api: tape key restore: fix optional param handling and code refactoring
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
parent
ae60eed310
commit
ede9dc0d1a
|
|
@ -185,7 +185,7 @@ pub fn change_passphrase(
|
||||||
optional: true,
|
optional: true,
|
||||||
},
|
},
|
||||||
key: {
|
key: {
|
||||||
description: "A previously exported paperkey in JSON format.",
|
description: "Restore/Re-create a key from this JSON string.",
|
||||||
type: String,
|
type: String,
|
||||||
min_length: 300,
|
min_length: 300,
|
||||||
max_length: 600,
|
max_length: 600,
|
||||||
|
|
@ -206,42 +206,38 @@ pub fn create_key(
|
||||||
password: String,
|
password: String,
|
||||||
hint: Option<String>,
|
hint: Option<String>,
|
||||||
key: Option<String>,
|
key: Option<String>,
|
||||||
_rpcenv: &mut dyn RpcEnvironment
|
_rpcenv: &mut dyn RpcEnvironment,
|
||||||
) -> Result<Fingerprint, Error> {
|
) -> Result<Fingerprint, Error> {
|
||||||
let kdf = kdf.unwrap_or_default();
|
let kdf = kdf.unwrap_or_default();
|
||||||
|
|
||||||
if let Kdf::None = kdf {
|
if key.is_none() {
|
||||||
param_bail!(
|
if let Kdf::None = kdf {
|
||||||
"kdf",
|
param_bail!(
|
||||||
format_err!("Please specify a key derivation function (none is not allowed here).")
|
"kdf",
|
||||||
);
|
format_err!("Please specify a key derivation function (none is not allowed here).")
|
||||||
}
|
);
|
||||||
if hint.is_none() && key.is_none() {
|
}
|
||||||
param_bail!(
|
if hint.is_none() {
|
||||||
"hint",
|
param_bail!("hint", format_err!("Please specify either a hint or a key"));
|
||||||
format_err!("Please specify either a hint or a key")
|
}
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let (key_decrypt, mut key_config, fingerprint) = match key {
|
let (key_decrypt, mut key_config) = match key {
|
||||||
Some(key) => {
|
Some(key) => {
|
||||||
let key_config: KeyConfig =
|
let key_config: KeyConfig =
|
||||||
serde_json::from_str(&key).map_err(|err| format_err!("<errmsg>: {}", err))?;
|
serde_json::from_str(&key).map_err(|err| format_err!("<errmsg>: {}", err))?;
|
||||||
let password_fn = || Ok(password.as_bytes().to_vec());
|
let (key_decrypt, _created, _fp) =
|
||||||
let (key_decrypt, _created, fingerprint) = key_config.decrypt(&password_fn)?;
|
key_config.decrypt(&|| Ok(password.as_bytes().to_vec()))?;
|
||||||
(key_decrypt, key_config, fingerprint)
|
(key_decrypt, key_config)
|
||||||
}
|
|
||||||
None => {
|
|
||||||
let (key_decrypt, key_config) = KeyConfig::new(password.as_bytes(), kdf)?;
|
|
||||||
let fingerprint = key_config.fingerprint.clone().unwrap();
|
|
||||||
(key_decrypt, key_config, fingerprint)
|
|
||||||
}
|
}
|
||||||
|
None => KeyConfig::new(password.as_bytes(), kdf)?,
|
||||||
};
|
};
|
||||||
|
|
||||||
if hint.is_some() {
|
if hint.is_some() {
|
||||||
key_config.hint = hint;
|
key_config.hint = hint;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let fingerprint = key_config.fingerprint.clone().unwrap();
|
||||||
insert_key(key_decrypt, key_config, false)?;
|
insert_key(key_decrypt, key_config, false)?;
|
||||||
|
|
||||||
Ok(fingerprint)
|
Ok(fingerprint)
|
||||||
|
|
|
||||||
|
|
@ -620,11 +620,7 @@ fn write_media_label(
|
||||||
},
|
},
|
||||||
)]
|
)]
|
||||||
/// Try to restore a tape encryption key
|
/// Try to restore a tape encryption key
|
||||||
pub async fn restore_key(
|
pub async fn restore_key(drive: String, password: String) -> Result<(), Error> {
|
||||||
drive: String,
|
|
||||||
password: String,
|
|
||||||
) -> Result<(), Error> {
|
|
||||||
|
|
||||||
run_drive_blocking_task(drive.clone(), "restore key".to_string(), move |config| {
|
run_drive_blocking_task(drive.clone(), "restore key".to_string(), move |config| {
|
||||||
let mut drive = open_drive(&config, &drive)?;
|
let mut drive = open_drive(&config, &drive)?;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue