def _decrypt(self, output: AgentRawData) -> AgentRawData: if output.startswith(b"<<<"): self._logger.debug("Output is not encrypted") if self.encryption_settings["use_regular"] == "enforce": raise MKFetcherError( "Agent output is plaintext but encryption is enforced by configuration" ) return output if self.encryption_settings["use_regular"] not in ["enforce", "allow"]: self._logger.debug("Output is not encrypted") return output try: self._logger.debug("Decrypt encrypted output") output = self._real_decrypt(output) except MKFetcherError: raise except Exception as e: if self.encryption_settings["use_regular"] == "enforce": raise MKFetcherError("Failed to decrypt agent output: %s" % e) # of course the package might indeed have been encrypted but # in an incorrect format, but how would we find that out? # In this case processing the output will fail if not output: # may be caused by xinetd not allowing our address raise MKFetcherError("Empty output from agent at %s:%d" % self.address) if len(output) < 16: raise MKFetcherError("Too short output from agent: %r" % output) return output
def _decrypt(self, output: AgentRawData) -> AgentRawData: if not output: return output # nothing to to, validation will fail if output.startswith(b"<<<"): self._logger.debug("Output is not encrypted") if self.encryption_settings["use_regular"] == "enforce": raise MKFetcherError( "Agent output is plaintext but encryption is enforced by configuration" ) return output self._logger.debug("Output is encrypted or invalid") if self.encryption_settings["use_regular"] == "disable": raise MKFetcherError( "Agent output is either invalid or encrypted but encryption is disabled by configuration" ) try: self._logger.debug("Try to decrypt output") output = self._decrypt_agent_data(output=output) except MKFetcherError: raise except Exception as e: if self.encryption_settings["use_regular"] == "enforce": raise MKFetcherError("Failed to decrypt agent output: %s" % e) # of course the package might indeed have been encrypted but # in an incorrect format, but how would we find that out? # In this case processing the output will fail return output