1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
## This Source Code Form is subject to the terms of the Mozilla Public
## License, v. 2.0. If a copy of the MPL was not distributed with this
## file, You can obtain one at https://mozilla.org/MPL/2.0/.
##
## Copyright (c) 2007-2022 VMware, Inc. or its affiliates. All rights reserved.
alias RabbitMQ.CLI.Core.Helpers
defmodule RabbitMQ.CLI.Ctl.Commands.DecodeCommand do
alias RabbitMQ.CLI.Core.{DocGuide, Input}
@behaviour RabbitMQ.CLI.CommandBehaviour
use RabbitMQ.CLI.DefaultOutput
def switches() do
[
cipher: :string,
hash: :string,
iterations: :integer
]
end
@atomized_keys [:cipher, :hash]
def distribution(_), do: :none
def merge_defaults(args, opts) do
with_defaults = Map.merge(%{
cipher: :rabbit_pbe.default_cipher(),
hash: :rabbit_pbe.default_hash(),
iterations: :rabbit_pbe.default_iterations()
}, opts)
{args, Helpers.atomize_values(with_defaults, @atomized_keys)}
end
def validate(args, _) when length(args) < 1 do
{:validation_failure, {:not_enough_args, "Please provide a value to decode and a passphrase"}}
end
def validate(args, _) when length(args) > 2 do
{:validation_failure, :too_many_args}
end
def validate(_args, opts) do
case {supports_cipher(opts.cipher), supports_hash(opts.hash), opts.iterations > 0} do
{false, _, _} ->
{:validation_failure, {:bad_argument, "The requested cipher is not supported"}}
{_, false, _} ->
{:validation_failure, {:bad_argument, "The requested hash is not supported"}}
{_, _, false} ->
{:validation_failure,
{:bad_argument,
"The requested number of iterations is incorrect (must be a positive integer)"}}
{true, true, true} ->
:ok
end
end
def run([value], %{cipher: cipher, hash: hash, iterations: iterations} = opts) do
case Input.consume_single_line_string_with_prompt("Passphrase: ", opts) do
:eof -> {:error, :not_enough_args}
passphrase ->
try do
term_value = Helpers.evaluate_input_as_term(value)
term_to_decrypt =
case term_value do
{:encrypted, _} = encrypted ->
encrypted
_ ->
{:encrypted, term_value}
end
result = :rabbit_pbe.decrypt_term(cipher, hash, iterations, passphrase, term_to_decrypt)
{:ok, result}
catch
_, _ ->
{:error,
"Failed to decrypt the value. Things to check: is the passphrase correct? Are the cipher and hash algorithms the same as those used for encryption?"}
end
end
end
def run([value, passphrase], %{cipher: cipher, hash: hash, iterations: iterations}) do
try do
term_value = Helpers.evaluate_input_as_term(value)
term_to_decrypt =
case term_value do
{:encrypted, _} = encrypted ->
encrypted
_ ->
{:encrypted, term_value}
end
result = :rabbit_pbe.decrypt_term(cipher, hash, iterations, passphrase, term_to_decrypt)
{:ok, result}
catch
_, _ ->
{:error,
"Failed to decrypt the value. Things to check: is the passphrase correct? Are the cipher and hash algorithms the same as those used for encryption?"}
end
end
def formatter(), do: RabbitMQ.CLI.Formatters.Erlang
def banner(_, _) do
"Decrypting value..."
end
def usage, do: "decode value passphrase [--cipher <cipher>] [--hash <hash>] [--iterations <iterations>]"
def usage_additional() do
[
["<value>", "config value to decode"],
["<passphrase>", "passphrase to use with the config value encryption key"],
["--cipher <cipher>", "cipher suite to use"],
["--hash <hash>", "hashing function to use"],
["--iterations <iterations>", "number of iteration to apply"]
]
end
def usage_doc_guides() do
[
DocGuide.configuration()
]
end
def help_section(), do: :configuration
def description(), do: "Decrypts an encrypted configuration value"
#
# Implementation
#
defp supports_cipher(cipher), do: Enum.member?(:rabbit_pbe.supported_ciphers(), cipher)
defp supports_hash(hash), do: Enum.member?(:rabbit_pbe.supported_hashes(), hash)
end
|
