Encryption: improved docs, made algorithm configurable

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-09-20 16:23:25 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-09-20 16:23:25 -0400
commit: 48c584194e4e5ec4b3561b2d6448ba4728ab0739 (patch)
tree: a4e2900d06d260ebde50cdf861769ef096c638af /src/lib/Bcfg2/Server/Plugins/Cfg
parent: cf0583059bbcecbb655924afdbf16d51122703b2 (diff)
download: bcfg2-48c584194e4e5ec4b3561b2d6448ba4728ab0739.tar.gz
bcfg2-48c584194e4e5ec4b3561b2d6448ba4728ab0739.tar.bz2
bcfg2-48c584194e4e5ec4b3561b2d6448ba4728ab0739.zip
3 files changed, 40 insertions, 23 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py
index 3e714c01f..9eed633c4 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py
@@ -2,12 +2,14 @@
 .cheetah.crypt files)"""
 
 from Bcfg2.Server.Plugins.Cfg.CfgCheetahGenerator import CfgCheetahGenerator
-from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import CfgEncryptedGenerator
+from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator \
+    import CfgEncryptedGenerator
+
 
 class CfgEncryptedCheetahGenerator(CfgCheetahGenerator, CfgEncryptedGenerator):
     """ CfgEncryptedCheetahGenerator lets you encrypt your Cheetah
     :ref:`server-plugins-generators-cfg` files on the server """
-    
+
     #: handle .crypt.cheetah or .cheetah.crypt files
     __extensions__ = ['cheetah.crypt', 'crypt.cheetah']
 
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
index 71e407d17..f8d08b394 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -2,15 +2,17 @@
 :ref:`server-plugins-generators-cfg` files on the server. """
 
 import logging
-import Bcfg2.Server.Plugin
+from Bcfg2.Server.Plugin import PluginExecutionError
 from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
 try:
-    from Bcfg2.Encryption import bruteforce_decrypt, EVPError
-    have_crypto = True
+    from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \
+        get_algorithm
+    HAS_CRYPTO = True
 except ImportError:
-    have_crypto = False
+    HAS_CRYPTO = False
+
+LOGGER = logging.getLogger(__name__)
 
-logger = logging.getLogger(__name__)
 
 class CfgEncryptedGenerator(CfgGenerator):
     """ CfgEncryptedGenerator lets you encrypt your plaintext
@@ -21,10 +23,10 @@ class CfgEncryptedGenerator(CfgGenerator):
 
     def __init__(self, fname, spec, encoding):
         CfgGenerator.__init__(self, fname, spec, encoding)
-        if not have_crypto:
-            msg = "Cfg: M2Crypto is not available: %s" % entry.get("name")
-            logger.error(msg)
-            raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+        if not HAS_CRYPTO:
+            msg = "Cfg: M2Crypto is not available"
+            LOGGER.error(msg)
+            raise PluginExecutionError(msg)
     __init__.__doc__ = CfgGenerator.__init__.__doc__
 
     def handle_event(self, event):
@@ -35,19 +37,20 @@ class CfgEncryptedGenerator(CfgGenerator):
         except UnicodeDecodeError:
             crypted = open(self.name, mode='rb').read()
         except:
-            logger.error("Failed to read %s" % self.name)
+            LOGGER.error("Failed to read %s" % self.name)
             return
         # todo: let the user specify a passphrase by name
         try:
-            self.data = bruteforce_decrypt(crypted, setup=SETUP)
+            self.data = bruteforce_decrypt(crypted, setup=SETUP,
+                                           algorithm=get_algorithm(SETUP))
         except EVPError:
             msg = "Failed to decrypt %s" % self.name
-            logger.error(msg)
-            raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+            LOGGER.error(msg)
+            raise PluginExecutionError(msg)
     handle_event.__doc__ = CfgGenerator.handle_event.__doc__
 
     def get_data(self, entry, metadata):
         if self.data is None:
-            raise Bcfg2.Server.Plugin.PluginExecutionError("Failed to decrypt %s" % self.name)
+            raise PluginExecutionError("Failed to decrypt %s" % self.name)
         return CfgGenerator.get_data(self, entry, metadata)
     get_data.__doc__ = CfgGenerator.get_data.__doc__
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py
index 0d5d98ba6..6fd70e69f 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py
@@ -1,15 +1,17 @@
 """ Handle encrypted Genshi templates (.crypt.genshi or .genshi.crypt
 files) """
 
+import logging
 from Bcfg2.Compat import StringIO
+from Bcfg2.Server.Plugin import PluginExecutionError
+from Bcfg2.Server.Plugins.Cfg import SETUP
 from Bcfg2.Server.Plugins.Cfg.CfgGenshiGenerator import CfgGenshiGenerator
-from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import CfgEncryptedGenerator
 
 try:
-    from Bcfg2.Encryption import bruteforce_decrypt
+    from Bcfg2.Encryption import bruteforce_decrypt, get_algorithm
+    HAS_CRYPTO = True
 except ImportError:
-    # CfgGenshiGenerator will raise errors if crypto doesn't exist
-    pass
+    HAS_CRYPTO = False
 
 try:
     from genshi.template import TemplateLoader
@@ -17,21 +19,25 @@ except ImportError:
     # CfgGenshiGenerator will raise errors if genshi doesn't exist
     TemplateLoader = object
 
+LOGGER = logging.getLogger(__name__)
+
 
 class EncryptedTemplateLoader(TemplateLoader):
     """ Subclass :class:`genshi.template.TemplateLoader` to decrypt
     the data on the fly as it's read in using
     :func:`Bcfg2.Encryption.bruteforce_decrypt` """
     def _instantiate(self, cls, fileobj, filepath, filename, encoding=None):
-        plaintext = StringIO(bruteforce_decrypt(fileobj.read()))
+        plaintext = \
+            StringIO(bruteforce_decrypt(fileobj.read(),
+                                        algorithm=get_algorithm(SETUP)))
         return TemplateLoader._instantiate(self, cls, plaintext, filepath,
                                            filename, encoding=encoding)
-        
+
 
 class CfgEncryptedGenshiGenerator(CfgGenshiGenerator):
     """ CfgEncryptedGenshiGenerator lets you encrypt your Genshi
     :ref:`server-plugins-generators-cfg` files on the server """
-    
+
     #: handle .crypt.genshi or .genshi.crypt files
     __extensions__ = ['genshi.crypt', 'crypt.genshi']
 
@@ -39,3 +45,9 @@ class CfgEncryptedGenshiGenerator(CfgGenshiGenerator):
     #: when it's read in
     __loader_cls__ = EncryptedTemplateLoader
 
+    def __init__(self, fname, spec, encoding):
+        CfgGenshiGenerator.__init__(self, fname, spec, encoding)
+        if not HAS_CRYPTO:
+            msg = "Cfg: M2Crypto is not available"
+            LOGGER.error(msg)
+            raise PluginExecutionError(msg)
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-09-20 16:23:25 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-09-20 16:23:25 -0400
commit	48c584194e4e5ec4b3561b2d6448ba4728ab0739 (patch)
tree	a4e2900d06d260ebde50cdf861769ef096c638af /src/lib/Bcfg2/Server/Plugins/Cfg
parent	cf0583059bbcecbb655924afdbf16d51122703b2 (diff)
download	bcfg2-48c584194e4e5ec4b3561b2d6448ba4728ab0739.tar.gz bcfg2-48c584194e4e5ec4b3561b2d6448ba4728ab0739.tar.bz2 bcfg2-48c584194e4e5ec4b3561b2d6448ba4728ab0739.zip