adamdebreceni commented on a change in pull request #937:
URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r528764869
##########
File path: encrypt-config/EncryptConfig.cpp
##########
@@ -42,81 +40,119 @@ namespace nifi {
namespace minifi {
namespace encrypt_config {
-EncryptConfig::EncryptConfig(int argc, char* argv[]) :
minifi_home_(parseMinifiHomeFromTheOptions(argc, argv)) {
+EncryptConfig::EncryptConfig(const std::string& minifi_home) :
minifi_home_(minifi_home) {
if (sodium_init() < 0) {
throw std::runtime_error{"Could not initialize the libsodium library!"};
}
+ // encryption/decryption depends on the libsodium library which needs to be
initialized
+ keys_ = getEncryptionKeys();
}
-std::string EncryptConfig::parseMinifiHomeFromTheOptions(int argc, char*
argv[]) {
- if (argc >= 2) {
- for (int i = 1; i < argc; ++i) {
- std::string argstr(argv[i]);
- if ((argstr == "-h") || (argstr == "--help")) {
- std::cout << USAGE_STRING << std::endl;
- std::exit(0);
- }
- }
+EncryptConfig::EncryptionType EncryptConfig::encryptSensitiveProperties()
const {
+ encryptSensitiveProperties(keys_);
+ if (keys_.old_key) {
+ return EncryptionType::RE_ENCRYPT;
}
+ return EncryptionType::ENCRYPT;
+}
- if (argc >= 3) {
- for (int i = 1; i < argc; ++i) {
- std::string argstr(argv[i]);
- if ((argstr == "-m") || (argstr == "--minifi-home")) {
- if (i+1 < argc) {
- return std::string(argv[i+1]);
- }
- }
- }
+void EncryptConfig::encryptFlowConfig() const {
+ encrypt_config::ConfigFile
properties_file{std::ifstream{propertiesFilePath()}};
+ utils::optional<std::string> config_path =
properties_file.getValue(Configure::nifi_flow_configuration_file);
+ if (!config_path) {
+ config_path = utils::file::PathUtils::resolve(minifi_home_,
"conf/config.yml");
+ std::cout << "Couldn't find path of configuration file, using default: \""
<< *config_path << "\"\n";
+ } else {
+ config_path = utils::file::PathUtils::resolve(minifi_home_, *config_path);
+ std::cout << "Encrypting flow configuration file: \"" << *config_path <<
"\"\n";
+ }
+ std::string config_content;
+ try {
+ std::ifstream config_file{*config_path, std::ios::binary};
+ config_file.exceptions(std::ios::failbit | std::ios::badbit);
+ config_content = std::string{std::istreambuf_iterator<char>(config_file),
{}};
+ } catch (...) {
+ std::cerr << "Error while reading flow configuration file \"" <<
*config_path << "\"\n";
+ throw;
}
+ try {
+ utils::crypto::decrypt(config_content, keys_.encryption_key);
+ std::cout << "Flow config file is already properly encrypted.\n";
Review comment:
well, if a value is encrypted and we can't decrypt it neither with the
encryption key nor with the old encryption key, I would call that "improperly
encrypted" :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
