o "i @sZdZddlmZddlmZddlmZddlZddlZe e Z GdddZ e Z dS)z) Encryption utilities for sensitive data )Fernet)settings)OptionalNc@sVeZdZdZddZddZdedefdd Zd edefd d Zd ede fddZ dS)EncryptionServicez4Service for encrypting and decrypting sensitive datacCsd|_|dS)N)_fernet _initialize)selfr ;/lsinfo/ai/hellotax_ai/base_platform/app/core/encryption.py__init__s zEncryptionService.__init__c Csntjs tddSztj}t|tr|}t||_WdSt y6}z t d|t dd}~ww)zInitialize Fernet cipherzENCRYPTION_KEY not configured. API keys will be stored in plaintext. Generate a key with: python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())'Nz!Failed to initialize encryption: zInvalid ENCRYPTION_KEY. Generate a new key with: python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())') rENCRYPTION_KEYloggerwarning isinstancestrencoderr Exceptionerror ValueError)rkeyer r r rs" zEncryptionService._initialize plaintextreturnc Csb|s|S|jstd|Sz |j|}|WSty0}z td|d}~ww)z Encrypt a string Args: plaintext: The string to encrypt Returns: Base64-encoded encrypted string z,Encryption not configured, storing plaintextzEncryption failed: N)rr rencryptrdecoderr)rr encryptedrr r r r*s   zEncryptionService.encrypt ciphertextc Csp|s|S|jstd|Sz |j|}|WSty7}ztd||WYd}~Sd}~ww)z Decrypt a string Args: ciphertext: The encrypted string to decrypt Returns: Decrypted plaintext string z0Encryption not configured, returning value as-isz*Decryption failed, returning value as-is: N)rr rdecryptrrr)rr decryptedrr r r rBs   zEncryptionService.decryptvaluecCs:|r|jsdSz |j|WdStyYdSw)z Check if a value appears to be encrypted Args: value: The value to check Returns: True if the value appears to be encrypted FT)rrrr)rrr r r is_encrypted[s  zEncryptionService.is_encryptedN) __name__ __module__ __qualname____doc__r rrrrboolr r r r r r sr)r$cryptography.fernetr app.configrtypingrbase64logging getLoggerr!r rencryption_servicer r r r s     d