diff options
| -rw-r--r-- | docs/rabbitmqctl.1.xml | 26 | ||||
| -rw-r--r-- | src/rabbit_control_main.erl | 3 | ||||
| -rw-r--r-- | test/unit_SUITE.erl | 36 |
3 files changed, 34 insertions, 31 deletions
diff --git a/docs/rabbitmqctl.1.xml b/docs/rabbitmqctl.1.xml index 2ec063266a..6f4c74c95a 100644 --- a/docs/rabbitmqctl.1.xml +++ b/docs/rabbitmqctl.1.xml @@ -2189,7 +2189,7 @@ Flag to decrypt the input value. </para> <para role="example-prefix">For example:</para> - <screen role="example">rabbitmqctl encode --decode '{encrypted,'<<"...">>}' mypassphrase</screen> + <screen role="example">rabbitmqctl encode --decode '{encrypted, <<"...">>}' mypassphrase</screen> </listitem> </varlistentry> <varlistentry> @@ -2205,7 +2205,7 @@ </para> <para role="example-prefix">For example:</para> <screen role="example">rabbitmqctl encode '<<"guest">>' mypassphrase</screen> - <screen role="example">rabbitmqctl encode --decode '{encrypted,'<<"...">>}' mypassphrase</screen> + <screen role="example">rabbitmqctl encode --decode '{encrypted, <<"...">>}' mypassphrase</screen> </listitem> </varlistentry> <varlistentry> @@ -2252,7 +2252,7 @@ rabbitmqctl encode --cipher blowfish_cfb64 --hash sha256 --iterations 10000 \ <varlistentry> <!-- one-line formatting matters for rabbit_ctl_usage.erl code generation --> - <term><cmdsynopsis><command>decode</command> <arg choice="opt"><replaceable>value</replaceable></arg> <arg choice="opt"><replaceable>passphrase</replaceable></arg></cmdsynopsis> + <term><cmdsynopsis><command>decode</command> <arg choice="opt"><replaceable>value</replaceable></arg> <arg choice="opt"><replaceable>passphrase</replaceable></arg><arg choice="opt">--cipher <replaceable>cipher</replaceable></arg> <arg choice="opt">--hash <replaceable>hash</replaceable></arg> <arg choice="opt">--iterations <replaceable>iterations</replaceable></arg></cmdsynopsis> </term> <listitem> <variablelist> @@ -2268,7 +2268,25 @@ rabbitmqctl encode --cipher blowfish_cfb64 --hash sha256 --iterations 10000 \ Value to decrypt (as produced by the encode command) and passphrase. </para> <para role="example-prefix">For example:</para> - <screen role="example">rabbitmqctl decode '{encrypted,'<<"...">>}' mypassphrase</screen> + <screen role="example">rabbitmqctl decode '{encrypted, <<"...">>}' mypassphrase</screen> + </listitem> + </varlistentry> + <varlistentry> + <term> + <cmdsynopsis> + <arg choice="opt">--cipher <replaceable>cipher</replaceable></arg> + <arg choice="opt">--hash <replaceable>hash</replaceable></arg> + <arg choice="opt">--iterations <replaceable>iterations</replaceable></arg> + </cmdsynopsis> + </term> + <listitem> + <para> + Options to specify the decryption settings. They can be used independently. + </para> + <para role="example-prefix">For example:</para> + <screen role="example"> +rabbitmqctl decode --cipher blowfish_cfb64 --hash sha256 --iterations 10000 \ +'{encrypted,<<"cU4kaour6KG8n/rC4IZT4MfKsS/th9gdAMWjcY9ygUPIwiW4BJmVyg==">>}' mypassphrase</screen> </listitem> </varlistentry> </variablelist> diff --git a/src/rabbit_control_main.erl b/src/rabbit_control_main.erl index dc2d43d05e..50cf832e5d 100644 --- a/src/rabbit_control_main.erl +++ b/src/rabbit_control_main.erl @@ -123,7 +123,8 @@ [stop, shutdown, stop_app, start_app, wait, reset, force_reset, rotate_logs, join_cluster, change_cluster_node_type, update_cluster_nodes, forget_cluster_node, rename_cluster_node, cluster_status, status, - environment, eval, force_boot, help, hipe_compile, encode]). + environment, eval, force_boot, help, hipe_compile, encode, decode, + list_ciphers, list_hashes]). %% [Command | {Command, DefaultTimeoutInMilliSeconds}] -define(COMMANDS_WITH_TIMEOUT, diff --git a/test/unit_SUITE.erl b/test/unit_SUITE.erl index 8499fd2abc..ac7f289ae3 100644 --- a/test/unit_SUITE.erl +++ b/test/unit_SUITE.erl @@ -387,29 +387,23 @@ decrypt_start_app_wrong_passphrase(Config) -> rabbitmqctl_encode(_Config) -> % list ciphers and hashes - {ok, _} = rabbit_control_pbe:encode(true, false, undefined, undefined, undefined, undefined, undefined), - {ok, _} = rabbit_control_pbe:encode(false, true, undefined, undefined, undefined, undefined, undefined), + {ok, _} = rabbit_control_pbe:list_ciphers(), + {ok, _} = rabbit_control_pbe:list_hashes(), % incorrect ciphers, hashes and iteration number - {error, _} = rabbit_control_pbe:encode(false, false, undefined, funny_cipher, undefined, undefined, undefined), - {error, _} = rabbit_control_pbe:encode(false, false, undefined, undefined, funny_hash, undefined, undefined), - {error, _} = rabbit_control_pbe:encode(false, false, undefined, undefined, undefined, -1, undefined), - {error, _} = rabbit_control_pbe:encode(false, false, undefined, undefined, undefined, 0, undefined), + {error, _} = rabbit_control_pbe:encode(funny_cipher, undefined, undefined, undefined), + {error, _} = rabbit_control_pbe:encode(undefined, funny_hash, undefined, undefined), + {error, _} = rabbit_control_pbe:encode(undefined, undefined, -1, undefined), + {error, _} = rabbit_control_pbe:encode(undefined, undefined, 0, undefined), % incorrect number of arguments {error, _} = rabbit_control_pbe:encode( - false, false, - false, % encrypt rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [] ), {error, _} = rabbit_control_pbe:encode( - false, false, - false, % encrypt rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [undefined] ), {error, _} = rabbit_control_pbe:encode( - false, false, - false, % encrypt rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [undefined, undefined, undefined] ), @@ -427,38 +421,28 @@ rabbitmqctl_encode(_Config) -> rabbitmqctl_encode_encrypt_decrypt(Secret) -> PassPhrase = "passphrase", {ok, Output} = rabbit_control_pbe:encode( - false, false, - false, % encrypt rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [Secret, PassPhrase] ), {encrypted, Encrypted} = rabbit_control_pbe:evaluate_input_as_term(lists:flatten(Output)), - {ok, Result} = rabbit_control_pbe:encode( - false, false, - true, % decrypt + {ok, Result} = rabbit_control_pbe:decode( rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [lists:flatten(io_lib:format("~p", [Encrypted])), PassPhrase] ), Secret = lists:flatten(Result), % decrypt with {encrypted, ...} form as input - {ok, Result} = rabbit_control_pbe:encode( - false, false, - true, % decrypt + {ok, Result} = rabbit_control_pbe:decode( rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [lists:flatten(io_lib:format("~p", [{encrypted, Encrypted}])), PassPhrase] ), % wrong passphrase - {error, _} = rabbit_control_pbe:encode( - false, false, - true, % decrypt + {error, _} = rabbit_control_pbe:decode( rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [lists:flatten(io_lib:format("~p", [Encrypted])), PassPhrase ++ " "] ), - {error, _} = rabbit_control_pbe:encode( - false, false, - true, % decrypt + {error, _} = rabbit_control_pbe:decode( rabbit_pbe:default_cipher(), rabbit_pbe:default_hash(), rabbit_pbe:default_iterations(), [lists:flatten(io_lib:format("~p", [{encrypted, Encrypted}])), PassPhrase ++ " "] ) |