Sophie

Sophie

distrib > Fedora > 17 > i386 > media > updates > by-pkgid > b50d8ee6d7871fcc13c0677a9364ed59 > files > 47

bcfg2-doc-1.3.0-1.fc17.noarch.rpm



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator &mdash; Bcfg2 1.3.0 documentation</title>
    
    <link rel="stylesheet" href="../../../../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../../../../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../../../../',
        VERSION:     '1.3.0',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../../../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../../../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../../../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../../../../_static/sidebar.js"></script>
    <link rel="shortcut icon" href="../../../../../_static/favicon.ico"/>
    <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../../../index.html" />
    <link rel="up" title="Bcfg2.Server.Plugins.Cfg" href="../Cfg.html" />
 
<link rel="stylesheet" href="../../../../../_static/bcfg2.css" type=""/>

  </head>
  <body>

<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../../../../index.html"><img src="../../../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>

    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../../../../../genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="../../../../../py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
	<li><a href="../../../../../index.html">home</a> |&nbsp;</li>
	<!--<li><a href="../../../../../search.html">search</a> |&nbsp;</li>-->
	<li><a href="../../../../../help/index.html">help</a> |&nbsp;</li>
	<li><a href="../../../../../contents.html">documentation </a> &raquo;</li>

          <li><a href="../../../../index.html" >Module code</a> &raquo;</li>
          <li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> &raquo;</li>
          <li><a href="../Cfg.html" accesskey="U">Bcfg2.Server.Plugins.Cfg</a> &raquo;</li> 
      </ul>
    </div>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <h1>Source code for Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator</h1><div class="highlight"><pre>
<span class="sd">&quot;&quot;&quot; The CfgPrivateKeyCreator creates SSH keys on the fly. &quot;&quot;&quot;</span>

<span class="kn">import</span> <span class="nn">os</span>
<span class="kn">import</span> <span class="nn">shutil</span>
<span class="kn">import</span> <span class="nn">tempfile</span>
<span class="kn">import</span> <span class="nn">subprocess</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugin</span> <span class="kn">import</span> <span class="n">PluginExecutionError</span><span class="p">,</span> <span class="n">StructFile</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg</span> <span class="kn">import</span> <span class="n">CfgCreator</span><span class="p">,</span> <span class="n">CfgCreationError</span><span class="p">,</span> <span class="n">SETUP</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator</span> <span class="kn">import</span> <span class="n">CfgPublicKeyCreator</span>
<span class="k">try</span><span class="p">:</span>
    <span class="kn">import</span> <span class="nn">Bcfg2.Encryption</span>
    <span class="n">HAS_CRYPTO</span> <span class="o">=</span> <span class="bp">True</span>
<span class="k">except</span> <span class="ne">ImportError</span><span class="p">:</span>
    <span class="n">HAS_CRYPTO</span> <span class="o">=</span> <span class="bp">False</span>


<div class="viewcode-block" id="CfgPrivateKeyCreator"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator">[docs]</a><span class="k">class</span> <span class="nc">CfgPrivateKeyCreator</span><span class="p">(</span><span class="n">CfgCreator</span><span class="p">,</span> <span class="n">StructFile</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;The CfgPrivateKeyCreator creates SSH keys on the fly. &quot;&quot;&quot;</span>

    <span class="c">#: Different configurations for different clients/groups can be</span>
    <span class="c">#: handled with Client and Group tags within privkey.xml</span>
    <span class="n">__specific__</span> <span class="o">=</span> <span class="bp">False</span>

    <span class="c">#: Handle XML specifications of private keys</span>
    <span class="n">__basenames__</span> <span class="o">=</span> <span class="p">[</span><span class="s">&#39;privkey.xml&#39;</span><span class="p">]</span>

    <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">):</span>
        <span class="n">CfgCreator</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span>
        <span class="n">StructFile</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span>

