Flesh out the restoration of the master keys

With this commit, the key portion of import should be complete.
2024-11-22 17:43:14 +00:00 · 2017-01-27 16:50:03 -05:00 · 2017-01-27 16:50:03 -05:00 · b87cb87c2a
commit b87cb87c2a
parent a91d7047b2
1 changed files with 14 additions and 1 deletions
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@ -65,6 +65,7 @@ import anydbm as dbm
 import ast
 import base64
 import confluent.config.attributes as allattributes
+import confluent.config.conf as conf
 import confluent.log
 import confluent.util
 import confluent.exceptions as exc
@ -1357,7 +1358,7 @@ class ConfigManager(object):
                                              changeset)


-def _restore_keys(jsond, password, newpassword):
+def _restore_keys(jsond, password, newpassword=None):
    # the jsond from the restored file, password (if any) used to protect
    # the file, and newpassword to use, (also check the service.cfg file)
    global _masterkey
@ -1365,8 +1366,20 @@ def _restore_keys(jsond, password, newpassword):
    keydata = json.loads(jsond)
    cryptkey = _parse_key(keydata['cryptkey'], password)
    integritykey = _parse_key(keydata['integritykey'], password)
+    conf.init_config()
+    cfg = conf.get_config()
+    if cfg.has_option('security', 'externalcfgkey'):
+        keyfilename = cfg.get('security', 'externalcfgkey')
+        with open(keyfilename, 'r') as keyfile:
+            newpassword = keyfile.read()
+    set_global('master_privacy_key', _format_key(cryptkey,
+                                                 password=newpassword))
+    set_global('master_integrity_key', _format_key(integritykey,
+                                                   password=newpassword))
    _masterkey = cryptkey
    _masterintegritykey = integritykey
+    ConfigManager.wait_for_sync()
+    # At this point, we should have the key situation all sorted


 def _dump_keys(password):