added support for encrypting different elements in a single Properties file with different passphrases

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-06-15 10:55:58 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-06-15 10:55:58 -0400
commit: e3131034dd00c61ed5ca4f6a38f74250f0ac5726 (patch)
tree: 94f3de0fe729437f6baac9ab5be048bfb026c1d8 /src/lib/Bcfg2/Server/Plugins/Properties.py
parent: 9b08b9179e11ef092396662afd1a71e57ca5e528 (diff)
download: bcfg2-e3131034dd00c61ed5ca4f6a38f74250f0ac5726.tar.gz
bcfg2-e3131034dd00c61ed5ca4f6a38f74250f0ac5726.tar.bz2
bcfg2-e3131034dd00c61ed5ca4f6a38f74250f0ac5726.zip
1 files changed, 14 insertions, 15 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py
index a81cdadd2..0271e89ba 100644
--- a/src/lib/Bcfg2/Server/Plugins/Properties.py
+++ b/src/lib/Bcfg2/Server/Plugins/Properties.py
@@ -28,7 +28,6 @@ class PropertyFile(Bcfg2.Server.Plugin.StructFile):
     """Class for properties files."""
     def __init__(self, name):
         Bcfg2.Server.Plugin.StructFile.__init__(self, name)
-        self.passphrase = None
 
     def write(self):
         """ Write the data in this data structure back to the property
@@ -70,35 +69,35 @@ class PropertyFile(Bcfg2.Server.Plugin.StructFile):
     def Index(self):
         Bcfg2.Server.Plugin.StructFile.Index(self)
         if self.xdata.get("encryption", "false").lower() != "false":
-            logger.error("decrypting data in %s" % self.name)
             if not have_crypto:
                 msg = "Properties: M2Crypto is not available: %s" % self.name
                 logger.error(msg)
-                raise Bcxfg2.Server.Plugin.PluginExecutionError(msg)
-            for el in self.xdata.xpath("*[@encrypted='true']"):
-                logger.error("decrypting data in %s in %s" % (el.tag, self.name))
+                raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+            for el in self.xdata.xpath("*[@encrypted]"):
                 try:
-                    el.text = self._decrypt(el.text)
+                    el.text = self._decrypt(el)
                 except EVPError:
                     msg = "Failed to decrypt %s element in %s" % (el.tag,
                                                                   self.name)
                     logger.error(msg)
                     raise Bcfg2.Server.PluginExecutionError(msg)
 
-    def _decrypt(self, crypted):
-        if self.passphrase is None:
-            for passwd in passphrases().values():
+    def _decrypt(self, element):
+        passphrases = passphrases()
+        try:
+            passphrase = passphrases[element.get("encrypted")]
+            try:
+                return ssl_decrypt(crypted, self.passphrase)
+            except EVPError:
+                # error is raised below
+                pass
+        except KeyError:
+            for passwd in passphrases.values():
                 try:
                     rv = ssl_decrypt(crypted, passwd)
-                    self.passphrase = passwd
                     return rv
                 except EVPError:
                     pass
-        else:
-            try:
-                return ssl_decrypt(crypted, self.passphrase)
-            except EVPError:
-                pass
         raise EVPError("Failed to decrypt")
 
 class PropDirectoryBacked(Bcfg2.Server.Plugin.DirectoryBacked):
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-06-15 10:55:58 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-06-15 10:55:58 -0400
commit	e3131034dd00c61ed5ca4f6a38f74250f0ac5726 (patch)
tree	94f3de0fe729437f6baac9ab5be048bfb026c1d8 /src/lib/Bcfg2/Server/Plugins/Properties.py
parent	9b08b9179e11ef092396662afd1a71e57ca5e528 (diff)
download	bcfg2-e3131034dd00c61ed5ca4f6a38f74250f0ac5726.tar.gz bcfg2-e3131034dd00c61ed5ca4f6a38f74250f0ac5726.tar.bz2 bcfg2-e3131034dd00c61ed5ca4f6a38f74250f0ac5726.zip