mirror of
https://github.com/xcat2/confluent.git
synced 2024-12-25 12:41:39 +00:00
Start work on a db restore
Start by parsing the previously dumped key data, since the key data requires special handling.
This commit is contained in:
parent
638842beec
commit
a91d7047b2
@ -128,6 +128,18 @@ def _get_protected_key(keydict, password, paramname):
|
||||
raise exc.LockedCredentials("No available decryption key")
|
||||
|
||||
|
||||
def _parse_key(keydata, password=None):
|
||||
if keydata.startswith('*unencrypted:'):
|
||||
return base64.b64decode(keydata[13:])
|
||||
elif password:
|
||||
salt, iv, crypt, hmac = [base64.b64decode(x)
|
||||
for x in keydata.split('!')]
|
||||
privkey, integkey = _derive_keys(password, salt)
|
||||
return decrypt_value([iv, crypt, hmac], privkey, integkey)
|
||||
raise(exc.LockedCredentials(
|
||||
"Passphrase protected secret requires password"))
|
||||
|
||||
|
||||
def _format_key(key, password=None):
|
||||
if password is not None:
|
||||
salt = os.urandom(32)
|
||||
@ -1345,6 +1357,18 @@ class ConfigManager(object):
|
||||
changeset)
|
||||
|
||||
|
||||
def _restore_keys(jsond, password, newpassword):
|
||||
# the jsond from the restored file, password (if any) used to protect
|
||||
# the file, and newpassword to use, (also check the service.cfg file)
|
||||
global _masterkey
|
||||
global _masterintegritykey
|
||||
keydata = json.loads(jsond)
|
||||
cryptkey = _parse_key(keydata['cryptkey'], password)
|
||||
integritykey = _parse_key(keydata['integritykey'], password)
|
||||
_masterkey = cryptkey
|
||||
_masterintegritykey = integritykey
|
||||
|
||||
|
||||
def _dump_keys(password):
|
||||
if _masterkey is None or _masterintegritykey is None:
|
||||
init_masterkey()
|
||||
|
Loading…
Reference in New Issue
Block a user