From 6ce71bbd611a56cca9dcff77b811da6676dce33c Mon Sep 17 00:00:00 2001
From: crp3844 <jgaunt@ppg.com>
Date: Wed, 7 Sep 2022 11:33:37 -0400
Subject: [PATCH] changed from ini to whole file encryption

---
 bitwardenBackup.py | 89 +++++++++++++++++++++++-----------------------
 1 file changed, 45 insertions(+), 44 deletions(-)

diff --git a/bitwardenBackup.py b/bitwardenBackup.py
index 5d1bee6..03b4882 100644
--- a/bitwardenBackup.py
+++ b/bitwardenBackup.py
@@ -17,7 +17,7 @@ from kmip.pie import client
 
 os_detected = platform.system()
 script_directory = os.path.dirname(os.path.realpath(__file__))
-secrets_ini_file = os.path.join(script_directory, "secrets.ini")
+secrets_config_file = os.path.join(script_directory, "secrets.config")
 pykmip_client_config_file = os.path.join(script_directory, "conf", "client.conf")
 log_file = os.path.join(script_directory, "log.log")
 
@@ -54,25 +54,40 @@ def build_logger(level):
 
     return logger
 
+def write_config_file(array, config_file):
+    logger.debug("Starting to write config file and encrypt contents")
+    logger.debug("Using config file: {}".format(config_file))
+    logger.debug("Converting array to json")
+    array_json = json.dumps(array)
+    logger.debug("Encrypting json")
+    encrypted_array_json = encrypt(client, array_json)
+    logger.debug("Attempting to write encrypted config to file")
+    try:
+        f = open(config_file, "w")
+        f.write(encrypted_array_json)
+        f.close()
+        logger.debug("Succesffully wrote encrypted config to file")
+    except Exception as e:
+        logger.error("Unable to write encrypted config to file. Error: {}".format(e))
+        sys.exit(-1)
+    logger.debug("Finshed writing config file and encrypting contents")
+
 def read_config_file(config_file):
     logger.debug("Starting to read config file and decrypt contents")
     logger.debug("Using config file: {}".format(config_file))
-    config = configparser.ConfigParser()
-    config.read(config_file)
-    sections = config.sections()
-    logger.debug("Found following sections...")
-    accounts = dict()
-    for section in sections:
-        email = decrypt(client, section)
-        logger.debug("Sections: {}".format(email))
-        logger.debug("Found the following key under sectcion...")
-        accounts[email] = dict()
-        for key in config[section]:
-            logger.debug("Found the following key under sectcion...(Values will not be displayed)")
-            logger.debug("Key: {}".format(key))
-            accounts[email][key] = decrypt(client, config[section][key])
+    logger.debug("Attempting to read encrypted config to file")
+    try:
+        with open(config_file) as f:
+            config = f.read()
+    except Exception as e:
+        logger.error("Unable to read encrypted config to file. Error: {}".format(e))
+        sys.exit(-1)
+    logger.debug("Decrypting config file")
+    decrypted_array_json = decrypt(client, config)
+    logger.debug("Convert json to array")
+    array = json.loads(decrypted_array_json)
     logger.debug("Finished reading config file and decrypting contents")
-    return accounts
+    return array
 
 def create_encryption_key(client):
     # Create an encryption key.
@@ -216,14 +231,11 @@ def does_file_exist(filepath):
 def ask_for_account_details():
     print("Requesting account details to build the ini file.")
     account_email_address = input("Please enter Bitwarden account email address: ")
-    encrypted_account_email_address = encrypt(client, account_email_address)
     account_api_client_id = input("Please enter Bitwarden account API client ID: ")
-    encrypted_account_api_client_id = encrypt(client, account_api_client_id)
     while True:
         account_api_secret = getpass.getpass("Please enter Bitwarden account API secret: ")
         account_api_secret2 = getpass.getpass("Please confirm Bitwarden account API secret: ")
         if account_api_secret == account_api_secret2:
-            encrypted_account_api_secret = encrypt(client, account_api_secret)
             break
         else:
             print("The Bitwarden account API secrets do not match, please try again.")
@@ -231,20 +243,15 @@ def ask_for_account_details():
         account_vault_password = getpass.getpass("Please enter Bitwarden account vault password: ")
         account_vault_password2 = getpass.getpass("Please confirm Bitwarden account vault password: ")
         if account_vault_password == account_vault_password2:
-            encrypted_account_vault_password = encrypt(client, account_vault_password)
             break
         else:
             print("The Bitwarden account vault passwords do not match, please try again.")
 
