<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../../../../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../../../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../../../../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../../../_static/doctools.js"></script> <script type="text/javascript" src="../../../../../_static/sidebar.js"></script> <link rel="shortcut icon" href="../../../../../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../../../index.html" /> <link rel="up" title="Bcfg2.Server.Plugins.Cfg" href="../Cfg.html" /> <link rel="stylesheet" href="../../../../../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../../../../../index.html"><img src="../../../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../../../../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../../../../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li><a href="../../../../../index.html">home</a> | </li> <!--<li><a href="../../../../../search.html">search</a> | </li>--> <li><a href="../../../../../help/index.html">help</a> | </li> <li><a href="../../../../../contents.html">documentation </a> »</li> <li><a href="../../../../index.html" >Module code</a> »</li> <li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li> <li><a href="../Cfg.html" accesskey="U">Bcfg2.Server.Plugins.Cfg</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <h1>Source code for Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator</h1><div class="highlight"><pre> <span class="sd">""" The CfgPrivateKeyCreator creates SSH keys on the fly. """</span> <span class="kn">import</span> <span class="nn">os</span> <span class="kn">import</span> <span class="nn">shutil</span> <span class="kn">import</span> <span class="nn">tempfile</span> <span class="kn">import</span> <span class="nn">subprocess</span> <span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugin</span> <span class="kn">import</span> <span class="n">PluginExecutionError</span><span class="p">,</span> <span class="n">StructFile</span> <span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg</span> <span class="kn">import</span> <span class="n">CfgCreator</span><span class="p">,</span> <span class="n">CfgCreationError</span><span class="p">,</span> <span class="n">SETUP</span> <span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator</span> <span class="kn">import</span> <span class="n">CfgPublicKeyCreator</span> <span class="k">try</span><span class="p">:</span> <span class="kn">import</span> <span class="nn">Bcfg2.Encryption</span> <span class="n">HAS_CRYPTO</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">except</span> <span class="ne">ImportError</span><span class="p">:</span> <span class="n">HAS_CRYPTO</span> <span class="o">=</span> <span class="bp">False</span> <div class="viewcode-block" id="CfgPrivateKeyCreator"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator">[docs]</a><span class="k">class</span> <span class="nc">CfgPrivateKeyCreator</span><span class="p">(</span><span class="n">CfgCreator</span><span class="p">,</span> <span class="n">StructFile</span><span class="p">):</span> <span class="sd">"""The CfgPrivateKeyCreator creates SSH keys on the fly. """</span> <span class="c">#: Different configurations for different clients/groups can be</span> <span class="c">#: handled with Client and Group tags within privkey.xml</span> <span class="n">__specific__</span> <span class="o">=</span> <span class="bp">False</span> <span class="c">#: Handle XML specifications of private keys</span> <span class="n">__basenames__</span> <span class="o">=</span> <span class="p">[</span><span class="s">'privkey.xml'</span><span class="p">]</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">):</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span> <span class="n">pubkey_path</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">name</span><span class="p">)</span> <span class="o">+</span> <span class="s">".pub"</span> <span class="n">pubkey_name</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">pubkey_path</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">basename</span><span class="p">(</span><span class="n">pubkey_path</span><span class="p">))</span> <span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span> <span class="o">=</span> <span class="n">CfgPublicKeyCreator</span><span class="p">(</span><span class="n">pubkey_name</span><span class="p">)</span> <span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="nd">@property</span> <div class="viewcode-block" id="CfgPrivateKeyCreator.category"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.category">[docs]</a> <span class="k">def</span> <span class="nf">category</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="sd">""" The name of the metadata category that generated keys are</span> <span class="sd"> specific to """</span> <span class="k">if</span> <span class="p">(</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">)</span> <span class="ow">and</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)):</span> <span class="k">return</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> </div> <span class="nd">@property</span> <div class="viewcode-block" id="CfgPrivateKeyCreator.passphrase"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.passphrase">[docs]</a> <span