<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator — Bcfg2 1.3.0 documentation</title>
<link rel="stylesheet" href="../../../../../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../../../../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../../../../',
VERSION: '1.3.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../../../../_static/jquery.js"></script>
<script type="text/javascript" src="../../../../../_static/underscore.js"></script>
<script type="text/javascript" src="../../../../../_static/doctools.js"></script>
<script type="text/javascript" src="../../../../../_static/sidebar.js"></script>
<link rel="shortcut icon" href="../../../../../_static/favicon.ico"/>
<link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../../../index.html" />
<link rel="up" title="Bcfg2.Server.Plugins.Cfg" href="../Cfg.html" />
<link rel="stylesheet" href="../../../../../_static/bcfg2.css" type=""/>
</head>
<body>
<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../../../../index.html"><img src="../../../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../../../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../../../../../index.html">home</a> | </li>
<!--<li><a href="../../../../../search.html">search</a> | </li>-->
<li><a href="../../../../../help/index.html">help</a> | </li>
<li><a href="../../../../../contents.html">documentation </a> »</li>
<li><a href="../../../../index.html" >Module code</a> »</li>
<li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li>
<li><a href="../Cfg.html" accesskey="U">Bcfg2.Server.Plugins.Cfg</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<h1>Source code for Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator</h1><div class="highlight"><pre>
<span class="sd">""" The CfgPrivateKeyCreator creates SSH keys on the fly. """</span>
<span class="kn">import</span> <span class="nn">os</span>
<span class="kn">import</span> <span class="nn">shutil</span>
<span class="kn">import</span> <span class="nn">tempfile</span>
<span class="kn">import</span> <span class="nn">subprocess</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugin</span> <span class="kn">import</span> <span class="n">PluginExecutionError</span><span class="p">,</span> <span class="n">StructFile</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg</span> <span class="kn">import</span> <span class="n">CfgCreator</span><span class="p">,</span> <span class="n">CfgCreationError</span><span class="p">,</span> <span class="n">SETUP</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator</span> <span class="kn">import</span> <span class="n">CfgPublicKeyCreator</span>
<span class="k">try</span><span class="p">:</span>
<span class="kn">import</span> <span class="nn">Bcfg2.Encryption</span>
<span class="n">HAS_CRYPTO</span> <span class="o">=</span> <span class="bp">True</span>
<span class="k">except</span> <span class="ne">ImportError</span><span class="p">:</span>
<span class="n">HAS_CRYPTO</span> <span class="o">=</span> <span class="bp">False</span>
<div class="viewcode-block" id="CfgPrivateKeyCreator"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator">[docs]</a><span class="k">class</span> <span class="nc">CfgPrivateKeyCreator</span><span class="p">(</span><span class="n">CfgCreator</span><span class="p">,</span> <span class="n">StructFile</span><span class="p">):</span>
<span class="sd">"""The CfgPrivateKeyCreator creates SSH keys on the fly. """</span>
<span class="c">#: Different configurations for different clients/groups can be</span>
<span class="c">#: handled with Client and Group tags within privkey.xml</span>
<span class="n">__specific__</span> <span class="o">=</span> <span class="bp">False</span>
<span class="c">#: Handle XML specifications of private keys</span>
<span class="n">__basenames__</span> <span class="o">=</span> <span class="p">[</span><span class="s">'privkey.xml'</span><span class="p">]</span>
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">):</span>
<span class="n">CfgCreator</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span>
<span class="n">StructFile</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span>
<span class="n">pubkey_path</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">name</span><span class="p">)</span> <span class="o">+</span> <span class="s">".pub"</span>
<span class="n">pubkey_name</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">pubkey_path</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">basename</span><span class="p">(</span><span class="n">pubkey_path</span><span class="p">))</span>
<span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span> <span class="o">=</span> <span class="n">CfgPublicKeyCreator</span><span class="p">(</span><span class="n">pubkey_name</span><span class="p">)</span>
<span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span>
<span class="nd">@property</span>
<div class="viewcode-block" id="CfgPrivateKeyCreator.category"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.category">[docs]</a> <span class="k">def</span> <span class="nf">category</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="sd">""" The name of the metadata category that generated keys are</span>
<span class="sd"> specific to """</span>
<span class="k">if</span> <span class="p">(</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">)</span> <span class="ow">and</span>
<span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)):</span>
<span class="k">return</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)</span>
<span class="k">return</span> <span class="bp">None</span>
</div>
<span class="nd">@property</span>
<div class="viewcode-block" id="CfgPrivateKeyCreator.passphrase"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.passphrase">[docs]</a> <span class="k">def</span> <span class="nf">passphrase</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="sd">""" The passphrase used to encrypt private keys """</span>
<span class="k">if</span> <span class="p">(</span><span class="n">HAS_CRYPTO</span> <span class="ow">and</span>
<span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">)</span> <span class="ow">and</span>
<span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"passphrase"</span><span class="p">)):</span>
<span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_passphrases</span><span class="p">(</span><span class="n">SETUP</span><span class="p">)[</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span>
<span class="s">"sshkeys"</span><span class="p">,</span>
<span class="s">"passphrase"</span><span class="p">)]</span>
<span class="k">return</span> <span class="bp">None</span>
</div>
<div class="viewcode-block" id="CfgPrivateKeyCreator.handle_event"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.handle_event">[docs]</a> <span class="k">def</span> <span class="nf">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">):</span>
<span class="n">CfgCreator</span><span class="o">.</span><span class="n">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span>
<span class="n">StructFile</span><span class="o">.</span><span class="n">HandleEvent</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span></div>
<span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span>
<span class="k">def</span> <span class="nf">_gen_keypair</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
<span class="sd">""" Generate a keypair according to the given client medata</span>
<span class="sd"> and key specification.</span>
<span class="sd"> :param metadata: The client metadata to generate keys for</span>
<span class="sd"> :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span>
<span class="sd"> :param spec: The key specification to follow when creating the</span>
<span class="sd"> keys. This should be an XML document that only</span>
<span class="sd"> contains key specification data that applies to</span>
<span class="sd"> the given client metadata, and may be obtained by</span>
<span class="sd"> doing ``self.XMLMatch(metadata)``</span>
<span class="sd"> :type spec: lxml.etree._Element</span>
<span class="sd"> :returns: None</span>
<span class="sd"> """</span>
<span class="k">if</span> <span class="n">spec</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
<span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>
<span class="c"># set key parameters</span>
<span class="n">ktype</span> <span class="o">=</span> <span class="s">"rsa"</span>
<span class="n">bits</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">params</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Params"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">params</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span>
<span class="n">bits</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"bits"</span><span class="p">)</span>
<span class="n">ktype</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"type"</span><span class="p">,</span> <span class="n">ktype</span><span class="p">)</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">passphrase</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Passphrase"</span><span class="p">)</span><span class="o">.</span><span class="n">text</span>
<span class="k">except</span> <span class="ne">AttributeError</span><span class="p">:</span>
<span class="n">passphrase</span> <span class="o">=</span> <span class="s">''</span>
<span class="n">tempdir</span> <span class="o">=</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">mkdtemp</span><span class="p">()</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">filename</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tempdir</span><span class="p">,</span> <span class="s">"privkey"</span><span class="p">)</span>
<span class="c"># generate key pair</span>
<span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span><span class="s">"ssh-keygen"</span><span class="p">,</span> <span class="s">"-f"</span><span class="p">,</span> <span class="n">filename</span><span class="p">,</span> <span class="s">"-t"</span><span class="p">,</span> <span class="n">ktype</span><span class="p">]</span>
<span class="k">if</span> <span class="n">bits</span><span class="p">:</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">extend</span><span class="p">([</span><span class="s">"-b"</span><span class="p">,</span> <span class="n">bits</span><span class="p">])</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">"-N"</span><span class="p">)</span>
<span class="n">log_cmd</span> <span class="o">=</span> <span class="n">cmd</span><span class="p">[:]</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">passphrase</span><span class="p">)</span>
<span class="k">if</span> <span class="n">passphrase</span><span class="p">:</span>
<span class="n">log_cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">"******"</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">log_cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">"''"</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">debug_log</span><span class="p">(</span><span class="s">"Cfg: Generating new SSH key pair: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span>