     array = dict()
-    #array["account_email_address"] = account_email_address
-    array["encrypted_account_email_address"] = encrypted_account_email_address
-    #array["account_api_client_id"] = account_api_client_id
-    array["encrypted_account_api_client_id"] = encrypted_account_api_client_id
-    #array["account_api_secret"] = account_api_secret
-    array["encrypted_account_api_secret"] = encrypted_account_api_secret
-    #array["account_vault_password"] = account_vault_password
-    array["encrypted_account_vault_password"] = encrypted_account_vault_password
+    array[account_email_address] = dict()
+    array[account_email_address]["account_api_client_id"] = account_api_client_id
+    array[account_email_address]["account_api_secret"] = account_api_secret
+    array[account_email_address]["account_vault_password"] = account_vault_password
     return array
 
 def select_account(accounts, wording = "edit"):
@@ -261,18 +268,18 @@ def select_account(accounts, wording = "edit"):
 
 if __name__ == "__main__":
     # INI config does not exist
-    #if not does_file_exist(secrets_ini_file):
+    #if not does_file_exist(secrets_config_file):
     #    account_details = ask_for_account_details()
     #    config = configparser.ConfigParser()
     #    config[account_details["account_email_address"]] = {}
     #    config[account_details["account_email_address"]]["account_api_client_id"] = account_details["account_api_client_id"]
     #    config[account_details["account_email_address"]]["account_api_secret"] = account_details["account_api_secret"]
     #    config[account_details["account_email_address"]]["account_vault_password"] = account_details["account_vault_password"]
-    #    with open(secrets_ini_file, "w") as configfile:
+    #    with open(secrets_config_file, "w") as configfile:
     #        config.write(configfile)
 
     #config = configparser.ConfigParser()
-    #config.read(secrets_ini_file)
+    #config.read(secrets_config_file)
     #accounts = config.sections()
     # decrypt all values for easy update a
 
@@ -345,7 +352,7 @@ if __name__ == "__main__":
     
 
     if opts.config:
-        if not does_file_exist(secrets_ini_file):
+        if not does_file_exist(secrets_config_file):
             print("No Bitwarden accounts found, do you want to make a new one?")
             print("n) New account")
             print("q) Quit config")
@@ -353,20 +360,14 @@ if __name__ == "__main__":
                 user_input = input("n/q> ")
                 if user_input.casefold() == "n":
                     account_details = ask_for_account_details()
-                    config = configparser.ConfigParser()
-                    config.add_section(account_details["encrypted_account_email_address"])
-                    for key in account_details.keys():
-                        if not key == "encrypted_account_email_address":
-                            config.set(account_details["encrypted_account_email_address"], key, account_details[key])
-                    with open(secrets_ini_file, "w") as configfile:
-                        config.write(configfile)
+                    write_config_file(account_details, secrets_config_file)
                     break
                 elif user_input.casefold() == "q":
                     sys.exit(0)
                 else:
                     print("This value must be one of the following characters: n, q.")
         while True:
-            accounts = read_config_file(secrets_ini_file)
+            accounts = read_config_file(secrets_config_file)
             print(accounts)
             print("Current Bitwarden accounts:")
             print(" ")
@@ -385,25 +386,25 @@ if __name__ == "__main__":
                 elif user_input.casefold() == "n":
                     account_details = ask_for_account_details()
                     config = configparser.ConfigParser()
-                    config.read(secrets_ini_file)
+                    config.read(secrets_config_file)
                     config.add_section(account_details["encrypted_account_email_address"])
                     for key in account_details.keys():
                         if not key == "encrypted_account_email_address":
                             config.set(account_details["encrypted_account_email_address"], key, account_details[key])
-                    with open(secrets_ini_file, "w") as configfile:
+                    with open(secrets_config_file, "w") as configfile:
                         config.write(configfile)
                     break
 
                 elif user_input.casefold() == "d":
                     config = configparser.ConfigParser()
-                    config.read(secrets_ini_file)
+                    config.read(secrets_config_file)
                     account_section_to_delete = select_account(accounts, "delete")
                     print("Are you sure you wish to delete {} account? ".format(account_section_to_delete))
                     confirmation = input("y/n> ")
                     if not confirmation.casefold() in ["y","yes"]:
                         break
                     config.remove_section(account_section_to_delete)
-                    with open(secrets_ini_file, "w") as configfile:
+                    with open(secrets_config_file, "w") as configfile:
                         config.write(configfile)
                     break