Better error handling for enclite store

The store as throwing an exception in case of an unesisting key.
Now it returns None as expected on missing keys, and properly
wraps encoding exceptions if the JWE can't be decoded.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>

1 files changed, 11 insertions, 3 deletions

diff --git a/custodia/store/enclite.py b/custodia/store/enclite.py
index 3f88d6b..787e5ca 100644
--- a/custodia/store/enclite.py
+++ b/custodia/store/enclite.py
@@ -4,6 +4,8 @@ from jwcrypto.common import json_decode, json_encode
 from jwcrypto.jwe import JWE
 from jwcrypto.jwk import JWK
 
+from custodia import log
+from custodia.store.interface import CSStoreError
 from custodia.store.sqlite import SqliteStore
 
 
@@ -28,9 +30,15 @@ class EncryptedStore(SqliteStore):
 
     def get(self, key):
         value = super(EncryptedStore, self).get(key)
-        jwe = JWE()
-        jwe.deserialize(value, self.mkey)
-        return jwe.payload.decode('utf-8')
+        if value is None:
+            return None
+        try:
+            jwe = JWE()
+            jwe.deserialize(value, self.mkey)
+            return jwe.payload.decode('utf-8')
+        except Exception as err:
+            log.error("Error parsing key %s: [%r]" % (key, repr(err)))
+            raise CSStoreError('Error occurred while trying to parse key')
 
     def set(self, key, value, replace=False):
         jwe = JWE(value, json_encode({'alg': 'dir', 'enc': self.enc}))