From d2e8fa652139321ef086c93ec0bfb13c053e5d34 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2017 11:20:55 -0500 Subject: [PATCH] Start work on a db restore Start by parsing the previously dumped key data, since the key data requires special handling. --- .../confluent/config/configmanager.py | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py index 4506e5e9..8ce69753 100644 --- a/confluent_server/confluent/config/configmanager.py +++ b/confluent_server/confluent/config/configmanager.py @@ -128,6 +128,18 @@ def _get_protected_key(keydict, password, paramname): raise exc.LockedCredentials("No available decryption key") +def _parse_key(keydata, password=None): + if keydata.startswith('*unencrypted:'): + return base64.b64decode(keydata[13:]) + elif password: + salt, iv, crypt, hmac = [base64.b64decode(x) + for x in keydata.split('!')] + privkey, integkey = _derive_keys(password, salt) + return decrypt_value([iv, crypt, hmac], privkey, integkey) + raise(exc.LockedCredentials( + "Passphrase protected secret requires password")) + + def _format_key(key, password=None): if password is not None: salt = os.urandom(32) @@ -1345,6 +1357,18 @@ class ConfigManager(object): changeset) +def _restore_keys(jsond, password, newpassword): + # the jsond from the restored file, password (if any) used to protect + # the file, and newpassword to use, (also check the service.cfg file) + global _masterkey + global _masterintegritykey + keydata = json.loads(jsond) + cryptkey = _parse_key(keydata['cryptkey'], password) + integritykey = _parse_key(keydata['integritykey'], password) + _masterkey = cryptkey + _masterintegritykey = integritykey + + def _dump_keys(password): if _masterkey is None or _masterintegritykey is None: init_masterkey()