URL: https://github.com/freeipa/freeipa/pull/1409
Author: tiran
 Title: #1409: Vault: Add argument checks to encrypt/decrypt
Action: opened

PR body:
"""
Vault's encrypt and decrypt helper function take either symmetric or
public/private key. Raise an exception if either both or none of them
are passed down.

See https://pagure.io/freeipa/issue/7326

Signed-off-by: Christian Heimes <chei...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1409/head:pr1409
git checkout pr1409
From 8a1e2c51378aef6baa19c6f639774719747fa135 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Mon, 18 Dec 2017 11:59:25 +0100
Subject: [PATCH] Vault: Add argument checks to encrypt/decrypt

Vault's encrypt and decrypt helper function take either symmetric or
public/private key. Raise an exception if either both or none of them
are passed down.

See https://pagure.io/freeipa/issue/7326

Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaclient/plugins/vault.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
index 9a8d770a88..f64493ac63 100644
--- a/ipaclient/plugins/vault.py
+++ b/ipaclient/plugins/vault.py
@@ -101,11 +101,15 @@ def encrypt(data, symmetric_key=None, public_key=None):
     """
     Encrypts data with symmetric key or public key.
     """
-    if symmetric_key:
+    if symmetric_key is not None:
+        if public_key is not None:
+            raise ValueError(
+                "Either a symmetric or a public key is required, not both."
+            )
         fernet = Fernet(symmetric_key)
         return fernet.encrypt(data)
 
-    elif public_key:
+    elif public_key is not None:
         public_key_obj = load_pem_public_key(
             data=public_key,
             backend=default_backend()
@@ -119,14 +123,18 @@ def encrypt(data, symmetric_key=None, public_key=None):
             )
         )
     else:
-        return None
+        raise ValueError("Either a symmetric or a public key is required.")
 
 
 def decrypt(data, symmetric_key=None, private_key=None):
     """
     Decrypts data with symmetric key or public key.
     """
-    if symmetric_key:
+    if symmetric_key is not Noe:
+        if public_key is not None:
+            raise ValueError(
+                "Either a symmetric or a private key is required, not both."
+            )
         try:
             fernet = Fernet(symmetric_key)
             return fernet.decrypt(data)
@@ -134,7 +142,7 @@ def decrypt(data, symmetric_key=None, private_key=None):
             raise errors.AuthenticationError(
                 message=_('Invalid credentials'))
 
-    elif private_key:
+    elif private_key is not None:
         try:
             private_key_obj = load_pem_private_key(
                 data=private_key,
@@ -153,7 +161,7 @@ def decrypt(data, symmetric_key=None, private_key=None):
             raise errors.AuthenticationError(
                 message=_('Invalid credentials'))
     else:
-        return None
+        raise ValueError("Either a symmetric or a private key is required.")
 
 
 @register(no_fail=True)
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to