<span class="s">" "</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">log_cmd</span><span class="p">))</span>
<span class="n">proc</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">Popen</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span>
<span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">)</span>
<span class="n">err</span> <span class="o">=</span> <span class="n">proc</span><span class="o">.</span><span class="n">communicate</span><span class="p">()[</span><span class="mi">1</span><span class="p">]</span>
<span class="k">if</span> <span class="n">proc</span><span class="o">.</span><span class="n">wait</span><span class="p">():</span>
<span class="k">raise</span> <span class="n">CfgCreationError</span><span class="p">(</span><span class="s">"Cfg: Failed to generate SSH key pair "</span>
<span class="s">"at </span><span class="si">%s</span><span class="s"> for </span><span class="si">%s</span><span class="s">: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span>
<span class="p">(</span><span class="n">filename</span><span class="p">,</span> <span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span>
<span class="k">elif</span> <span class="n">err</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: Generated SSH key pair at </span><span class="si">%s</span><span class="s"> for </span><span class="si">%s</span><span class="s"> "</span>
<span class="s">"with errors: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">filename</span><span class="p">,</span>
<span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span>
<span class="n">err</span><span class="p">))</span>
<span class="k">return</span> <span class="n">filename</span>
<span class="k">except</span><span class="p">:</span>
<span class="n">shutil</span><span class="o">.</span><span class="n">rmtree</span><span class="p">(</span><span class="n">tempdir</span><span class="p">)</span>
<span class="k">raise</span>
<div class="viewcode-block" id="CfgPrivateKeyCreator.get_specificity"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.get_specificity">[docs]</a> <span class="k">def</span> <span class="nf">get_specificity</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
<span class="sd">""" Get config settings for key generation specificity</span>
<span class="sd"> (per-host or per-group).</span>
<span class="sd"> :param metadata: The client metadata to create data for</span>
<span class="sd"> :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span>
<span class="sd"> :param spec: The key specification to follow when creating the</span>
<span class="sd"> keys. This should be an XML document that only</span>
<span class="sd"> contains key specification data that applies to</span>
<span class="sd"> the given client metadata, and may be obtained by</span>
<span class="sd"> doing ``self.XMLMatch(metadata)``</span>
<span class="sd"> :type spec: lxml.etree._Element</span>
<span class="sd"> :returns: dict - A dict of specificity arguments suitable for</span>
<span class="sd"> passing to</span>
<span class="sd"> :func:`Bcfg2.Server.Plugins.Cfg.CfgCreator.write_data`</span>
<span class="sd"> or</span>
<span class="sd"> :func:`Bcfg2.Server.Plugins.Cfg.CfgCreator.get_filename`</span>
<span class="sd"> """</span>
<span class="k">if</span> <span class="n">spec</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
<span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>
<span class="n">category</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"category"</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s">"category=</span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="n">category</span><span class="p">)</span>
<span class="k">if</span> <span class="n">category</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
<span class="n">per_host_default</span> <span class="o">=</span> <span class="s">"true"</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">per_host_default</span> <span class="o">=</span> <span class="s">"false"</span>
<span class="n">per_host</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"perhost"</span><span class="p">,</span> <span class="n">per_host_default</span><span class="p">)</span><span class="o">.</span><span class="n">lower</span><span class="p">()</span> <span class="o">==</span> <span class="s">"true"</span>
<span class="n">specificity</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">)</span>
<span class="k">if</span> <span class="n">category</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">per_host</span><span class="p">:</span>
<span class="n">group</span> <span class="o">=</span> <span class="n">metadata</span><span class="o">.</span><span class="n">group_in_category</span><span class="p">(</span><span class="n">category</span><span class="p">)</span>
<span class="k">if</span> <span class="n">group</span><span class="p">:</span>
<span class="n">specificity</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">(</span><span class="n">group</span><span class="o">=</span><span class="n">group</span><span class="p">,</span>
<span class="n">prio</span><span class="o">=</span><span class="nb">int</span><span class="p">(</span><span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"priority"</span><span class="p">,</span> <span class="mi">50</span><span class="p">)))</span>
<span class="k">else</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> has no group in category </span><span class="si">%s</span><span class="s">, "</span>
