From a88ce57202d778d0a4d95ef45d3d9361471c4525 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Fri, 25 Apr 2014 07:53:36 -0400 Subject: do not bruteforce Properties decrypts with unknown passphrase this greatly decreases startup time with lots of data encrypted with missing passphrases --- src/lib/Bcfg2/Server/Plugins/Properties.py | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Properties.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py index ac0cc884a..6f054fd33 100644 --- a/src/lib/Bcfg2/Server/Plugins/Properties.py +++ b/src/lib/Bcfg2/Server/Plugins/Properties.py @@ -231,19 +231,12 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile): passes = Bcfg2.Encryption.get_passphrases(SETUP) try: passphrase = passes[element.get("encrypted")] - try: - return Bcfg2.Encryption.ssl_decrypt( - element.text, passphrase, - algorithm=Bcfg2.Encryption.get_algorithm(SETUP)) - except Bcfg2.Encryption.EVPError: - # error is raised below - pass - except KeyError: - # bruteforce_decrypt raises an EVPError with a sensible - # error message, so we just let it propagate up the stack - return Bcfg2.Encryption.bruteforce_decrypt( - element.text, passphrases=passes.values(), + return Bcfg2.Encryption.ssl_decrypt( + element.text, passphrase, algorithm=Bcfg2.Encryption.get_algorithm(SETUP)) + except KeyError: + raise Bcfg2.Encryption.EVPError("No passphrase named '%s'" % + element.get("encrypted")) raise Bcfg2.Encryption.EVPError("Failed to decrypt") def get_additional_data(self, metadata): -- cgit v1.2.3-1-g7c22