hana-python-securestore/python/server.py at main · SAP-archive/hana-python-securestore · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
"""
XSA Python buildpack app example
Author: Andrew Lunde
"""
from flask import Flask
from flask import request
from flask import Response

from flask import send_from_directory

import os
import json
from cfenv import AppEnv

# from sap.cf_logging import flask_logging
#
# https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.03/en-US/d12c86af7cb442d1b9f8520e2aba7758.html
from hdbcli import dbapi


app = Flask(__name__)
env = AppEnv()

# Get port from environment variable or choose 9099 as local default
# If you are testing locally (i.e. not with xs or cf deployments,
# Be sure to pull all the python modules locally
# with pip using XS_PYTHON unzipped to /tmp
# mkdir -p local
# pip install -t local -r requirements.txt -f /tmp
port = int(os.getenv("PORT", 9099))
hana = env.get_service(label='hana')

# This module's Flask webserver will respond to these three routes (URL paths)
# If there is no path then just return Hello World and
# this module's instance number
# Requests passed through the app-router will never hit this route.


@app.route('/')
def hello_world():
    output = '<strong>Python SecureStore! Instance ' + \
             str(os.getenv("CF_INSTANCE_INDEX", 0)) + \
             '</strong> Try these links.</br>\n'
    output += '<a href="/python/links">/python/links</a><br />\n'
    return output


# Satisfy browser requests for favicon.ico so that don't return 404
@app.route('/favicon.ico')
def favicon():
    return send_from_directory(os.path.join(app.root_path, 'static'),
                               'favicon.ico',
                               mimetype='image/vnd.microsoft.icon')


# Coming through the app-router
@app.route('/python/links')
def python_links():
    output = '<strong>Python SecureStore! Instance ' + \
             str(os.getenv("CF_INSTANCE_INDEX", 0)) + \
             '</strong> Try these links.</br>\n'
    output += '<a href="/python/insert">/python/insert</a><br />\n'
    output += '<a href="/python/retrieve">/python/retrieve</a><br />\n'
    output += '<a href="/python/delete">/python/delete</a><br />\n'
    return output


@app.route('/python/insert')
def unauth_ss_insert():
    output = 'Python UnAuthorized SecureStore Insert. \n'

    schema = hana.credentials['schema']
    host = hana.credentials['host']
    port = hana.credentials['port']
    user = hana.credentials['user']
    password = hana.credentials['password']

    # The certificate will available for HANA service instances that
    # require an encrypted connection
    # Note: This was tested to work with python hdbcli-2.3.112 tar.gz package
    # not hdbcli-2.3.14 provided in XS_PYTHON00_0-70003433.ZIP
    if 'certificate' in hana.credentials:
        haascert = hana.credentials['certificate']

    output += 'schema: ' + schema + '\n'
    output += 'host: ' + host + '\n'
    output += 'port: ' + port + '\n'
    output += 'user: ' + user + '\n'
    output += 'pass: ' + password + '\n'

    # Connect to the python HANA DB driver using the connection info
    # User for HANA as a Service instances
    if 'certificate' in hana.credentials:
        connection = dbapi.connect(
            address=host,
            port=int(port),
            user=user,
            password=password,
            currentSchema=schema,
            encrypt="true",
            sslValidateCertificate="true",
            sslCryptoProvider="openssl",
            sslTrustStore=haascert
        )
    else:
        connection = dbapi.connect(
            address=host,
            port=int(port),
            user=user,
            password=password,
            currentSchema=schema
        )

    # Prep a cursor for SQL execution
    cursor = connection.cursor()

    # Form an SQL statement to retrieve some data

    string2store = 'Whatever!'

    import codecs
    hex2store = (codecs.encode(str.encode(string2store), "hex")).decode()

    try:
        cursor.callproc("SYS.USER_SECURESTORE_INSERT",
                        ("TestStoreName", False, "TestKey", hex2store))
        output += 'key TestKey with value ' + string2store + '=' + \
                  hex2store + ' was inserted into store TestStoreName.\n'
    except:
        output += 'key TestKey likely already exists. Try deleting first.\n'

    # Close the DB connection
    connection.close()

    # Return the results
    return Response(output, mimetype='text/plain', status=200,)


@app.route('/python/retrieve')
def unauth_ss_retrieve():
    output = 'Python UnAuthorized SecureStore Retrieve.\n'

    schema = hana.credentials['schema']
    host = hana.credentials['host']
    port = hana.credentials['port']
    user = hana.credentials['user']
    password = hana.credentials['password']