class="k">def</span> <span class="nf">passphrase</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="sd">""" The passphrase used to encrypt private keys """</span> <span class="k">if</span> <span class="p">(</span><span class="n">HAS_CRYPTO</span> <span class="ow">and</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">)</span> <span class="ow">and</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"passphrase"</span><span class="p">)):</span> <span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_passphrases</span><span class="p">(</span><span class="n">SETUP</span><span class="p">)[</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span> <span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"passphrase"</span><span class="p">)]</span> <span class="k">return</span> <span class="bp">None</span> </div> <div class="viewcode-block" id="CfgPrivateKeyCreator.handle_event"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.handle_event">[docs]</a> <span class="k">def</span> <span class="nf">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">):</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">HandleEvent</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span></div> <span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgCreator</span><span class="o">.</span><span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <span class="k">def</span> <span class="nf">_gen_keypair</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="sd">""" Generate a keypair according to the given client medata</span> <span class="sd"> and key specification.</span> <span class="sd"> :param metadata: The client metadata to generate keys for</span> <span class="sd"> :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span> <span class="sd"> :param spec: The key specification to follow when creating the</span> <span class="sd"> keys. This should be an XML document that only</span> <span class="sd"> contains key specification data that applies to</span> <span class="sd"> the given client metadata, and may be obtained by</span> <span class="sd"> doing ``self.XMLMatch(metadata)``</span> <span class="sd"> :type spec: lxml.etree._Element</span> <span class="sd"> :returns: None</span> <span class="sd"> """</span> <span class="k">if</span> <span class="n">spec</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span> <span class="c"># set key parameters</span> <span class="n">ktype</span> <span class="o">=</span> <span class="s">"rsa"</span> <span class="n">bits</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">params</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Params"</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">bits</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"bits"</span><span class="p">)</span> <span class="n">ktype</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"type"</span><span class="p">,</span> <span class="n">ktype</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">passphrase</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Passphrase"</span><span class="p">)</span><span class="o">.</span><span class="n">text</span> <span class="k">except</span> <span class="ne">AttributeError</span><span class="p">:</span> <span class="n">passphrase</span> <span class="o">=</span> <span class="s">''</span> <span class="n">tempdir</span> <span class="o">=</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">mkdtemp</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">filename</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tempdir</span><span class="p">,</span> <span class="s">"privkey"</span><span class="p">)</span> <span class="c"># generate key pair</span> <span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span><span class="s">"ssh-keygen"</span><span class="p">,</span> <span class="s">"-f"</span><span class="p">,</span> <span class="n">filename</span><span class="p">,</span> <span class="s">"-t"</span><span class="p">,</span> <span class="n">ktype</span><span class="p">]</span> <span class="k">if</span> <span class="n">bits</span><span class="p">:</span> <span class="n">cmd</span><span class="o">.</span><span class="n">extend</span><span class="p">([</span><span class="s">"-b"</span><span class="p">,</span> <span class="n">bits</span><span class="p">])</span> <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">"-N"</span><span class="p">)</span> <span class="n">log_cmd</span> <span class="o">=</span> <span class="n">cmd</span><span class="p">[:]</span> <span class="n">cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">passphrase</span><span class="p">)</span> <span class="k">if</span> <span class="n">passphrase</span><span class="p">:</span> <span class="n">log_cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">"******"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">log_cmd</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">"''"</span><span class="p">)</span> <span class="bp">self</span><span class="o">.</span><span class="n">debug_log</span><span class="p">(</span><span class="s">"Cfg: Generating new SSH key pair: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="s">" "</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">log_cmd</span><span class="p">))</span> <span class="n">proc</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">Popen</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span> <span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">)</span> <span class="n">err</span> <span class="o">=</span> <span class="n">proc</span><span class="o">.