloperWorkbenchPublicKey", "key")
+    except:
+        try:
+            from keyring.backends import libsecret
+            set_keyring(libsecret.Keyring())
+        except:
+            pass
 
 epilog = """Connects to %(DEFAULT_HOST)s:%(DEFAULT_PORT)d by default. These
 defaults can be changed by setting $CQLSH_HOST and/or $CQLSH_PORT. When a
@@ -963,13 +977,13 @@ def strip_comment_blocks(self, statementtext):
             if '*/' in result:
                 result = re.sub('.*[*][/]', "", result)
                 self.in_comment = False
-            if self.in_comment and not re.findall('[/][*]|[*][/]', statementtext):
+            if self.in_comment and not re.findall(r'[/][*]|[*][/]', statementtext):
                 result = ''
             return result
         return statementtext
 
     def onecmd(self, statementtext):
-        if len(re.findall("KEYWORD:STATEMENT:IGNORE-\d+", statementtext)) > 0:
+        if len(re.findall(r'KEYWORD:STATEMENT:IGNORE-\d+', statementtext)) > 0:
             return True
 
         """
@@ -2223,7 +2237,7 @@ def read_options(cmdlineargs, environment):
                     for option in options:
                         for variable in variables:
                             value = configs.get(section, option)
-                            matchedVars = re.findall("\$\{(" + variable["name"] + ")\}", value)
+                            matchedVars = re.findall(r'\${(' + variable["name"] + ')}', value)
                             for matchedVar in matchedVars:
                                 newValue = value.replace("${" + matchedVar + "}", variable["value"])
                                 configs.set(section, option, value=newValue)
@@ -2236,7 +2250,7 @@ def read_options(cmdlineargs, environment):
                     for option in options:
                         for variable in variables:
                             value = rawconfigs.get(section, option)
-                            matchedVars = re.findall("\$\{(" + variable["name"] + ")\}", value)
+                            matchedVars = re.findall(r'\${(' + variable["name"] + ')}', value)
                             for matchedVar in matchedVars:
                                 newValue = value.replace("${" + matchedVar + "}", variable["value"])
                                 rawconfigs.set(section, option, value=newValue)

diff --git a/v6.1.0-ACv4.1.0/cqlshlib/sslhandling.py b/v6.1.0-ACv4.1.0/cqlshlib/sslhandling.py
@@ -76,7 +76,7 @@ def ssl_settings(host, config_file, env=os.environ, varsManifest=None, varsValue
                     for option in options:
                         for variable in variables:
                             value = configs.get(section, option)
-                            matchedVars = re.findall("\$\{(" + variable["name"] + ")\}", value)
+                            matchedVars = re.findall(r"\${(" + variable["name"] + ")}", value)
                             for matchedVar in matchedVars:
                                 newValue = value.replace("${" + matchedVar + "}", variable["value"])
                                 configs.set(section, option, value=newValue)