Add fault catch for decrypt and github actions

Author: Inbal Tako

.github/workflows/ci.yml

@@ -0,0 +1,55 @@
+name: CI
+
+on:
+  pull_request:
+    branches:
+      - master
+      - dev
+      - dev-*
+
+jobs:
+  ci:
+
+    runs-on: ubuntu-latest
+    steps:
+    - name: Notify slack success
+      if: success()
+      id: slack # IMPORTANT: reference this step ID value in future Slack steps
+      env:
+        SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      uses: voxmedia/github-action-slack-notify-build@v1.1.1
+      with:
+        channel: github-actions
+        status: STARTING
+        color: warning
+
+    - name: Publish a Python distribution to PyPI
+      uses: pypa/gh-action-pypi-publish@master
+      with:
+        user: __token__
+        password: ${{ secrets.pypi_password }}
+
+    - name: Run Tests
+      run: python -m unittest
+
+    - name: Notify slack success
+      if: success()
+      env:
+        SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      uses: voxmedia/github-action-slack-notify-build@v1.1.1
+      with:
+        message_id: ${{ steps.slack.outputs.message_id }}
+        channel: github-actions
+        status: SUCCESS
+        color: good
+
+    - name: Notify slack fail
+      if: failure()
+      env:
+        SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      uses: voxmedia/github-action-slack-notify-build@v1.1.1
+      with:
+        message_id: ${{ steps.slack.outputs.message_id }}
+        channel: github-actions
+        status: FAILED
+        color: danger

.github/workflows/publish.yml

@@ -0,0 +1,65 @@
+name: Publish
+
+on:
+  release:
+    types: [created]
+      
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Starting
+        if: success()
+        id: slack # IMPORTANT: reference this step ID value in future Slack steps
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1.1.1
+        with:
+          channel: github-actions
+          status: STARTING
+          color: warning
+      
+      - uses: actions/checkout@v2
+      - name: Set up Maven Central Repository
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+      
+      - name: Build
+        run: mvn -B package --file pom.xml
+  
+      - name: Run Tests
+        run: mvn test
+
+      - name: Release Maven package
+        uses: samuelmeuli/action-maven-publish@v1
+        with:
+          gpg_private_key: ${{ secrets.gpg_private_key }}
+          gpg_passphrase: ${{ secrets.gpg_passphrase }}
+          nexus_username: ${{ secrets.nexus_username }}
+          nexus_password: ${{ secrets.nexus_password }}
+
+      - name: Notify slack success
+        if: success()
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1.1.1
+        with:
+          message_id: ${{ steps.slack.outputs.message_id }}
+          channel: github-actions
+          status: SUCCESS
+          color: good
+
+      - name: Notify slack fail
+        if: failure()
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1.1.1
+        with:
+          message_id: ${{ steps.slack.outputs.message_id }}
+          channel: github-actions
+          status: FAILED
+          color: danger

.github/workflows/test.yml

@@ -0,0 +1,65 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - master
+      - dev
+      - dev-*
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify slack success
+        if: success()
+        id: slack # IMPORTANT: reference this step ID value in future Slack steps
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1.1.1
+        with:
+          channel: github-actions
+          status: STARTING
+          color: warning
+
+      - uses: actions/checkout@v2
+      - name: Set up JDK 1.8
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+
+      - name: Build
+        run: mvn -B package --file pom.xml
+
+      - name: Run Tests
+        run: mvn test
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: true
+
+      - name: Notify slack success
+        if: success()
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1.1.1
+        with:
+          message_id: ${{ steps.slack.outputs.message_id }}
+          channel: github-actions
+          status: SUCCESS
+          color: good
+
+      - name: Notify slack fail
+        if: failure()
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1.1.1
+        with:
+          message_id: ${{ steps.slack.outputs.message_id }}
+          channel: github-actions
+          status: FAILED
+          color: danger

securenative/utils/encryption_utils.py

@@ -1,10 +1,10 @@
 import json
 from binascii import unhexlify, hexlify
-from json import JSONDecodeError
 
 from Crypto import Random
 from Crypto.Cipher import AES
 
+from securenative.logger import Logger
 from securenative.models.client_token import ClientToken
 
 
@@ -14,25 +14,30 @@ class EncryptionUtils(object):
 
     @classmethod
     def encrypt(cls, text, cipher_key):
-        key = cipher_key[:cls.KEY_SIZE]
-        iv = Random.new().read(AES.block_size)
-        cipher = AES.new(key, AES.MODE_CBC, iv)
-        raw = str(cls._pad(text))
-        return hexlify(iv + cipher.encrypt(raw))
+        try:
+            key = cipher_key[:cls.KEY_SIZE]
+            iv = Random.new().read(AES.block_size)
+            cipher = AES.new(key, AES.MODE_CBC, iv)
+            raw = str(cls._pad(text))
+            return hexlify(iv + cipher.encrypt(raw))
+        except Exception as e:
+            Logger.error("Could not encrypt text {}; {}".format(text, e))
+            return None
 
     @classmethod
     def decrypt(cls, encrypted, cipher_key):
-        key = cipher_key[:cls.KEY_SIZE]
-        content = unhexlify(encrypted)
-        iv = content[:cls.BLOCK_SIZE]
-        cipher_text = content[cls.BLOCK_SIZE:]
-        aes = AES.new(key, AES.MODE_CBC, iv)
-        rv = aes.decrypt(cipher_text).decode("utf-8").strip()
         try:
+            key = cipher_key[:cls.KEY_SIZE]
+            content = unhexlify(encrypted)
+            iv = content[:cls.BLOCK_SIZE]
+            cipher_text = content[cls.BLOCK_SIZE:]
+            aes = AES.new(key, AES.MODE_CBC, iv)
+            rv = aes.decrypt(cipher_text).decode("utf-8").strip()
             secret = json.loads(rv)
             return ClientToken(secret.get("cid"), secret.get("vid"), secret.get("fp"))
-        except JSONDecodeError:
-            return rv
+        except Exception as e:
+            Logger.error("Could not decrypt str {}; {}".format(encrypted, e))
+            return None
 
     @classmethod
     def _pad(cls, s):

securenative/utils/version_utils.py

@@ -2,4 +2,4 @@ class VersionUtils(object):
 
     @staticmethod
     def get_version():
-        return "0.1.8"
+        return "0.1.9"