diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-17 08:01:44 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-17 09:27:07 -0500 |
commit | 72a80f89361145f1560ccc248f357a9de82eded6 (patch) | |
tree | e6827a6ec1e219c3d1a7f40a185aba67e6af738b /src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py | |
parent | ebe7542db7217c2fac3d7111e80f94caedfb69e2 (diff) | |
download | bcfg2-72a80f89361145f1560ccc248f357a9de82eded6.tar.gz bcfg2-72a80f89361145f1560ccc248f357a9de82eded6.tar.bz2 bcfg2-72a80f89361145f1560ccc248f357a9de82eded6.zip |
abstracted encryption support from Properties/CfgPrivateKeyCreator to StructFile
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py | 43 |
1 files changed, 1 insertions, 42 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py index 54fa75b41..4d6639e4d 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py @@ -5,7 +5,7 @@ import shutil import tempfile import subprocess from Bcfg2.Options import get_option_parser -from Bcfg2.Server.Plugin import PluginExecutionError, StructFile +from Bcfg2.Server.Plugin import StructFile from Bcfg2.Server.Plugins.Cfg import CfgCreator, CfgCreationError from Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator import CfgPublicKeyCreator try: @@ -211,44 +211,3 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile): finally: shutil.rmtree(os.path.dirname(filename)) # pylint: enable=W0221 - - def Index(self): - StructFile.Index(self) - if HAS_CRYPTO: - strict = self.xdata.get( - "decrypt", - SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt", - default="strict")) == "strict" - for el in self.xdata.xpath("//*[@encrypted]"): - try: - el.text = self._decrypt(el).encode('ascii', - 'xmlcharrefreplace') - except UnicodeDecodeError: - self.logger.info("Cfg: Decrypted %s to gibberish, skipping" - % el.tag) - except Bcfg2.Encryption.EVPError: - msg = "Cfg: Failed to decrypt %s element in %s" % \ - (el.tag, self.name) - if strict: - raise PluginExecutionError(msg) - else: - self.logger.warning(msg) - Index.__doc__ = StructFile.Index.__doc__ - - def _decrypt(self, element): - """ Decrypt a single encrypted element """ - if not element.text or not element.text.strip(): - return - passes = Bcfg2.Encryption.get_passphrases() - try: - passphrase = passes[element.get("encrypted")] - try: - return Bcfg2.Encryption.ssl_decrypt(element.text, passphrase) - except Bcfg2.Encryption.EVPError: - # error is raised below - pass - except KeyError: - # bruteforce_decrypt raises an EVPError with a sensible - # error message, so we just let it propagate up the stack - return Bcfg2.Encryption.bruteforce_decrypt(element.text) - raise Bcfg2.Encryption.EVPError("Failed to decrypt") |