        <span class="n">pubkey_path</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">name</span><span class="p">)</span> <span class="o">+</span> <span class="s">&quot;.pub&quot;</span>
        <span class="n">pubkey_name</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">pubkey_path</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">basename</span><span class="p">(</span><span class="n">pubkey_path</span><span class="p">))</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span> <span class="o">=</span> <span class="n">CfgPublicKeyCreator</span><span class="p">(</span><span class="n">pubkey_name</span><span class="p">)</span>
    <span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span>

    <span class="nd">@property</span>
<div class="viewcode-block" id="CfgPrivateKeyCreator.category"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.category">[docs]</a>    <span class="k">def</span> <span class="nf">category</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot; The name of the metadata category that generated keys are</span>
<span class="sd">        specific to &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="p">(</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">&quot;sshkeys&quot;</span><span class="p">)</span> <span class="ow">and</span>
            <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">&quot;sshkeys&quot;</span><span class="p">,</span> <span class="s">&quot;category&quot;</span><span class="p">)):</span>
            <span class="k">return</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;sshkeys&quot;</span><span class="p">,</span> <span class="s">&quot;category&quot;</span><span class="p">)</span>
        <span class="k">return</span> <span class="bp">None</span>
</div>
    <span class="nd">@property</span>
<div class="viewcode-block" id="CfgPrivateKeyCreator.passphrase"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.passphrase">[docs]</a>    <span class="k">def</span> <span class="nf">passphrase</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot; The passphrase used to encrypt private keys &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="p">(</span><span class="n">HAS_CRYPTO</span> <span class="ow">and</span>
            <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">&quot;sshkeys&quot;</span><span class="p">)</span> <span class="ow">and</span>
            <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">&quot;sshkeys&quot;</span><span class="p">,</span> <span class="s">&quot;passphrase&quot;</span><span class="p">)):</span>
            <span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_passphrases</span><span class="p">(</span><span class="n">SETUP</span><span class="p">)[</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span>
                    <span class="s">&quot;sshkeys&quot;</span><span class="p">,</span>
                    <span class="s">&quot;passphrase&quot;</span><span class="p">)]</span>
        <span class="k">return</span> <span class="bp">None</span>
</div>
<div class="viewcode-block" id="CfgPrivateKeyCreator.handle_event"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.handle_event">[docs]</a>    <span class="k">def</span> <span class="nf">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">):</span>
        <span class="n">CfgCreator</span><span class="o">.</span><span class="n">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span>
        <span class="n">StructFile</span><span class="o">.</span><span class="n">HandleEvent</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span></div>
    <span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span>

    <span class="k">def</span> <span class="nf">_gen_keypair</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot; Generate a keypair according to the given client medata</span>
<span class="sd">        and key specification.</span>

<span class="sd">        :param metadata: The client metadata to generate keys for</span>
<span class="sd">        :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span>
<span class="sd">        :param spec: The key specification to follow when creating the</span>
<span class="sd">                     keys. This should be an XML document that only</span>
<span class="sd">                     contains key specification data that applies to</span>
<span class="sd">                     the given client metadata, and may be obtained by</span>
<span class="sd">                     doing ``self.XMLMatch(metadata)``</span>
<span class="sd">        :type spec: lxml.etree._Element</span>
<span class="sd">        :returns: None</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="n">spec</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
            <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>

        <span class="c"># set key parameters</span>
        <span class="n">ktype</span> <span class="o">=</span> <span class="s">&quot;rsa&quot;</span>
        <span class="n">bits</span> <span class="o">=</span> <span class="bp">None</span>
        <span class="n">params</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">&quot;Params&quot;</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">params</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span>
            <span class="n">bits</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;bits&quot;</span><span class="p">)</span>
            <span class="n">ktype</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;type&quot;</span><span class="p">,</span> <span class="n">ktype</span><span class="p">)</span>
        <span class="k">try</span><span class="p">:</span>
            <span class="n">passphrase</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">&quot;Passphrase&quot;</span><span class="p">)</span><span class="o">.</span><span class="n">text</span>
        <span class="k">except</span> <span class="ne">AttributeError</span><span class="p">:</span>
            <span class="n">passphrase</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
        <span class="n">tempdir</span> <span class="o">=</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">mkdtemp</span><span class="p">()</span>
        <span class="k">try</span><span class="p">:</span>
            <span class="n">filename</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tempdir</span><span class="p">,</span> <span class="s">&quot;privkey&quot;</span><span class="p">)</span>

