/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2011-11-27 19:37:54 UTC
  • mto: (518.1.11 mandos-persistent)
  • mto: This revision was merged to the branch mainline in revision 524.
  • Revision ID: teddy@recompile.se-20111127193754-4366e18gmi11kew0
* mandos (_timedelta_to_milliseconds): Renamed to
                                       "timedelta_to_milliseconds";
                                       all callers changed.
  (Client._approved): Bug fix; renamed to "approved" without
                      underscore.  All users changed.
  (ProxyClient): Removed superfluous parens in "if" statements.
  (ClientHandler.handle): Bug fix: Emit NewRequest signal *after*
                          client is found, not before.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
128
128
    logger.setLevel(level)
129
129
 
130
130
 
131
 
class PGPError(Exception):
132
 
    """Exception if encryption/decryption fails"""
 
131
class CryptoError(Exception):
133
132
    pass
134
133
 
135
134
 
136
 
class PGPEngine(object):
 
135
class Crypto(object):
137
136
    """A simple class for OpenPGP symmetric encryption & decryption"""
138
137
    def __init__(self):
139
138
        self.gnupg = GnuPGInterface.GnuPG()
185
184
                    ciphertext = f.read()
186
185
                proc.wait()
187
186
            except IOError as e:
188
 
                raise PGPError(e)
 
187
                raise CryptoError(e)
189
188
        self.gnupg.passphrase = None
190
189
        return ciphertext
191
190
    
202
201
                    decrypted_plaintext = f.read()
203
202
                proc.wait()
204
203
            except IOError as e:
205
 
                raise PGPError(e)
 
204
                raise CryptoError(e)
206
205
        self.gnupg.passphrase = None
207
206
        return decrypted_plaintext
208
207
 
2219
2218
            if e.errno != errno.ENOENT:
2220
2219
                raise
2221
2220
    
2222
 
    with PGPEngine() as pgp:
 
2221
    with Crypto() as crypt:
2223
2222
        for client in clients_data:
2224
2223
            client_name = client["name"]
2225
2224
            
2285
2284
            
2286
2285
            try:
2287
2286
                tcp_server.clients[client_name].secret = (
2288
 
                    pgp.decrypt(tcp_server.clients[client_name]
2289
 
                                .encrypted_secret,
2290
 
                                client_settings[client_name]
2291
 
                                ["secret"]))
2292
 
            except PGPError:
 
2287
                    crypt.decrypt(tcp_server.clients[client_name]
 
2288
                                  .encrypted_secret,
 
2289
                                  client_settings[client_name]
 
2290
                                  ["secret"]))
 
2291
            except CryptoError:
2293
2292
                # If decryption fails, we use secret from new settings
2294
2293
                tcp_server.clients[client_name].secret = (
2295
2294
                    client_settings[client_name]["secret"])
2396
2395
        # based on what config file has. If config file is
2397
2396
        # removed/edited, old secret will thus be unrecovable.
2398
2397
        clients = []
2399
 
        with PGPEngine() as pgp:
 
2398
        with Crypto() as crypt:
2400
2399
            for client in tcp_server.clients.itervalues():
2401
2400
                key = client_settings[client.name]["secret"]
2402
 
                client.encrypted_secret = pgp.encrypt(client.secret,
2403
 
                                                      key)
 
2401
                client.encrypted_secret = crypt.encrypt(client.secret,
 
2402
                                                        key)
2404
2403
                client_dict = {}
2405
2404
                
2406
2405
                # A list of attributes that will not be stored when