U
����S��W~�������������������
���@���s����d�Z�ddlZddlZddlT�ddlmZ�zddlmZ�W�nB�e k
rz���zddl
mZ�W�n
�e k
rt���e d��Y�nX�Y�nX�e�
ej
e
��e�
eje
��e�
eje
��G�dd��de�ZG�d d
��d
ee�ZG�d
d
��d
ee�ZdS�)
a���
Peewee integration with pysqlcipher.
Project page: https://github.com/leapcode/pysqlcipher/
**WARNING!!! EXPERIMENTAL!!!**
* Although this extention's code is short, it has not been propery
peer-reviewed yet and may have introduced vulnerabilities.
* The code contains minimum values for `passphrase` length and
`kdf_iter`, as well as a default value for the later.
**Do not** regard these numbers as advice. Consult the docs at
http://sqlcipher.net/sqlcipher-api/ and security experts.
Also note that this code relies on pysqlcipher and sqlcipher, and
the code there might have vulnerabilities as well, but since these
are widely used crypto modules, we can expect "short zero days" there.
Example usage:
from peewee.playground.ciphersql_ext import SqlCipherDatabase
db = SqlCipherDatabase('/path/to/my.db', passphrase="don'tuseme4real",
kdf_iter=1000000)
* `passphrase`: should be "long enough".
Note that *length beats vocabulary* (much exponential), and even
a lowercase-only passphrase like easytorememberyethardforotherstoguess
packs more noise than 8 random printable chatacters and *can* be memorized.
* `kdf_iter`: Should be "as much as the weakest target machine can afford".
When opening an existing database, passphrase and kdf_iter should be identical
to the ones used when creating it. If they're wrong, an exception will only be
raised **when you access the database**.
If you need to ask for an interactive passphrase, here's example code you can
put after the `db = ...` line:
try: # Just access the database so that it checks the encryption.
db.get_tables()
# We're looking for a DatabaseError with a specific error message.
except peewee.DatabaseError as e:
# Check whether the message *means* "passphrase is wrong"
if e.args[0] == 'file is encrypted or is not a database':
raise Exception('Developer should Prompt user for passphrase '
'again.')
else:
# A different DatabaseError. Raise it.
raise e
See a more elaborate example with this code at
https://gist.github.com/thedod/11048875
�����N)�*)�SqliteExtDatabase)�dbapi2z$Sqlcipher python bindings not found.c�������������������@���s���e�Zd�Zdd��ZdS�)�_SqlCipherDatabasec�����������������K���s����|��dd�}|��dd�}t|�dk�r,td��|r@|dk�r@td��tj|f|�}|��|��|�d �|�d
d
����|�d
�|���|S�)
N�
passphrase���kdf_iteri��������zESqlCipherDatabase passphrase should be at least eight character long.i'��z4SqlCipherDatabase kdf_iter should be at least 10000.zPRAGMA key='{0}'�'z''zPRAGMA kdf_iter={0:d}) �pop�lenZImproperlyConfigured� sqlcipherZconnectZ_add_conn_hooksZexecute�format�replace)�selfZdatabase�kwargsr���r����conn��r����/sqlcipher_ext.py�_connectH���s"����
�
�
�z_SqlCipherDatabase._connectN)�__name__�
__module__�
__qualname__r���r���r���r���r���r���G���s���r���c�������������������@���s
���e�Zd�ZdS�)�SqlCipherDatabaseN)r���r���r���r���r���r���r���r���]���s���r���c�����������������������s(���e�Zd�Z��fdd�Z��fdd�Z���ZS�)�SqlCipherExtDatabasec��������������������s
���d|d<�t�t|��j||��d�S�)NFZ
c_extensions)�superr����__init__)r����argsr����� __class__r���r���r
���b���s����z
SqlCipherExtDatabase.__init__c��������������������sh���t�t|��j||�}|��|��|��|��|��|��|�jr>|�j|_|�jrd|� d��|�jD�]}|�
|��qT|S�)NT)
r���r���r���Z_load_aggregatesZ_load_collationsZ_load_functionsZ
_row_factoryZ
row_factoryZ
_extensionsZenable_load_extensionZload_extension)r���r
���r���r���� extensionr
���r���r���r���f���s����
z
SqlCipherExtDatabase._connect)r���r���r���r
���r����
__classcell__r���r���r
���r���r���a���s���
r���)�__doc__ZdatetimeZdecimalZpeeweeZplayhouse.sqlite_extr���Z
pysqlcipherr���r
����
ImportErrorZ
pysqlcipher3Zregister_adapterZDecimal�str�date�time�objectr���ZSqliteDatabaser���r���r���r���r���r����<module>���s"���4