            <span class="c"># generate key pair</span>
            <span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span><span class="s">&quot;ssh-keygen&quot;</span><span class="p">,</span> <span class="s">&quot;-f&quot;</span><span class="p">,</span> <span class="n">filename</span><span class="p">,</span> <span class="s">&quot;-t&quot;</span><span class="p">,</span> <span class="n">ktype</span><span class="p">]</span>
            <span class="k">if</span> <span class="n">bits</span><span class="p">:</span>
                <span class="n">cmd</span><span class="o">.</span><span class="n">extend</span><span class="p">([</span><span class="s">&quot;-b&quot;</span><span class="p">,</span> <span class="n">bits</span><span class="p">])</span>
            <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&quot;-N&quot;</span><span class="p">)</span>
            <span class="n">log_cmd</span> <span class="o">=</span> <span class="n">cmd</span><span class="p">[:]</span>
            <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">passphrase</span><span class="p">)</span>
            <span class="k">if</span> <span class="n">passphrase</span><span class="p">:</span>
                <span class="n">log_cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&quot;******&quot;</span><span class="p">)</span>
            <span class="k">else</span><span class="p">:</span>
                <span class="n">log_cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&quot;&#39;&#39;&quot;</span><span class="p">)</span>
            <span class="bp">self</span><span class="o">.</span><span class="n">debug_log</span><span class="p">(</span><span class="s">&quot;Cfg: Generating new SSH key pair: </span><span class="si">%s</span><span class="s">&quot;</span> <span class="o">%</span>
                           <span class="s">&quot; &quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">log_cmd</span><span class="p">))</span>
            <span class="n">proc</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">Popen</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span>
                                    <span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">)</span>
            <span class="n">err</span> <span class="o">=</span> <span class="n">proc</span><span class="o">.</span><span class="n">communicate</span><span class="p">()[</span><span class="mi">1</span><span class="p">]</span>
            <span class="k">if</span> <span class="n">proc</span><span class="o">.</span><span class="n">wait</span><span class="p">():</span>
                <span class="k">raise</span> <span class="n">CfgCreationError</span><span class="p">(</span><span class="s">&quot;Cfg: Failed to generate SSH key pair &quot;</span>
                                       <span class="s">&quot;at </span><span class="si">%s</span><span class="s"> for </span><span class="si">%s</span><span class="s">: </span><span class="si">%s</span><span class="s">&quot;</span> <span class="o">%</span>
                                       <span class="p">(</span><span class="n">filename</span><span class="p">,</span> <span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span>
            <span class="k">elif</span> <span class="n">err</span><span class="p">:</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">&quot;Cfg: Generated SSH key pair at </span><span class="si">%s</span><span class="s"> for </span><span class="si">%s</span><span class="s"> &quot;</span>
                                    <span class="s">&quot;with errors: </span><span class="si">%s</span><span class="s">&quot;</span> <span class="o">%</span> <span class="p">(</span><span class="n">filename</span><span class="p">,</span>
                                                         <span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span>
                                                         <span class="n">err</span><span class="p">))</span>
            <span class="k">return</span> <span class="n">filename</span>
        <span class="k">except</span><span class="p">:</span>
            <span class="n">shutil</span><span class="o">.</span><span class="n">rmtree</span><span class="p">(</span><span class="n">tempdir</span><span class="p">)</span>
            <span class="k">raise</span>

<div class="viewcode-block" id="CfgPrivateKeyCreator.get_specificity"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.get_specificity">[docs]</a>    <span class="k">def</span> <span class="nf">get_specificity</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot; Get config settings for key generation specificity</span>
<span class="sd">        (per-host or per-group).</span>

