d54efa9f58
Also bump the versions, switch to the native hacking pre-commit hook, fix some bandit issues that have crept in, and add descriptions for all tox jobs. Change-Id: I4717023ad81bd2899114f30bd5320a29654f8f12 Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
42 lines
1.4 KiB
Python
42 lines
1.4 KiB
Python
# Copyright 2013 Nebula, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import base64
|
|
import subprocess # nosec: B404
|
|
|
|
|
|
class DecryptionFailure(Exception):
|
|
pass
|
|
|
|
|
|
def decrypt_password(private_key, password):
|
|
"""Base64 decodes password and unencrypts it with private key.
|
|
|
|
Requires openssl binary available in the path.
|
|
"""
|
|
unencoded = base64.b64decode(password)
|
|
cmd = ['openssl', 'rsautl', '-decrypt', '-inkey', private_key]
|
|
proc = subprocess.Popen(cmd, stdin=subprocess.PIPE,
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.PIPE) # nosec: B603
|
|
out, err = proc.communicate(unencoded)
|
|
proc.stdin.close()
|
|
if proc.returncode:
|
|
raise DecryptionFailure(err)
|
|
|
|
if isinstance(out, bytes):
|
|
return out.decode('utf-8')
|
|
return out
|