From ba22b9e3f8d993d7e0c4c762fac338c8684e3f81 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Mon, 11 Nov 2013 13:44:24 -0500
Subject: bcfg2-crypt: better debugging, error handling with Properties files

---
 src/sbin/bcfg2-crypt | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt
index 4567bc512..c67334738 100755
--- a/src/sbin/bcfg2-crypt
+++ b/src/sbin/bcfg2-crypt
@@ -18,6 +18,33 @@ except ImportError:
     raise SystemExit(1)
 
 
+def print_xml(element, keep_text=False):
+    """ Render an XML element for error output.  This prefixes the
+    line number and removes children for nicer display.
+
+    :param element: The element to render
+    :type element: lxml.etree._Element
+    :param keep_text: Do not discard text content from the element for
+                      display
+    :type keep_text: boolean
+    """
+    xml = None
+    if len(element) or element.text:
+        el = copy.copy(element)
+        if el.text and not keep_text:
+            el.text = '...'
+        for child in el.iterchildren():
+            el.remove(child)
+        xml = lxml.etree.tostring(
+            el,
+            xml_declaration=False).decode("UTF-8").strip()
+    else:
+        xml = lxml.etree.tostring(
+            element,
+            xml_declaration=False).decode("UTF-8").strip()
+    return "%s (line %s)" % (xml, element.sourceline)
+
+
 class PassphraseError(Exception):
     """ Exception raised when there's a problem determining the
     passphrase to encrypt or decrypt with """
@@ -245,6 +272,7 @@ class PropertiesEncryptor(Encryptor, PropertiesCryptoMixin):
             except PassphraseError:
                 self.logger.error(str(sys.exc_info()[1]))
                 return False
+            self.logger.debug("Encrypting %s" % print_xml(elt))
             elt.text = Bcfg2.Encryption.ssl_encrypt(
                 elt.text, passphrase,
                 Bcfg2.Encryption.get_algorithm(self.setup)).strip()
@@ -267,9 +295,15 @@ class PropertiesDecryptor(Decryptor, PropertiesCryptoMixin):
             except PassphraseError:
                 self.logger.error(str(sys.exc_info()[1]))
                 return False
-            decrypted = Bcfg2.Encryption.ssl_decrypt(
-                elt.text, passphrase,
-                Bcfg2.Encryption.get_algorithm(self.setup)).strip()
+            self.logger.debug("Decrypting %s" % print_xml(elt))
+            try:
+                decrypted = Bcfg2.Encryption.ssl_decrypt(
+                    elt.text, passphrase,
+                    Bcfg2.Encryption.get_algorithm(self.setup)).strip()
+            except EVPError:
+
+                self.logger.error("Could not decrypt %s, skipping" %
+                                  print_xml(elt))
             try:
                 elt.text = decrypted.encode('ascii', 'xmlcharrefreplace')
                 elt.set("encrypted", pname)
-- 
cgit v1.2.3-1-g7c22