<span class="sd">        :param metadata: The client metadata to create data for</span>
<span class="sd">        :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span>
<span class="sd">        :param spec: The key specification to follow when creating the</span>
<span class="sd">                     keys. This should be an XML document that only</span>
<span class="sd">                     contains key specification data that applies to</span>
<span class="sd">                     the given client metadata, and may be obtained by</span>
<span class="sd">                     doing ``self.XMLMatch(metadata)``</span>
<span class="sd">        :type spec: lxml.etree._Element</span>
<span class="sd">        :returns: dict - A dict of specificity arguments suitable for</span>
<span class="sd">                  passing to</span>
<span class="sd">                  :func:`Bcfg2.Server.Plugins.Cfg.CfgCreator.write_data`</span>
<span class="sd">                  or</span>
<span class="sd">                  :func:`Bcfg2.Server.Plugins.Cfg.CfgCreator.get_filename`</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="n">spec</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
            <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>
        <span class="n">category</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;category&quot;</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">)</span>
        <span class="k">print</span><span class="p">(</span><span class="s">&quot;category=</span><span class="si">%s</span><span class="s">&quot;</span> <span class="o">%</span> <span class="n">category</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">category</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
            <span class="n">per_host_default</span> <span class="o">=</span> <span class="s">&quot;true&quot;</span>
        <span class="k">else</span><span class="p">:</span>
            <span class="n">per_host_default</span> <span class="o">=</span> <span class="s">&quot;false&quot;</span>
        <span class="n">per_host</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;perhost&quot;</span><span class="p">,</span> <span class="n">per_host_default</span><span class="p">)</span><span class="o">.</span><span class="n">lower</span><span class="p">()</span> <span class="o">==</span> <span class="s">&quot;true&quot;</span>

        <span class="n">specificity</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">category</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">per_host</span><span class="p">:</span>
            <span class="n">group</span> <span class="o">=</span> <span class="n">metadata</span><span class="o">.</span><span class="n">group_in_category</span><span class="p">(</span><span class="n">category</span><span class="p">)</span>
            <span class="k">if</span> <span class="n">group</span><span class="p">:</span>
                <span class="n">specificity</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">(</span><span class="n">group</span><span class="o">=</span><span class="n">group</span><span class="p">,</span>
                                   <span class="n">prio</span><span class="o">=</span><span class="nb">int</span><span class="p">(</span><span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;priority&quot;</span><span class="p">,</span> <span class="mi">50</span><span class="p">)))</span>
            <span class="k">else</span><span class="p">:</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">&quot;Cfg: </span><span class="si">%s</span><span class="s"> has no group in category </span><span class="si">%s</span><span class="s">, &quot;</span>
                                 <span class="s">&quot;creating host-specific key&quot;</span> <span class="o">%</span>
                                 <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">category</span><span class="p">))</span>
        <span class="k">return</span> <span class="n">specificity</span>

    <span class="c"># pylint: disable=W0221</span></div>
<div class="viewcode-block" id="CfgPrivateKeyCreator.create_data"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.create_data">[docs]</a>    <span class="k">def</span> <span class="nf">create_data</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">entry</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">return_pair</span><span class="o">=</span><span class="bp">False</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot; Create data for the given entry on the given client</span>

<span class="sd">        :param entry: The abstract entry to create data for.  This</span>
<span class="sd">                      will not be modified</span>
<span class="sd">        :type entry: lxml.etree._Element</span>
<span class="sd">        :param metadata: The client metadata to create data for</span>
<span class="sd">        :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span>
<span class="sd">        :param return_pair: Return a tuple of ``(public key, private</span>
<span class="sd">                            key)`` instead of just the private key.</span>
<span class="sd">                            This is used by</span>
<span class="sd">                            :class:`Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator.CfgPublicKeyCreator`</span>
<span class="sd">                            to create public keys as requested.</span>
<span class="sd">        :type return_pair: bool</span>
<span class="sd">        :returns: string - The private key data</span>
<span class="sd">        :returns: tuple - Tuple of ``(public key, private key)``, if</span>
<span class="sd">                  ``return_pair`` is set to True</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>
        <span class="n">specificity</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">get_specificity</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="p">)</span>
        <span class="n">filename</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_gen_keypair</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="p">)</span>

