From: pbowen Date: Sat, 19 Mar 2005 00:12:24 +0000 (+0000) Subject: Fixed a few things: -PB X-Git-Tag: BEFORE_FINAL_MASONIZE~635 X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=9fa8e28db3d4964192a6e0dddb62c7f88cc0eb9f Fixed a few things: -PB 1. Fixed a nasty bug that would clear the payinfo if the private key was not available. 2. Set the default module for encrypt/decrypt to be Crypt::OpenSSL::RSA. 3. Added a die and error message so that it doesn't just pass around plaintext if the encryption engine is broken or missing. 4. Added code so that the masked payinfo is handled correctly in the case that it is blank and it cannot be generated (encrypted payinfo) --- diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm index e2efd1731..634d5bd7c 100644 --- a/FS/FS/Record.pm +++ b/FS/FS/Record.pm @@ -1707,13 +1707,21 @@ sub _dump { sub encrypt { my ($self, $value) = @_; my $encrypted; - if ($conf->exists('encryption') && !$self->is_encrypted($value)) { - $self->loadRSA; - if (ref($rsa_encrypt) =~ /::RSA/) { # We Can Encrypt - # RSA doesn't like the empty string so let's pack it up - # The database doesn't like the RSA data so uuencode it - my $length = length($value)+1; - $encrypted = pack("u*",$rsa_encrypt->encrypt(pack("Z$length",$value))); + + if ($conf->exists('encryption')) { + if ($self->is_encrypted($value)) { + # Return the original value if it isn't plaintext. + $encrypted = $value; + } else { + $self->loadRSA; + if (ref($rsa_encrypt) =~ /::RSA/) { # We Can Encrypt + # RSA doesn't like the empty string so let's pack it up + # The database doesn't like the RSA data so uuencode it + my $length = length($value)+1; + $encrypted = pack("u*",$rsa_encrypt->encrypt(pack("Z$length",$value))); + } else { + die ("You can't encrypt w/o a valid RSA engine - Check your installation or disable encryption"); + } } } return $encrypted; @@ -1744,13 +1752,14 @@ sub decrypt { } sub loadRSA { - my $self = shift;; + my $self = shift; #Initialize the Module - if (!$conf->exists('encryptionmodule')) { - carp "warning: There is no Encryption Module Defined!"; - return; + $rsa_module = 'Crypt::OpenSSL::RSA'; # The Default + + if ($conf->exists('encryptionmodule') && $conf->config('encryptionmodule') ne '') { + $rsa_module = $conf->config('encryptionmodule'); } - $rsa_module = $conf->config('encryptionmodule'); + if (!$rsa_loaded) { eval ("require $rsa_module"); # No need to import the namespace $rsa_loaded++; diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm index 5db7a482c..8246b93f5 100644 --- a/FS/FS/cust_main.pm +++ b/FS/FS/cust_main.pm @@ -247,7 +247,7 @@ sub paymask { $paymask = $payinfo; } $self->setfield('paymask', $paymask); # This is okay since we are the 'setter' - } else { + } elsif (defined($value) && $self->is_encrypted($value)) { $paymask = 'N/A'; } return $paymask; @@ -678,7 +678,7 @@ sub replace { local $SIG{PIPE} = 'IGNORE'; # If the mask is blank then try to set it - if we can... - if (!defined($self->paymask) && $self->paymask eq '') { + if (!defined($self->getfield('paymask')) || $self->getfield('paymask') eq '') { $self->paymask($self->payinfo); } @@ -936,7 +936,7 @@ sub check { return gettext('unknown_card_type') if cardtype($self->payinfo) eq "Unknown"; if ( defined $self->dbdef_table->column('paycvv') ) { - if ( length($self->paycvv) ) { + if (length($self->paycvv) && !$self->is_encrypted($self->paycvv)) { if ( cardtype($self->payinfo) eq 'American Express card' ) { $self->paycvv =~ /^(\d{4})$/ or return "CVV2 (CID) for American Express cards is four digits.";