<span class="s">"creating host-specific key"</span> <span class="o">%</span>
<span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">category</span><span class="p">))</span>
<span class="k">return</span> <span class="n">specificity</span>
<span class="c"># pylint: disable=W0221</span></div>
<div class="viewcode-block" id="CfgPrivateKeyCreator.create_data"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.create_data">[docs]</a> <span class="k">def</span> <span class="nf">create_data</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">entry</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">return_pair</span><span class="o">=</span><span class="bp">False</span><span class="p">):</span>
<span class="sd">""" Create data for the given entry on the given client</span>
<span class="sd"> :param entry: The abstract entry to create data for. This</span>
<span class="sd"> will not be modified</span>
<span class="sd"> :type entry: lxml.etree._Element</span>
<span class="sd"> :param metadata: The client metadata to create data for</span>
<span class="sd"> :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span>
<span class="sd"> :param return_pair: Return a tuple of ``(public key, private</span>
<span class="sd"> key)`` instead of just the private key.</span>
<span class="sd"> This is used by</span>
<span class="sd"> :class:`Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator.CfgPublicKeyCreator`</span>
<span class="sd"> to create public keys as requested.</span>
<span class="sd"> :type return_pair: bool</span>
<span class="sd"> :returns: string - The private key data</span>
<span class="sd"> :returns: tuple - Tuple of ``(public key, private key)``, if</span>
<span class="sd"> ``return_pair`` is set to True</span>
<span class="sd"> """</span>
<span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>
<span class="n">specificity</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">get_specificity</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="p">)</span>
<span class="n">filename</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_gen_keypair</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="p">)</span>
<span class="k">try</span><span class="p">:</span>
<span class="c"># write the public key, stripping the comment and</span>
<span class="c"># replacing it with a comment that specifies the filename.</span>
<span class="n">kdata</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span> <span class="o">+</span> <span class="s">".pub"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span><span class="o">.</span><span class="n">split</span><span class="p">()[:</span><span class="mi">2</span><span class="p">]</span>
<span class="n">kdata</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span><span class="o">.</span><span class="n">get_filename</span><span class="p">(</span><span class="o">**</span><span class="n">specificity</span><span class="p">))</span>
<span class="n">pubkey</span> <span class="o">=</span> <span class="s">" "</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">kdata</span><span class="p">)</span> <span class="o">+</span> <span class="s">"</span><span class="se">\n</span><span class="s">"</span>
<span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span><span class="o">.</span><span class="n">write_data</span><span class="p">(</span><span class="n">pubkey</span><span class="p">,</span> <span class="o">**</span><span class="n">specificity</span><span class="p">)</span>
<span class="c"># encrypt the private key, write to the proper place, and</span>
<span class="c"># return it</span>
<span class="n">privkey</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span>
<span class="k">if</span> <span class="n">HAS_CRYPTO</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">passphrase</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">debug_log</span><span class="p">(</span><span class="s">"Cfg: Encrypting key data at </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="n">filename</span><span class="p">)</span>
<span class="n">privkey</span> <span class="o">=</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">ssl_encrypt</span><span class="p">(</span>
<span class="n">privkey</span><span class="p">,</span>
<span class="bp">self</span><span class="o">.</span><span class="n">passphrase</span><span class="p">,</span>
<span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span>
<span class="n">specificity</span><span class="p">[</span><span class="s">'ext'</span><span class="p">]</span> <span class="o">=</span> <span class="s">'.crypt'</span>
<span class="bp">self</span><span class="o">.</span><span class="n">write_data</span><span class="p">(</span><span class="n">privkey</span><span class="p">,</span> <span class="o">**</span><span class="n">specificity</span><span class="p">)</span>
<span class="k">if</span> <span class="n">return_pair</span><span class="p">:</span>
<span class="k">return</span> <span class="p">(</span><span class="n">pubkey</span><span class="p">,</span> <span class="n">privkey</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="n">privkey</span>
<span class="k">finally</span><span class="p">:</span>
<span class="n">shutil</span><span class="o">.</span><span class="n">rmtree</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="n">filename</span><span class="p">))</span>
<span class="c"># pylint: enable=W0221</span>
</div>