        <span class="k">try</span><span class="p">:</span>
            <span class="c"># write the public key, stripping the comment and</span>
            <span class="c"># replacing it with a comment that specifies the filename.</span>
            <span class="n">kdata</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span> <span class="o">+</span> <span class="s">&quot;.pub&quot;</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span><span class="o">.</span><span class="n">split</span><span class="p">()[:</span><span class="mi">2</span><span class="p">]</span>
            <span class="n">kdata</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span><span class="o">.</span><span class="n">get_filename</span><span class="p">(</span><span class="o">**</span><span class="n">specificity</span><span class="p">))</span>
            <span class="n">pubkey</span> <span class="o">=</span> <span class="s">&quot; &quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">kdata</span><span class="p">)</span> <span class="o">+</span> <span class="s">&quot;</span><span class="se">\n</span><span class="s">&quot;</span>
            <span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span><span class="o">.</span><span class="n">write_data</span><span class="p">(</span><span class="n">pubkey</span><span class="p">,</span> <span class="o">**</span><span class="n">specificity</span><span class="p">)</span>

            <span class="c"># encrypt the private key, write to the proper place, and</span>
            <span class="c"># return it</span>
            <span class="n">privkey</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span>
            <span class="k">if</span> <span class="n">HAS_CRYPTO</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">passphrase</span><span class="p">:</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">debug_log</span><span class="p">(</span><span class="s">&quot;Cfg: Encrypting key data at </span><span class="si">%s</span><span class="s">&quot;</span> <span class="o">%</span> <span class="n">filename</span><span class="p">)</span>
                <span class="n">privkey</span> <span class="o">=</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">ssl_encrypt</span><span class="p">(</span>
                    <span class="n">privkey</span><span class="p">,</span>
                    <span class="bp">self</span><span class="o">.</span><span class="n">passphrase</span><span class="p">,</span>
                    <span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span>
                <span class="n">specificity</span><span class="p">[</span><span class="s">&#39;ext&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s">&#39;.crypt&#39;</span>

            <span class="bp">self</span><span class="o">.</span><span class="n">write_data</span><span class="p">(</span><span class="n">privkey</span><span class="p">,</span> <span class="o">**</span><span class="n">specificity</span><span class="p">)</span>

            <span class="k">if</span> <span class="n">return_pair</span><span class="p">:</span>
                <span class="k">return</span> <span class="p">(</span><span class="n">pubkey</span><span class="p">,</span> <span class="n">privkey</span><span class="p">)</span>
            <span class="k">else</span><span class="p">:</span>
                <span class="k">return</span> <span class="n">privkey</span>
        <span class="k">finally</span><span class="p">:</span>
            <span class="n">shutil</span><span class="o">.</span><span class="n">rmtree</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="n">filename</span><span class="p">))</span>
    <span class="c"># pylint: enable=W0221</span>
</div>
<div class="viewcode-block" id="CfgPrivateKeyCreator.Index"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.Index">[docs]</a>    <span class="k">def</span> <span class="nf">Index</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="n">StructFile</span><span class="o">.</span><span class="n">Index</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">HAS_CRYPTO</span><span class="p">:</span>
            <span class="n">strict</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">xdata</span><span class="o">.</span><span class="n">get</span><span class="p">(</span>
                <span class="s">&quot;decrypt&quot;</span><span class="p">,</span>
                <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">CFG_SECTION</span><span class="p">,</span> <span class="s">&quot;decrypt&quot;</span><span class="p">,</span>
                              <span class="n">default</span><span class="o">=</span><span class="s">&quot;strict&quot;</span><span class="p">))</span> <span class="o">==</span> <span class="s">&quot;strict&quot;</span>
            <span class="k">for</span> <span class="n">el</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">xdata</span><span class="o">.</span><span class="n">xpath</span><span class="p">(</span><span class="s">&quot;//*[@encrypted]&quot;</span><span class="p">):</span>
                <span class="k">try</span><span class="p">:</span>
                    <span class="n">el</span><span class="o">.</span><span class="n">text</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_decrypt</span><span class="p">(</span><span class="n">el</span><span class="p">)</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s">&#39;ascii&#39;</span><span class="p">,</span>
                                                       <span class="s">&#39;xmlcharrefreplace&#39;</span><span class="p">)</span>
                <span class="k">except</span> <span class="ne">UnicodeDecodeError</span><span class="p">:</span>
                    <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">&quot;Cfg: Decrypted </span><span class="si">%s</span><span class="s"> to gibberish, skipping&quot;</span>
                                     <span class="o">%</span> <span class="n">el</span><span class="o">.</span><span class="n">tag</span><span class="p">)</span>
                <span class="k">except</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">:</span>
                    <span class="n">msg</span> <span class="o">=</span> <span class="s">&quot;Cfg: Failed to decrypt </span><span class="si">%s</span><span class="s"> element in </span><span class="si">%s</span><span class="s">&quot;</span> <span class="o">%</span> \
                        <span class="p">(</span><span class="n">el</span><span class="o">.</span><span class="n">tag</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">name</span><span class="p">)</span>
                    <span class="k">if</span> <span class="n">strict</span><span class="p">:</span>
                        <span class="k">raise</span> <span class="n">PluginExecutionError</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span>
                    <span class="k">else</span><span class="p">:</span>
                        <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span></div>
    <span class="n">Index</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">Index</span><span class="o">.</span><span class="n">__doc__</span>