</span><span class="n">communicate</span><span class="p">()[</span><span class="mi">1</span><span class="p">]</span> <span class="k">if</span> <span class="n">proc</span><span class="o">.</span><span class="n">wait</span><span class="p">():</span> <span class="k">raise</span> <span class="n">CfgCreationError</span><span class="p">(</span><span class="s">"Cfg: Failed to generate SSH key pair "</span> <span class="s">"at </span><span class="si">%s</span><span class="s"> for </span><span class="si">%s</span><span class="s">: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">filename</span><span class="p">,</span> <span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="k">elif</span> <span class="n">err</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: Generated SSH key pair at </span><span class="si">%s</span><span class="s"> for </span><span class="si">%s</span><span class="s"> "</span> <span class="s">"with errors: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">filename</span><span class="p">,</span> <span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="k">return</span> <span class="n">filename</span> <span class="k">except</span><span class="p">:</span> <span class="n">shutil</span><span class="o">.</span><span class="n">rmtree</span><span class="p">(</span><span class="n">tempdir</span><span class="p">)</span> <span class="k">raise</span> <div class="viewcode-block" id="CfgPrivateKeyCreator.get_specificity"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.get_specificity">[docs]</a> <span class="k">def</span> <span class="nf">get_specificity</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="sd">""" Get config settings for key generation specificity</span> <span class="sd"> (per-host or per-group).</span> <span class="sd"> :param metadata: The client metadata to create data for</span> <span class="sd"> :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span> <span class="sd"> :param spec: The key specification to follow when creating the</span> <span class="sd"> keys. This should be an XML document that only</span> <span class="sd"> contains key specification data that applies to</span> <span class="sd"> the given client metadata, and may be obtained by</span> <span class="sd"> doing ``self.XMLMatch(metadata)``</span> <span class="sd"> :type spec: lxml.etree._Element</span> <span class="sd"> :returns: dict - A dict of specificity arguments suitable for</span> <span class="sd"> passing to</span> <span class="sd"> :func:`Bcfg2.Server.Plugins.Cfg.CfgCreator.write_data`</span> <span class="sd"> or</span> <span class="sd"> :func:`Bcfg2.Server.Plugins.Cfg.CfgCreator.get_filename`</span> <span class="sd"> """</span> <span class="k">if</span> <span class="n">spec</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span> <span class="n">category</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"category"</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="s">"category=</span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="n">category</span><span class="p">)</span> <span class="k">if</span> <span class="n">category</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">per_host_default</span> <span class="o">=</span> <span class="s">"true"</span> <span class="k">else</span><span class="p">:</span> <span class="n">per_host_default</span> <span class="o">=</span> <span class="s">"false"</span> <span class="n">per_host</span> <span class="o">=</span> <span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"perhost"</span><span class="p">,</span> <span class="n">per_host_default</span><span class="p">)</span><span class="o">.</span><span class="n">lower</span><span class="p">()</span> <span class="o">==</span> <span class="s">"true"</span> <span class="n">specificity</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">)</span> <span class="k">if</span> <span class="n">category</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">per_host</span><span class="p">:</span> <span class="n">group</span> <span class="o">=</span> <span class="n">metadata</span><span class="o">.</span><span class="n">group_in_category</span><span class="p">(</span><span class="n">category</span><span class="p">)</span> <span class="k">if</span> <span class="n">group</span><span class="p">:</span> <span class="n">specificity</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">(</span><span class="n">group</span><span class="o">=</span><span class="n">group</span><span class="p">,</span> <span class="n">prio</span><span class="o">=</span><span class="nb">int</span><span class="p">(</span><span class="n">spec</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"priority"</span><span class="p">,</span> <span class="mi">50</span><span class="p">)))</span> <span class="k">else</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> has no group in category </span><span class="si">%s</span><span class="s">, "</span> <span class="s">"creating host-specific key"</span> <span class="o">%</span> <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">category</span><span class="p">))</span> <span class="k">return</span> <span