🐛 fix(core): fixed crypto controller logging levels

Author: JuanVilla424

crypto_controller/.env.example

@@ -0,0 +1,18 @@
+# Password KP Settings
+## Password Key Pair (API-Token Mode)
+# API_URI="https://tu.dominio.com/private-key" <- Uncomment and comment KP_PASSWORD
+# API_TOKEN_SECURITY="api_token" <- Uncomment and comment KP_PASSWORD
+# API_TIMEOUT=12 <- Uncomment and comment KP_PASSWORD
+### OR
+## Pasword Key Pair (Local Mode)
+KP_PASSWORD="<28 (Chars)>"
+
+# Certificate Vault Settings
+CERT_EXPIRATION_YEARS=6
+
+# Expiration Notifications Settings
+SMTP_SERVER=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=[email protected]
+SMTP_PASSWORD=your_email_password
+ALERT_RECIPIENT=[email protected]

crypto_controller/README.md

@@ -92,11 +92,19 @@ CryptoController is a robust Python application designed for secure key manageme
 Create a .env file in the project root directory and populate it with the following variables:
 
 ```bash
-CPU_USAGE_THRESHOLD=70.0
-MEMORY_USAGE_THRESHOLD=395.0
-DISK_SPACE_THRESHOLD=75.0
-EXPIRATION=1
-TOKEN_SECURITY=your_secure_token_here
+# Password KP Settings
+## Password Key Pair (API-Token Mode)
+# API_URI="https://tu.dominio.com/private-key" <- Uncomment and comment KP_PASSWORD
+# API_TOKEN_SECURITY="api_token" <- Uncomment and comment KP_PASSWORD
+# API_TIMEOUT=12 <- Uncomment and comment KP_PASSWORD
+### OR
+## Password Key Pair (Local Mode)
+KP_PASSWORD="<28 (Chars)>"
+
+# Certificate Vault Settings
+CERT_EXPIRATION_YEARS=6
+
+# Expiration Notifications Settings
 SMTP_SERVER=smtp.example.com
 SMTP_PORT=587
 [email protected]
@@ -105,11 +113,11 @@ [email protected]
 ```
 
 - Descriptions:
-  - CPU_USAGE_THRESHOLD: CPU usage percentage threshold.
-  - MEMORY_USAGE_THRESHOLD: Memory usage threshold in MB.
-  - DISK_SPACE_THRESHOLD: Disk space usage percentage threshold.
-  - EXPIRATION: Number of years before key expiration.
-  - TOKEN_SECURITY: Token for fetching the private key password securely.
+  - API_URI: Password API mode base URI.
+  - API_TOKEN_SECURITY: Password API mode token security.
+  - API_TIMEOUT: Password API mode timeout.
+  - KP*PASSWORD: Password plain mode, used it or API* vars.
+  - CERT_EXPIRATION_YEARS: Number of years before key expiration.
   - SMTP_SERVER: SMTP server address for sending emails.
   - SMTP_PORT: SMTP server port.
   - SMTP_USER: SMTP server username.

crypto_controller/main.py

@@ -27,17 +27,10 @@
 # Load environment variables from .env file
 load_dotenv()
 
-# Resource usage thresholds
-CPU_USAGE_THRESHOLD = float(os.getenv("CPU_USAGE_THRESHOLD", "70.0"))
-MEMORY_USAGE_THRESHOLD = float(os.getenv("MEMORY_USAGE_THRESHOLD", "395.0"))
-DISK_SPACE_THRESHOLD = float(os.getenv("DISK_SPACE_THRESHOLD", "75.0"))
+CERT_EXPIRATION_YEARS = os.getenv("CERT_EXPIRATION_YEARS", "1")
 
 # Verify that required environment variables are set
-REQUIRED_ENV_VARS = [
-    CPU_USAGE_THRESHOLD,
-    MEMORY_USAGE_THRESHOLD,
-    DISK_SPACE_THRESHOLD,
-]
+REQUIRED_ENV_VARS = [CERT_EXPIRATION_YEARS]
 
 if not all(REQUIRED_ENV_VARS):
     raise EnvironmentError("One or more required environment variables are missing.")
@@ -213,7 +206,7 @@ def encrypt_hybrid(self, plain_text: str) -> str:
 
             # Concatenate with colon as delimiter
             encrypted_data = f"{encrypted_aes_key_b64}:{iv_b64}:{ciphertext_b64}"
-            logger.info("Hybrid encryption successful.")
+            logger.debug("Hybrid encryption successful.")
             return encrypted_data
 
         except Exception as error:
@@ -263,12 +256,13 @@ def decrypt_hybrid(self, encrypted_data: str) -> str:
             decrypted_text = decryptor.update(ciphertext) + decryptor.finalize()
 
             decrypted_str = decrypted_text.decode("utf-8")
-            logger.info("Hybrid decryption successful.")
+            logger.debug("Hybrid decryption successful.")
             return decrypted_str
 
         except Exception as error:
             logger.error(f"Hybrid decryption failed: {error}", exc_info=True)
-            raise
+            logger.fatal("Can't decrypt encrypted data.")
+            sys.exit(1)
 
     def encrypt(self, plain_text: str) -> str:
         """
@@ -368,7 +362,7 @@ def verify(self) -> bool:
                 logger.error("The key pair has expired.")
                 return False
 
-            logger.info("Key verification successful.")
+            logger.debug("Key verification successful.")
             return True
         except Exception as error:
             logger.error(f"Verification failed: {error}", exc_info=True)
@@ -439,7 +433,7 @@ def create_keys(self) -> None:
 
             # Create key pair content as JSON
             now = datetime.now()
-            expire = now + timedelta(days=365 * int(os.getenv("CERT_EXPIRATION_YEARS", "1")))
+            expire = now + timedelta(days=365 * int(CERT_EXPIRATION_YEARS))
             key_pair_data = {
                 "public_key_file": self.public_key_file,
                 "public_fp_sha1": public_fp.sha1,
@@ -598,13 +592,25 @@ def fetch_private_key_password() -> str:
         )
         response.raise_for_status()  # Raises HTTPError for bad responses
         pk_key_pass = response.json().get("value")
-        if not pk_key_pass:
-            logger.error("The key 'value' was not found in the response.")
-            sys.exit(1)
         return pk_key_pass
-    except requests.exceptions.RequestException as e:
-        logger.error(f"Error fetching private key password: {e}", exc_info=True)
-        sys.exit(1)
+    except requests.exceptions.RequestException as e_requests_exception_fetch_password:
+        logger.error(
+            f"Error fetching private key password from api: {e_requests_exception_fetch_password}",
+            exc_info=True,
+        )
+        try:
+            logger.debug("Trying using KP_PASSWORD value...")
+            pk_key_pass = os.getenv("KP_PASSWORD")
+            return pk_key_pass
+        except KeyError as e_key_error_fetch_password:
+            logger.error(
+                f"The key was not found in the environment: {e_key_error_fetch_password}",
+                exc_info=True,
+            )
+            logger.error(
+                "STARTING USING DEFAULT PASSWORD WHICH IS NOT RECOMMENDED, CLEAN AND SET THIS ONE TO .env FILE AS KP_PASSWORD..."
+            )
+            return "password123456789099ab5e7b9add0dc4e5"
 
 
 def send_expiration_alert(expiration_date: datetime) -> None: