def pre_save(self, model_inst, add):
"""
Encrypt the value with the Observer key
"""
from observers.syndicate import syndicatelib
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_private_key_pem(
observer_pkey_path)
except:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to load Observer private key"
)
slice_secret = getattr(model_inst, self.attname)
if slice_secret is not None:
# encrypt it
sealed_slice_secret = syndicatelib.encrypt_slice_secret(
observer_pkey_pem, slice_secret)
return ObserverSecretValue.serialize(sealed_slice_secret)
else:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: No slice secret generated")
def save(self, *args, **kw):
"""
Make sure a SliceSecret exists for this slice
"""
from observers.syndicate import syndicatelib
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_private_key_pem(
observer_pkey_path)
except:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to load Observer private key"
)
# get or create the slice secret
slice_secret = syndicatelib.get_or_create_slice_secret(
observer_pkey_pem, None, slice_fk=self.slice_id)
if slice_secret is None:
raise SyndicateObserverError(
"Failed to get or create slice secret for %s" %
self.slice_id.name)
super(VolumeSlice, self).save(*args, **kw)
def to_python(self, secret_str):
"""
Decrypt the value with the Observer key
"""
# is this in the clear?
if not ObserverSecretValue.is_encrypted(secret_str):
# nothing to do
return secret_str
# otherwise, decrypt it
from observers.syndicate import syndicatelib
# get observer private key
config = syndicatelib.get_config()
try:
observer_pkey_path = config.SYNDICATE_PRIVATE_KEY
observer_pkey_pem = syndicatelib.get_private_key_pem(
observer_pkey_path)
except:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to load Observer private key"
)
# deserialize
secret_str = ObserverSecretValue.unserialize(secret_str)
# decrypt
if secret_str is not None and len(secret_str) > 0:
slice_secret = syndicatelib.decrypt_slice_secret(
observer_pkey_pem, secret_str)
if slice_secret is not None:
return slice_secret
else:
raise syndicatelib.SyndicateObserverError(
"Internal Syndicate Observer error: failed to decrypt slice secret value"
)
else:
return None