class="n">specificity</span> <span class="c"># pylint: disable=W0221</span></div> <div class="viewcode-block" id="CfgPrivateKeyCreator.create_data"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.create_data">[docs]</a> <span class="k">def</span> <span class="nf">create_data</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">entry</span><span class="p">,</span> <span class="n">metadata</span><span class="p">,</span> <span class="n">return_pair</span><span class="o">=</span><span class="bp">False</span><span class="p">):</span> <span class="sd">""" Create data for the given entry on the given client</span> <span class="sd"> :param entry: The abstract entry to create data for. This</span> <span class="sd"> will not be modified</span> <span class="sd"> :type entry: lxml.etree._Element</span> <span class="sd"> :param metadata: The client metadata to create data for</span> <span class="sd"> :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata</span> <span class="sd"> :param return_pair: Return a tuple of ``(public key, private</span> <span class="sd"> key)`` instead of just the private key.</span> <span class="sd"> This is used by</span> <span class="sd"> :class:`Bcfg2.Server.Plugins.Cfg.CfgPublicKeyCreator.CfgPublicKeyCreator`</span> <span class="sd"> to create public keys as requested.</span> <span class="sd"> :type return_pair: bool</span> <span class="sd"> :returns: string - The private key data</span> <span class="sd"> :returns: tuple - Tuple of ``(public key, private key)``, if</span> <span class="sd"> ``return_pair`` is set to True</span> <span class="sd"> """</span> <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span> <span class="n">specificity</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">get_specificity</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="p">)</span> <span class="n">filename</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_gen_keypair</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">spec</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c"># write the public key, stripping the comment and</span> <span class="c"># replacing it with a comment that specifies the filename.</span> <span class="n">kdata</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span> <span class="o">+</span> <span class="s">".pub"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span><span class="o">.</span><span class="n">split</span><span class="p">()[:</span><span class="mi">2</span><span class="p">]</span> <span class="n">kdata</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span><span class="o">.</span><span class="n">get_filename</span><span class="p">(</span><span class="o">**</span><span class="n">specificity</span><span class="p">))</span> <span class="n">pubkey</span> <span class="o">=</span> <span class="s">" "</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">kdata</span><span class="p">)</span> <span class="o">+</span> <span class="s">"</span><span class="se">\n</span><span class="s">"</span> <span class="bp">self</span><span class="o">.</span><span class="n">pubkey_creator</span><span class="o">.</span><span class="n">write_data</span><span class="p">(</span><span class="n">pubkey</span><span class="p">,</span> <span class="o">**</span><span class="n">specificity</span><span class="p">)</span> <span class="c"># encrypt the private key, write to the proper place, and</span> <span class="c"># return it</span> <span class="n">privkey</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">if</span> <span class="n">HAS_CRYPTO</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">passphrase</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">debug_log</span><span class="p">(</span><span class="s">"Cfg: Encrypting key data at </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="n">filename</span><span class="p">)</span> <span class="n">privkey</span> <span class="o">=</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">ssl_encrypt</span><span class="p">(</span> <span class="n">privkey</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">passphrase</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span> <span class="n">specificity</span><span class="p">[</span><span class="s">'ext'</span><span class="p">]</span> <span class="o">=</span> <span class="s">'.crypt'</span> <span class="bp">self</span><span class="o">.</span><span class="n">write_data</span><span class="p">(</span><span class="n">privkey</span><span class="p">,</span> <span class="o">**</span><span class="n">specificity</span><span class="p">)</span> <span class="k">if</span> <span class="n">return_pair</span><span class="p">:</span> <span class="k">return</span> <span class="p">(</span><span class="n">pubkey</span><span class="p">,</span> <span class="n">privkey</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">privkey</span> <span class="k">finally</span><span class="p">:</span> <span class="n">shutil</span><span class="o">.</span><span class="n">rmtree</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="n">filename</span><span class="p">))</span> <span class="c"># pylint: enable=W0221</span> </div> <div class="viewcode-block" id="CfgPrivateKeyCreator.Index"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgPrivateKeyCreator.CfgPrivateKeyCreator.Index">[docs]</a> <span class="k">def</span> <span class="nf">Index</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">Index</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="k">if</span> <span class="n">HAS_CRYPTO</span><span class="p">:</span> <span class="n">strict</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">xdata</span><span class="o">.