020ff909cc
This will download and decrypt a base64 encoded encrypted password from the os-server-password extension. It depends on the user having openssl installed, but if there is an error of any kind it will print out the encoded and encrypted password instead. It also implements clear_password which will delete the password so it can no longer be retrieved. Change-Id: I2c4e6c3f03b70dc98d6d339381648a6058f46e21
38 lines
1.3 KiB
Python
38 lines
1.3 KiB
Python
# Copyright 2013 Nebula, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import base64
|
|
import subprocess
|
|
|
|
|
|
class DecryptionFailure(Exception):
|
|
pass
|
|
|
|
|
|
def decrypt_password(private_key, password):
|
|
"""Base64 decodes password and unecrypts it with private key.
|
|
|
|
Requires openssl binary available in the path"""
|
|
unencoded = base64.b64decode(password)
|
|
cmd = ['openssl', 'rsautl', '-decrypt', '-inkey', private_key]
|
|
proc = subprocess.Popen(cmd, stdin=subprocess.PIPE,
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.PIPE)
|
|
out, err = proc.communicate(unencoded)
|
|
proc.stdin.close()
|
|
if proc.returncode:
|
|
raise DecryptionFailure(err)
|
|
return out
|