From 19afac05cefe9ead18d6a283459f6837d2bc0617 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Fri, 28 Sep 2012 13:54:41 -0400 Subject: wrote unit tests for encryption --- src/lib/Bcfg2/Encryption.py | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/lib/Bcfg2/Encryption.py b/src/lib/Bcfg2/Encryption.py index eb2841bb5..e6e90a817 100755 --- a/src/lib/Bcfg2/Encryption.py +++ b/src/lib/Bcfg2/Encryption.py @@ -29,6 +29,13 @@ ALGORITHM = "aes_256_cbc" #: automated fashion. IV = '\0' * 16 +#: The config file section encryption options and passphrases are +#: stored in +CFG_SECTION = "encryption" + +#: The config option used to store the algorithm +CFG_ALGORITHM = "algorithm" + Rand.rand_seed(os.urandom(1024)) @@ -103,13 +110,8 @@ def ssl_decrypt(data, passwd, algorithm=ALGORITHM): :type algorithm: string :returns: string - The decrypted data """ - # base64-decode the data if necessary - try: - data = b64decode(data) - except TypeError: - # already decoded - pass - + # base64-decode the data + data = b64decode(data) salt = data[8:16] hashes = [md5(passwd + salt).digest()] for i in range(1, 3): @@ -160,7 +162,7 @@ def get_algorithm(setup): :type setup: Bcfg2.Options.OptionParser :returns: dict - a dict of ````: ```` """ - return setup.cfp.get("encryption", "algorithm", + return setup.cfp.get(CFG_SECTION, CFG_ALGORITHM, default=ALGORITHM).lower().replace("-", "_") @@ -171,10 +173,11 @@ def get_passphrases(setup): :type setup: Bcfg2.Options.OptionParser :returns: dict - a dict of ````: ```` """ - section = "encryption" + section = CFG_SECTION if setup.cfp.has_section(section): return dict([(o, setup.cfp.get(section, o)) - for o in setup.cfp.options(section)]) + for o in setup.cfp.options(section) + if o != CFG_ALGORITHM]) else: return dict() -- cgit v1.2.3-1-g7c22