Encryption: improved docs, made algorithm configurable

1 files changed, 17 insertions, 14 deletions

diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
index 71e407d17..f8d08b394 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -2,15 +2,17 @@
 :ref:`server-plugins-generators-cfg` files on the server. """
 
 import logging
-import Bcfg2.Server.Plugin
+from Bcfg2.Server.Plugin import PluginExecutionError
 from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
 try:
-    from Bcfg2.Encryption import bruteforce_decrypt, EVPError
-    have_crypto = True
+    from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \
+        get_algorithm
+    HAS_CRYPTO = True
 except ImportError:
-    have_crypto = False
+    HAS_CRYPTO = False
+
+LOGGER = logging.getLogger(__name__)
 
-logger = logging.getLogger(__name__)
 
 class CfgEncryptedGenerator(CfgGenerator):
     """ CfgEncryptedGenerator lets you encrypt your plaintext
@@ -21,10 +23,10 @@ class CfgEncryptedGenerator(CfgGenerator):
 
     def __init__(self, fname, spec, encoding):
         CfgGenerator.__init__(self, fname, spec, encoding)
-        if not have_crypto:
-            msg = "Cfg: M2Crypto is not available: %s" % entry.get("name")
-            logger.error(msg)
-            raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+        if not HAS_CRYPTO:
+            msg = "Cfg: M2Crypto is not available"
+            LOGGER.error(msg)
+            raise PluginExecutionError(msg)
     __init__.__doc__ = CfgGenerator.__init__.__doc__
 
     def handle_event(self, event):
@@ -35,19 +37,20 @@ class CfgEncryptedGenerator(CfgGenerator):
         except UnicodeDecodeError:
             crypted = open(self.name, mode='rb').read()
         except:
-            logger.error("Failed to read %s" % self.name)
+            LOGGER.error("Failed to read %s" % self.name)
             return
         # todo: let the user specify a passphrase by name
         try:
-            self.data = bruteforce_decrypt(crypted, setup=SETUP)
+            self.data = bruteforce_decrypt(crypted, setup=SETUP,
+                                           algorithm=get_algorithm(SETUP))
         except EVPError:
             msg = "Failed to decrypt %s" % self.name
-            logger.error(msg)
-            raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+            LOGGER.error(msg)
+            raise PluginExecutionError(msg)
     handle_event.__doc__ = CfgGenerator.handle_event.__doc__
 
     def get_data(self, entry, metadata):
         if self.data is None:
-            raise Bcfg2.Server.Plugin.PluginExecutionError("Failed to decrypt %s" % self.name)
+            raise PluginExecutionError("Failed to decrypt %s" % self.name)
         return CfgGenerator.get_data(self, entry, metadata)
     get_data.__doc__ = CfgGenerator.get_data.__doc__