ManagementNode.pm

arkurth Tue, 06 Jun 2017 09:03:11 -0700

Author: arkurth
Date: Tue Jun  6 16:02:23 2017
New Revision: 1797799

URL: http://svn.apache.org/viewvc?rev=1797799&view=rev
Log:
VCL-1045
Added use Crypt::Rijndael to ManagementNode.pm.


Changed ManagementNode.pm::decrypt_cryptsecret to use Crypt::Rijndael as the 
cipher instead of Crypt::OpenSSL::AES. Crypt::Rijndael is available via yum 
whereas AES is not. Also enclosed Crypt::CBC->new in an eval block because it 
may call die if it fails.

Added code to ManagementNode.pm::generate_private_key_file to backup a 
previously existing private key file if the 'force' flag is passed which will 
overwrite it.

Updated ManagementNode.pm::create_text_file to create the parent directory if 
it does not previously exist.

Modified:
    vcl/trunk/managementnode/bin/install_perl_libs.pl
    vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm

Modified: vcl/trunk/managementnode/bin/install_perl_libs.pl
URL: 
http://svn.apache.org/viewvc/vcl/trunk/managementnode/bin/install_perl_libs.pl?rev=1797799&r1=1797798&r2=1797799&view=diff
==============================================================================
--- vcl/trunk/managementnode/bin/install_perl_libs.pl (original)
+++ vcl/trunk/managementnode/bin/install_perl_libs.pl Tue Jun  6 16:02:23 2017
@@ -59,6 +59,7 @@ my @LINUX_PACKAGES = (
        'perl-CPAN',
        'perl-Crypt-CBC',
        'perl-Crypt-OpenSSL-RSA',
+       'perl-Crypt-Rijndael',
        'perl-DBD-MySQL',
        'perl-DBI',
        'perl-Digest-SHA1',

Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm
URL: 
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm?rev=1797799&r1=1797798&r2=1797799&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm 
(original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/ManagementNode.pm Tue Jun  
6 16:02:23 2017
@@ -57,6 +57,7 @@ use VCL::utils;
 
 use Crypt::CBC;
 use Crypt::OpenSSL::RSA;
+use Crypt::Rijndael;
 use English;
 use File::Basename;
 use MIME::Base64;
@@ -244,6 +245,13 @@ sub create_text_file {
        
        my $computer_node_name = $self->data->get_computer_node_name();
        
+       # Attempt to create the parent directory if it does not exist
+       my $parent_directory_path = parent_directory_path($file_path);
+       if (!$self->file_exists($parent_directory_path)) {
+               $self->create_directory($parent_directory_path);
+       }
+       
+       
        my $mode;
        my $mode_string;
        if ($append) {
@@ -823,7 +831,15 @@ sub generate_private_key_file {
        # Make sure the private key file does not already exist
        if ($self->file_exists($private_key_file_path)) {
                if ($force) {
-                       notify($ERRORS{'OK'}, 0, "force argument was specified, 
existing private key file will be overwritten: $private_key_file_path");
+                       (my $timestamp = makedatestring()) =~ s/\s+/_/g;
+                       my $backup_private_key_file_path = 
$private_key_file_path . "_$timestamp";
+                       if ($self->copy_file($private_key_file_path, 
$backup_private_key_file_path)) {
+                               notify($ERRORS{'OK'}, 0, "force argument was 
specified, existing private key file will be overwritten, created backup copy: 
$private_key_file_path --> $backup_private_key_file_path");
+                       }
+                       else {
+                               notify($ERRORS{'WARNING'}, 0, "failed to 
generate encryption keys, force argument was specified, existing private key 
file exists but failed to create backup copy: $private_key_file_path --> 
$backup_private_key_file_path");
+                               return;
+                       }
                }
                else {
                        notify($ERRORS{'WARNING'}, 0, "failed to generate 
encryption keys, private key file already exists: $private_key_file_path");
@@ -973,15 +989,23 @@ sub decrypt_cryptsecret {
        my $iv = substr($encrypted_string_decoded, 0, 16);
        my $ciphered_string = substr($encrypted_string_decoded, 16);
        
-       my $cipher = Crypt::CBC->new(
-               {
-                       'key'                           => $key,
-                       'cipher'                        => 
'Crypt::OpenSSL::AES',
-                       'iv'                            => $iv,
-                       'header'                        => 'none',
-                       'literal_key'   => 1,
-               }
-       );
+       my $cipher;
+       eval {
+               $cipher = Crypt::CBC->new(
+                       {
+                               'key'                           => $key,
+                               'cipher'                        => 
'Crypt::Rijndael',
+                               'iv'                            => $iv,
+                               'header'                        => 'none',
+                               'literal_key'   => 1,
+                       }
+               );
+       };
+       if (!$cipher || $EVAL_ERROR) {
+               notify($ERRORS{'WARNING'}, 0, "unable to decrypt secret ID 
$secret_id, failed to create Crypt::CBC object" . ($EVAL_ERROR ? ", error:\n" . 
$EVAL_ERROR : ''));
+               return;
+       }
+       
        my $decrypted_string = $cipher->decrypt($ciphered_string);
        if (defined($decrypted_string)) {
                notify($ERRORS{'OK'}, 0, "decrypted secret ID $secret_id");

svn commit: r1797799 - in /vcl/trunk/managementnode: bin/install_perl_libs.pl lib/VCL/Module/OS/Linux/ManagementNode.pm

Reply via email to