    # The certificate will available for HANA service instances
    # that require an encrypted connection
    # Note: This was tested to work with python hdbcli-2.3.112 tar.gz package
    # not hdbcli-2.3.14 provided in XS_PYTHON00_0-70003433.ZIP
    if 'certificate' in hana.credentials:
        haascert = hana.credentials['certificate']

    output += 'schema: ' + schema + '\n'
    output += 'host: ' + host + '\n'
    output += 'port: ' + port + '\n'
    output += 'user: ' + user + '\n'
    output += 'pass: ' + password + '\n'

    # Connect to the python HANA DB driver using the connection info
    # User for HANA as a Service instances
    if 'certificate' in hana.credentials:
        connection = dbapi.connect(
            address=host,
            port=int(port),
            user=user,
            password=password,
            currentSchema=schema,
            encrypt="true",
            sslValidateCertificate="true",
            sslCryptoProvider="openssl",
            sslTrustStore=haascert
        )
    else:
        connection = dbapi.connect(
            address=host,
            port=int(port),
            user=user,
            password=password,
            currentSchema=schema
        )

    # Prep a cursor for SQL execution
    cursor = connection.cursor()

    # Form an SQL statement to retrieve some data

    # https://blogs.sap.com/2017/07/26/sap-hana-2.0-sps02-new-feature-updated-python-driver/

    # cursor.execute('call SYS.USER_SECURESTORE_RETRIEVE (\'TestStoreName\',
    # False, \'TestKey\', ?)')
    hexvalue = cursor.callproc("SYS.USER_SECURESTORE_RETRIEVE",
                               ("TestStoreName", False, "TestKey", None))

    # Close the DB connection
    connection.close()

    import codecs

    if hexvalue[3] is None:
        output += 'key TestKey does not exist in store TestStoreName. ' + \
                  'Try inserting a value first.\n'
    else:
        retrieved = codecs.decode(hexvalue[3].hex(), "hex").decode()
        output += 'key TestKey with value ' + retrieved + \
                  ' was retrieved from store TestStoreName.\n'

    # Return the results
    return Response(output, mimetype='text/plain', status=200,)


@app.route('/python/delete')
def unauth_ss_delete():
    output = 'Python UnAuthorized SecureStore Delete. \n'

    schema = hana.credentials['schema']
    host = hana.credentials['host']
    port = hana.credentials['port']
    user = hana.credentials['user']
    password = hana.credentials['password']

    # The certificate will available for HANA service instances
    # that require an encrypted connection
    # Note: This was tested to work with python hdbcli-2.3.112 tar.gz package
    # not hdbcli-2.3.14 provided in XS_PYTHON00_0-70003433.ZIP
    if 'certificate' in hana.credentials:
        haascert = hana.credentials['certificate']

    output += 'schema: ' + schema + '\n'
    output += 'host: ' + host + '\n'
    output += 'port: ' + port + '\n'
    output += 'user: ' + user + '\n'
    output += 'pass: ' + password + '\n'

    # Connect to the python HANA DB driver using the connection info
    # User for HANA as a Service instances
    if 'certificate' in hana.credentials:
        connection = dbapi.connect(
            address=host,
            port=int(port),
            user=user,
            password=password,
            currentSchema=schema,
            encrypt="true",
            sslValidateCertificate="true",
            sslCryptoProvider="openssl",
            sslTrustStore=haascert
        )
    else:
        connection = dbapi.connect(
            address=host,
            port=int(port),
            user=user,
            password=password,
            currentSchema=schema
        )

    # Prep a cursor for SQL execution
    cursor = connection.cursor()

    # Form an SQL statement
    cursor.callproc("SYS.USER_SECURESTORE_DELETE",
                    ("TestStoreName", False, "TestKey"))

    # Close the DB connection
    connection.close()

    output += 'key TestKey was deleted from store TestStoreName.\n'

    # Return the results
    return Response(output, mimetype='text/plain', status=200,)


if __name__ == '__main__':
    # Run the app, listening on all IPs with our chosen port number
    # Use this for production
    # app.run(host='0.0.0.0', port=port)
    # Use this for debugging
    app.run(debug=True, host='0.0.0.0', port=port)