Decrypt and un-serialize a python object
(self, data, raw=False, nonce=None)
| 2049 | return self.encrypt(toencrypt) |
| 2050 | |
| 2051 | def loads(self, data, raw=False, nonce=None): |
| 2052 | """ |
| 2053 | Decrypt and un-serialize a python object |
| 2054 | """ |
| 2055 | data = self.decrypt(data) |
| 2056 | # simple integrity check to verify that we got meaningful data |
| 2057 | if not data.startswith(self.PICKLE_PAD): |
| 2058 | return {} |
| 2059 | data = data[len(self.PICKLE_PAD) :] |
| 2060 | if nonce: |
| 2061 | ret_nonce = data[:32].decode() |
| 2062 | data = data[32:] |
| 2063 | if ret_nonce != nonce: |
| 2064 | raise SaltClientError(f"Nonce verification error {ret_nonce} {nonce}") |
| 2065 | payload = salt.payload.loads(data, raw=raw) |
| 2066 | if isinstance(payload, dict): |
| 2067 | if "serial" in payload: |
| 2068 | serial = payload.pop("serial") |
| 2069 | if serial <= self.serial: |
| 2070 | log.critical( |
| 2071 | "A message with an invalid serial was received.\n" |
| 2072 | "this serial: %d\n" |
| 2073 | "last serial: %d\n" |
| 2074 | "The minion will not honor this request.", |
| 2075 | serial, |
| 2076 | self.serial, |
| 2077 | ) |
| 2078 | return {} |
| 2079 | self.serial = serial |
| 2080 | return payload |
| 2081 | |
| 2082 | |
| 2083 | class TLSAwareCrypticle(Crypticle): |