    <span class="k">def</span> <span class="nf">_decrypt</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">element</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot; Decrypt a single encrypted element &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="ow">not</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">strip</span><span class="p">():</span>
            <span class="k">return</span>
        <span class="n">passes</span> <span class="o">=</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_passphrases</span><span class="p">(</span><span class="n">SETUP</span><span class="p">)</span>
        <span class="k">try</span><span class="p">:</span>
            <span class="n">passphrase</span> <span class="o">=</span> <span class="n">passes</span><span class="p">[</span><span class="n">element</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&quot;encrypted&quot;</span><span class="p">)]</span>
            <span class="k">try</span><span class="p">:</span>
                <span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">ssl_decrypt</span><span class="p">(</span>
                    <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="p">,</span>
                    <span class="n">passphrase</span><span class="p">,</span>
                    <span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span>
            <span class="k">except</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">:</span>
                <span class="c"># error is raised below</span>
                <span class="k">pass</span>
        <span class="k">except</span> <span class="ne">KeyError</span><span class="p">:</span>
            <span class="c"># bruteforce_decrypt raises an EVPError with a sensible</span>
            <span class="c"># error message, so we just let it propagate up the stack</span>
            <span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">bruteforce_decrypt</span><span class="p">(</span>
                <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="p">,</span>
                <span class="n">passphrases</span><span class="o">=</span><span class="n">passes</span><span class="o">.</span><span class="n">values</span><span class="p">(),</span>
                <span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span>
        <span class="k">raise</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">(</span><span class="s">&quot;Failed to decrypt&quot;</span><span class="p">)</span></div>
</pre></div>

          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../../../../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../../../../../genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="../../../../../py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
	<li><a href="../../../../../index.html">home</a> |&nbsp;</li>
	<!--<li><a href="../../../../../search.html">search</a> |&nbsp;</li>-->
	<li><a href="../../../../../help/index.html">help</a> |&nbsp;</li>
	<li><a href="../../../../../contents.html">documentation </a> &raquo;</li>

          <li><a href="../../../../index.html" >Module code</a> &raquo;</li>
          <li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> &raquo;</li>
          <li><a href="../Cfg.html" >Bcfg2.Server.Plugins.Cfg</a> &raquo;</li> 
      </ul>
    </div>
    <div class="footer">
        &copy; Copyright 2009-2013, Narayan Desai.
      Last updated on Mar 20, 2013.
      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
    </div>
  </body>
</html>