vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From arku...@apache.org
Subject svn commit: r1797799 - in /vcl/trunk/managementnode: bin/install_perl_libs.pl lib/VCL/Module/OS/Linux/ManagementNode.pm
Date Tue, 06 Jun 2017 16:02:24 GMT
Author: arkurth
Date: Tue Jun  6 16:02:23 2017
New Revision: 1797799

URL: http://svn.apache.org/viewvc?rev=1797799&view=rev
Log:
VCL-1045
Added use Crypt::Rijndael to ManagementNode.pm.

Changed ManagementNode.pm::decrypt_cryptsecret to use Crypt::Rijndael as the cipher instead
of Crypt::OpenSSL::AES. Crypt::Rijndael is available via yum whereas AES is not. Also enclosed
Crypt::CBC->new in an eval block because it may call die if it fails.

Added code to ManagementNode.pm::generate_private_key_file to backup a previously existing
private key file if the 'force' flag is passed which will overwrite it.

Updated ManagementNode.pm::create_text_file to create the parent directory if it does not
previously exist.

Modified:
    vcl/trunk/managementnode/bin/install_perl_libs.pl
    vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm

Modified: vcl/trunk/managementnode/bin/install_perl_libs.pl
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/bin/install_perl_libs.pl?rev=1797799&r1=1797798&r2=1797799&view=diff
==============================================================================
--- vcl/trunk/managementnode/bin/install_perl_libs.pl (original)
+++ vcl/trunk/managementnode/bin/install_perl_libs.pl Tue Jun  6 16:02:23 2017
@@ -59,6 +59,7 @@ my @LINUX_PACKAGES = (
 	'perl-CPAN',
 	'perl-Crypt-CBC',
 	'perl-Crypt-OpenSSL-RSA',
+	'perl-Crypt-Rijndael',
 	'perl-DBD-MySQL',
 	'perl-DBI',
 	'perl-Digest-SHA1',

Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm?rev=1797799&r1=1797798&r2=1797799&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm Tue Jun  6 16:02:23
2017
@@ -57,6 +57,7 @@ use VCL::utils;
 
 use Crypt::CBC;
 use Crypt::OpenSSL::RSA;
+use Crypt::Rijndael;
 use English;
 use File::Basename;
 use MIME::Base64;
@@ -244,6 +245,13 @@ sub create_text_file {
 	
 	my $computer_node_name = $self->data->get_computer_node_name();
 	
+	# Attempt to create the parent directory if it does not exist
+	my $parent_directory_path = parent_directory_path($file_path);
+	if (!$self->file_exists($parent_directory_path)) {
+		$self->create_directory($parent_directory_path);
+	}
+	
+	
 	my $mode;
 	my $mode_string;
 	if ($append) {
@@ -823,7 +831,15 @@ sub generate_private_key_file {
 	# Make sure the private key file does not already exist
 	if ($self->file_exists($private_key_file_path)) {
 		if ($force) {
-			notify($ERRORS{'OK'}, 0, "force argument was specified, existing private key file will
be overwritten: $private_key_file_path");
+			(my $timestamp = makedatestring()) =~ s/\s+/_/g;
+			my $backup_private_key_file_path = $private_key_file_path . "_$timestamp";
+			if ($self->copy_file($private_key_file_path, $backup_private_key_file_path)) {
+				notify($ERRORS{'OK'}, 0, "force argument was specified, existing private key file will
be overwritten, created backup copy: $private_key_file_path --> $backup_private_key_file_path");
+			}
+			else {
+				notify($ERRORS{'WARNING'}, 0, "failed to generate encryption keys, force argument was
specified, existing private key file exists but failed to create backup copy: $private_key_file_path
--> $backup_private_key_file_path");
+				return;
+			}
 		}
 		else {
 			notify($ERRORS{'WARNING'}, 0, "failed to generate encryption keys, private key file already
exists: $private_key_file_path");
@@ -973,15 +989,23 @@ sub decrypt_cryptsecret {
 	my $iv = substr($encrypted_string_decoded, 0, 16);
 	my $ciphered_string = substr($encrypted_string_decoded, 16);
 	
-	my $cipher = Crypt::CBC->new(
-		{
-			'key'				=> $key,
-			'cipher'			=> 'Crypt::OpenSSL::AES',
-			'iv'				=> $iv,
-			'header'			=> 'none',
-			'literal_key'	=> 1,
-		}
-	);
+	my $cipher;
+	eval {
+		$cipher = Crypt::CBC->new(
+			{
+				'key'				=> $key,
+				'cipher'			=> 'Crypt::Rijndael',
+				'iv'				=> $iv,
+				'header'			=> 'none',
+				'literal_key'	=> 1,
+			}
+		);
+	};
+	if (!$cipher || $EVAL_ERROR) {
+		notify($ERRORS{'WARNING'}, 0, "unable to decrypt secret ID $secret_id, failed to create
Crypt::CBC object" . ($EVAL_ERROR ? ", error:\n" . $EVAL_ERROR : ''));
+		return;
+	}
+	
 	my $decrypted_string = $cipher->decrypt($ciphered_string);
 	if (defined($decrypted_string)) {
 		notify($ERRORS{'OK'}, 0, "decrypted secret ID $secret_id");



Mime
View raw message