From bc8f33cda2e50a3c1eb4d27dc2ffc269b13bd788 Mon Sep 17 00:00:00 2001
From: Gary Wong <gtw@flux.utah.edu>
Date: Wed, 27 Oct 2010 17:06:14 -0600
Subject: [PATCH] Complain if the user enters an invalid passphrase.

When remembering a passphrase, attempt to decrypt the private key with it.
If decryption fails, complain, and try again, and again, and again...
---
 protogeni/tutorial/rememberpassphrase.py | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/protogeni/tutorial/rememberpassphrase.py b/protogeni/tutorial/rememberpassphrase.py
index ca13a673b..6cedc0318 100755
--- a/protogeni/tutorial/rememberpassphrase.py
+++ b/protogeni/tutorial/rememberpassphrase.py
@@ -21,8 +21,12 @@ import pwd
 import getopt
 import os
 import re
+import stat
 import xmlrpclib
-from M2Crypto import X509
+from M2Crypto import SSL, X509
+
+def RememberCB( c, prompt1 = '', prompt2 = '' ):
+    return passphrase
 
 execfile( "test-common.py" )
 
@@ -30,7 +34,22 @@ if os.path.exists( PASSPHRASEFILE ):
     Fatal( "A passphrase has already been stored." )
 
 from M2Crypto.util import passphrase_callback
-passphrase = passphrase_callback(0)
+while True: # #!(%ing Python doesn't have do loops
+    passphrase = passphrase_callback(0)
+    if not os.path.exists(CERTIFICATE):
+        print >> sys.stderr, "Warning:", CERTIFICATE, "not found; cannot " \
+            "verify passphrase."
+        break
+
+    try:
+        ctx = SSL.Context( "sslv23" )
+        ctx.load_cert( CERTIFICATE, CERTIFICATE, RememberCB )
+    except M2Crypto.SSL.SSLError, err:
+        print >> sys.stderr, "Could not decrypt key.  Please try again."
+        continue
+
+    break
 
 f = open( PASSPHRASEFILE, "w" )
+os.chmod( PASSPHRASEFILE, stat.S_IRUSR | stat.S_IWUSR )
 f.write( passphrase )
-- 
GitLab