2
0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-12 18:59:06 +00:00

Start work on a db restore

Start by parsing the previously dumped key data, since the key data requires special handling.
This commit is contained in:
Jarrod Johnson 2017-01-27 11:20:55 -05:00
parent eca18a451b
commit d2e8fa6521

View File

@ -128,6 +128,18 @@ def _get_protected_key(keydict, password, paramname):
raise exc.LockedCredentials("No available decryption key")
def _parse_key(keydata, password=None):
if keydata.startswith('*unencrypted:'):
return base64.b64decode(keydata[13:])
elif password:
salt, iv, crypt, hmac = [base64.b64decode(x)
for x in keydata.split('!')]
privkey, integkey = _derive_keys(password, salt)
return decrypt_value([iv, crypt, hmac], privkey, integkey)
raise(exc.LockedCredentials(
"Passphrase protected secret requires password"))
def _format_key(key, password=None):
if password is not None:
salt = os.urandom(32)
@ -1345,6 +1357,18 @@ class ConfigManager(object):
changeset)
def _restore_keys(jsond, password, newpassword):
# the jsond from the restored file, password (if any) used to protect
# the file, and newpassword to use, (also check the service.cfg file)
global _masterkey
global _masterintegritykey
keydata = json.loads(jsond)
cryptkey = _parse_key(keydata['cryptkey'], password)
integritykey = _parse_key(keydata['integritykey'], password)
_masterkey = cryptkey
_masterintegritykey = integritykey
def _dump_keys(password):
if _masterkey is None or _masterintegritykey is None:
init_masterkey()