summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/lib/Bcfg2/Encryption.py23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/lib/Bcfg2/Encryption.py b/src/lib/Bcfg2/Encryption.py
index eb2841bb5..e6e90a817 100755
--- a/src/lib/Bcfg2/Encryption.py
+++ b/src/lib/Bcfg2/Encryption.py
@@ -29,6 +29,13 @@ ALGORITHM = "aes_256_cbc"
#: automated fashion.
IV = '\0' * 16
+#: The config file section encryption options and passphrases are
+#: stored in
+CFG_SECTION = "encryption"
+
+#: The config option used to store the algorithm
+CFG_ALGORITHM = "algorithm"
+
Rand.rand_seed(os.urandom(1024))
@@ -103,13 +110,8 @@ def ssl_decrypt(data, passwd, algorithm=ALGORITHM):
:type algorithm: string
:returns: string - The decrypted data
"""
- # base64-decode the data if necessary
- try:
- data = b64decode(data)
- except TypeError:
- # already decoded
- pass
-
+ # base64-decode the data
+ data = b64decode(data)
salt = data[8:16]
hashes = [md5(passwd + salt).digest()]
for i in range(1, 3):
@@ -160,7 +162,7 @@ def get_algorithm(setup):
:type setup: Bcfg2.Options.OptionParser
:returns: dict - a dict of ``<passphrase name>``: ``<passphrase>``
"""
- return setup.cfp.get("encryption", "algorithm",
+ return setup.cfp.get(CFG_SECTION, CFG_ALGORITHM,
default=ALGORITHM).lower().replace("-", "_")
@@ -171,10 +173,11 @@ def get_passphrases(setup):
:type setup: Bcfg2.Options.OptionParser
:returns: dict - a dict of ``<passphrase name>``: ``<passphrase>``
"""
- section = "encryption"
+ section = CFG_SECTION
if setup.cfp.has_section(section):
return dict([(o, setup.cfp.get(section, o))
- for o in setup.cfp.options(section)])
+ for o in setup.cfp.options(section)
+ if o != CFG_ALGORITHM])
else:
return dict()