<div class="viewcode-block" id="CfgPrivateKeyCreator.Index"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.Index">[docs]</a> <span class="k">def</span> <span class="nf">Index</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="n">StructFile</span><span class="o">.</span><span class="n">Index</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span>
<span class="k">if</span> <span class="n">HAS_CRYPTO</span><span class="p">:</span>
<span class="n">strict</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">xdata</span><span class="o">.</span><span class="n">get</span><span class="p">(</span>
<span class="s">"decrypt"</span><span class="p">,</span>
<span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">CFG_SECTION</span><span class="p">,</span> <span class="s">"decrypt"</span><span class="p">,</span>
<span class="n">default</span><span class="o">=</span><span class="s">"strict"</span><span class="p">))</span> <span class="o">==</span> <span class="s">"strict"</span>
<span class="k">for</span> <span class="n">el</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">xdata</span><span class="o">.</span><span class="n">xpath</span><span class="p">(</span><span class="s">"//*[@encrypted]"</span><span class="p">):</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">el</span><span class="o">.</span><span class="n">text</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_decrypt</span><span class="p">(</span><span class="n">el</span><span class="p">)</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s">'ascii'</span><span class="p">,</span>
<span class="s">'xmlcharrefreplace'</span><span class="p">)</span>
<span class="k">except</span> <span class="ne">UnicodeDecodeError</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Cfg: Decrypted </span><span class="si">%s</span><span class="s"> to gibberish, skipping"</span>
<span class="o">%</span> <span class="n">el</span><span class="o">.</span><span class="n">tag</span><span class="p">)</span>
<span class="k">except</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">:</span>
<span class="n">msg</span> <span class="o">=</span> <span class="s">"Cfg: Failed to decrypt </span><span class="si">%s</span><span class="s"> element in </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> \
<span class="p">(</span><span class="n">el</span><span class="o">.</span><span class="n">tag</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">name</span><span class="p">)</span>
<span class="k">if</span> <span class="n">strict</span><span class="p">:</span>
<span class="k">raise</span> <span class="n">PluginExecutionError</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span></div>
<span class="n">Index</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">Index</span><span class="o">.</span><span class="n">__doc__</span>
<span class="k">def</span> <span class="nf">_decrypt</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">element</span><span class="p">):</span>
<span class="sd">""" Decrypt a single encrypted element """</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">strip</span><span class="p">():</span>
<span class="k">return</span>
<span class="n">passes</span> <span class="o">=</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_passphrases</span><span class="p">(</span><span class="n">SETUP</span><span class="p">)</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">passphrase</span> <span class="o">=</span> <span class="n">passes</span><span class="p">[</span><span class="n">element</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"encrypted"</span><span class="p">)]</span>
<span class="k">try</span><span class="p">:</span>
<span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">ssl_decrypt</span><span class="p">(</span>
<span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="p">,</span>
<span class="n">passphrase</span><span class="p">,</span>
<span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span>
<span class="k">except</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">:</span>
<span class="c"># error is raised below</span>
<span class="k">pass</span>
<span class="k">except</span> <span class="ne">KeyError</span><span class="p">:</span>
<span class="c"># bruteforce_decrypt raises an EVPError with a sensible</span>
<span class="c"># error message, so we just let it propagate up the stack</span>
<span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">bruteforce_decrypt</span><span class="p">(</span>
<span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="p">,</span>
<span class="n">passphrases</span><span class="o">=</span><span class="n">passes</span><span class="o">.</span><span class="n">values</span><span class="p">(),</span>
<span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span>
<span class="k">raise</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">(</span><span class="s">"Failed to decrypt"</span><span class="p">)</span></div>
</pre></div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../../../../../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../../../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../../../../../index.html">home</a> | </li>
<!--<li><a href="../../../../../search.html">search</a> | </li>-->
<li><a href="../../../../../help/index.html">help</a> | </li>
<li><a href="../../../../../contents.html">documentation </a> »</li>
<li><a href="../../../../index.html" >Module code</a> »</li>
<li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li>
<li><a href="../Cfg.html" >Bcfg2.Server.Plugins.Cfg</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009-2013, Narayan Desai.
Last updated on Mar 20, 2013.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
47