</span><span class="n">get</span><span class="p">(</span> <span class="s">"decrypt"</span><span class="p">,</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">CFG_SECTION</span><span class="p">,</span> <span class="s">"decrypt"</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="s">"strict"</span><span class="p">))</span> <span class="o">==</span> <span class="s">"strict"</span> <span class="k">for</span> <span class="n">el</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">xdata</span><span class="o">.</span><span class="n">xpath</span><span class="p">(</span><span class="s">"//*[@encrypted]"</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">el</span><span class="o">.</span><span class="n">text</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_decrypt</span><span class="p">(</span><span class="n">el</span><span class="p">)</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s">'ascii'</span><span class="p">,</span> <span class="s">'xmlcharrefreplace'</span><span class="p">)</span> <span class="k">except</span> <span class="ne">UnicodeDecodeError</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Cfg: Decrypted </span><span class="si">%s</span><span class="s"> to gibberish, skipping"</span> <span class="o">%</span> <span class="n">el</span><span class="o">.</span><span class="n">tag</span><span class="p">)</span> <span class="k">except</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">:</span> <span class="n">msg</span> <span class="o">=</span> <span class="s">"Cfg: Failed to decrypt </span><span class="si">%s</span><span class="s"> element in </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> \ <span class="p">(</span><span class="n">el</span><span class="o">.</span><span class="n">tag</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">strict</span><span class="p">:</span> <span class="k">raise</span> <span class="n">PluginExecutionError</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span></div> <span class="n">Index</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">Index</span><span class="o">.</span><span class="n">__doc__</span> <span class="k">def</span> <span class="nf">_decrypt</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">element</span><span class="p">):</span> <span class="sd">""" Decrypt a single encrypted element """</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">strip</span><span class="p">():</span> <span class="k">return</span> <span class="n">passes</span> <span class="o">=</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_passphrases</span><span class="p">(</span><span class="n">SETUP</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">passphrase</span> <span class="o">=</span> <span class="n">passes</span><span class="p">[</span><span class="n">element</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"encrypted"</span><span class="p">)]</span> <span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">ssl_decrypt</span><span class="p">(</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span> <span class="k">except</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">:</span> <span class="c"># error is raised below</span> <span class="k">pass</span> <span class="k">except</span> <span class="ne">KeyError</span><span class="p">:</span> <span class="c"># bruteforce_decrypt raises an EVPError with a sensible</span> <span class="c"># error message, so we just let it propagate up the stack</span> <span class="k">return</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">bruteforce_decrypt</span><span class="p">(</span> <span class="n">element</span><span class="o">.</span><span class="n">text</span><span class="p">,</span> <span class="n">passphrases</span><span class="o">=</span><span class="n">passes</span><span class="o">.</span><span class="n">values</span><span class="p">(),</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">get_algorithm</span><span class="p">(</span><span class="n">SETUP</span><span class="p">))</span> <span class="k">raise</span> <span class="n">Bcfg2</span><span class="o">.</span><span class="n">Encryption</span><span class="o">.</span><span class="n">EVPError</span><span class="p">(</span><span class="s">"Failed to decrypt"</span><span class="p">)</span></div> </pre></div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../../../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../../../../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../../../../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li><a href="../../../../../index.html">home</a> | </li> <!--<li><a href="../../../../../search.html">search</a> | </li>--> <li><a href="../../../../../help/index.html">help</a> | </li> <li><a href="../../../../../contents.html">documentation </a> »</li> <li><a href="../../../../index.html" >Module code</a> »</li> <li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li> <li><a href="../Cfg.html" >Bcfg2.Server.Plugins.Cfg</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>