Fixed a few things: -PB

1. Fixed a nasty bug that would clear the payinfo if the private key was not available.
2. Set the default module for encrypt/decrypt to be Crypt::OpenSSL::RSA.
3. Added a die and error message so that it doesn't just pass around plaintext if the encryption engine is broken or missing.
4. Added code so that the masked payinfo is handled correctly in the case that it is blank and it cannot be generated (encrypted payinfo)

2 files changed, 24 insertions, 15 deletions

diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm
index e2efd17..634d5bd 100644
--- a/FS/FS/Record.pm
+++ b/FS/FS/Record.pm
@@ -1707,13 +1707,21 @@ sub _dump {
 sub encrypt {
   my ($self, $value) = @_;
   my $encrypted;
-  if ($conf->exists('encryption') && !$self->is_encrypted($value)) {
-    $self->loadRSA;
-    if (ref($rsa_encrypt) =~ /::RSA/) { # We Can Encrypt
-      # RSA doesn't like the empty string so let's pack it up
-      # The database doesn't like the RSA data so uuencode it
-      my $length = length($value)+1;
-      $encrypted = pack("u*",$rsa_encrypt->encrypt(pack("Z$length",$value)));
+
+  if ($conf->exists('encryption')) {
+    if ($self->is_encrypted($value)) {
+      # Return the original value if it isn't plaintext.
+      $encrypted = $value;
+    } else {
+      $self->loadRSA;
+      if (ref($rsa_encrypt) =~ /::RSA/) { # We Can Encrypt
+        # RSA doesn't like the empty string so let's pack it up
+        # The database doesn't like the RSA data so uuencode it
+        my $length = length($value)+1;
+        $encrypted = pack("u*",$rsa_encrypt->encrypt(pack("Z$length",$value)));
+      } else {
+        die ("You can't encrypt w/o a valid RSA engine - Check your installation or disable encryption");
+      }
     }
   }
   return $encrypted;
@@ -1744,13 +1752,14 @@ sub decrypt {
 }
 
 sub loadRSA {
-    my $self = shift;;
+    my $self = shift;
     #Initialize the Module
-    if (!$conf->exists('encryptionmodule')) {
-	carp "warning: There is no Encryption Module Defined!";
-	return;
+    $rsa_module = 'Crypt::OpenSSL::RSA'; # The Default
+
+    if ($conf->exists('encryptionmodule') && $conf->config('encryptionmodule') ne '') {
+      $rsa_module = $conf->config('encryptionmodule');
     }
-    $rsa_module = $conf->config('encryptionmodule');
+
     if (!$rsa_loaded) {
 	eval ("require $rsa_module"); # No need to import the namespace
 	$rsa_loaded++;
diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm
index 5db7a48..8246b93 100644
--- a/FS/FS/cust_main.pm
+++ b/FS/FS/cust_main.pm
@@ -247,7 +247,7 @@ sub paymask {
       $paymask = $payinfo;
     }
     $self->setfield('paymask', $paymask); # This is okay since we are the 'setter'
-  } else {
+  } elsif (defined($value) && $self->is_encrypted($value)) {
     $paymask = 'N/A';
   }
   return $paymask;
@@ -678,7 +678,7 @@ sub replace {
   local $SIG{PIPE} = 'IGNORE';
 
   # If the mask is blank then try to set it - if we can...
-  if (!defined($self->paymask) && $self->paymask eq '') {
+  if (!defined($self->getfield('paymask')) || $self->getfield('paymask') eq '') {
     $self->paymask($self->payinfo);
   }
 
@@ -936,7 +936,7 @@ sub check {
     return gettext('unknown_card_type')
       if cardtype($self->payinfo) eq "Unknown";
     if ( defined $self->dbdef_table->column('paycvv') ) {
-      if ( length($self->paycvv) ) {
+      if (length($self->paycvv) && !$self->is_encrypted($self->paycvv)) {
         if ( cardtype($self->payinfo) eq 'American Express card' ) {
           $self->paycvv =~ /^(\d{4})$/
             or return "CVV2 (CID) for American Express cards is four digits.";