/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Björn Påhlsson
  • Date: 2011-11-27 19:51:00 UTC
  • mto: (518.2.5 persistent-state-gpgme)
  • mto: This revision was merged to the branch mainline in revision 524.
  • Revision ID: belorn@recompile.se-20111127195100-fx0mpeia9xihvpmd
renamed variables

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
128
128
    logger.setLevel(level)
129
129
 
130
130
 
131
 
class CryptoError(Exception):
 
131
class PGPError(Exception):
 
132
    """Exception if encryption/decryption fails"""
132
133
    pass
133
134
 
134
135
 
135
 
class Crypto(object):
 
136
class PGPEngine(object):
136
137
    """A simple class for OpenPGP symmetric encryption & decryption"""
137
138
    def __init__(self):
138
139
        self.gnupg = GnuPGInterface.GnuPG()
184
185
                    ciphertext = f.read()
185
186
                proc.wait()
186
187
            except IOError as e:
187
 
                raise CryptoError(e)
 
188
                raise PGPError(e)
188
189
        self.gnupg.passphrase = None
189
190
        return ciphertext
190
191
    
201
202
                    decrypted_plaintext = f.read()
202
203
                proc.wait()
203
204
            except IOError as e:
204
 
                raise CryptoError(e)
 
205
                raise PGPError(e)
205
206
        self.gnupg.passphrase = None
206
207
        return decrypted_plaintext
207
208
 
2217
2218
            if e.errno != errno.ENOENT:
2218
2219
                raise
2219
2220
    
2220
 
    with Crypto() as crypt:
 
2221
    with PGPEngine() as pgp:
2221
2222
        for client in clients_data:
2222
2223
            client_name = client["name"]
2223
2224
            
2283
2284
            
2284
2285
            try:
2285
2286
                tcp_server.clients[client_name].secret = (
2286
 
                    crypt.decrypt(tcp_server.clients[client_name]
2287
 
                                  .encrypted_secret,
2288
 
                                  client_settings[client_name]
2289
 
                                  ["secret"]))
2290
 
            except CryptoError:
 
2287
                    pgp.decrypt(tcp_server.clients[client_name]
 
2288
                                .encrypted_secret,
 
2289
                                client_settings[client_name]
 
2290
                                ["secret"]))
 
2291
            except PGPError:
2291
2292
                # If decryption fails, we use secret from new settings
2292
2293
                tcp_server.clients[client_name].secret = (
2293
2294
                    client_settings[client_name]["secret"])
2394
2395
        # based on what config file has. If config file is
2395
2396
        # removed/edited, old secret will thus be unrecovable.
2396
2397
        clients = []
2397
 
        with Crypto() as crypt:
 
2398
        with PGPEngine() as pgp:
2398
2399
            for client in tcp_server.clients.itervalues():
2399
2400
                key = client_settings[client.name]["secret"]
2400
 
                client.encrypted_secret = crypt.encrypt(client.secret,
2401
 
                                                        key)
 
2401
                client.encrypted_secret = pgp.encrypt(client.secret,
 
2402
                                                      key)
2402
2403
                client_dict = {}
2403
2404
                
2404
2405
                # A list of attributes that will not be stored when