def rename_key(current_key_id, new_key_id, keys_folder=None):
"""
"""
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if current_key_id not in known_keys():
lg.warn('key %s is not found' % current_key_id)
return False
if key_obj(current_key_id).isPublic():
current_key_filepath = os.path.join(keys_folder, current_key_id + '.public')
new_key_filepath = os.path.join(keys_folder, new_key_id + '.public')
is_private = False
else:
current_key_filepath = os.path.join(keys_folder, current_key_id + '.private')
new_key_filepath = os.path.join(keys_folder, new_key_id + '.private')
is_private = True
try:
os.rename(current_key_filepath, new_key_filepath)
except:
lg.exc()
return False
key_object = known_keys().pop(current_key_id)
known_keys()[new_key_id] = key_object
gc.collect()
if _Debug:
lg.out(_DebugLevel, 'my_keys.rename_key key %s renamed to %s' % (current_key_id, new_key_id, ))
lg.out(_DebugLevel, ' file %s renamed to %s' % (current_key_filepath, new_key_filepath, ))
events.send('key-renamed', data=dict(old_key_id=current_key_id, new_key_id=new_key_id, is_private=is_private))
return True
def sign_key(key_id, keys_folder=None):
key_id = latest_key_id(strng.to_text(key_id))
if key_id not in known_keys():
lg.warn('key %s is not found' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
key_object = known_keys()[key_id]
signed_key_info = make_key_info(key_object,
key_id=key_id,
include_private=True,
sign_key=True)
key_object.signed = (
signed_key_info['signature'],
signed_key_info['signature_pubkey'],
)
known_keys()[key_id] = key_object
save_key(key_id, keys_folder=keys_folder)
events.send('key-signed',
data=dict(
key_id=key_id,
label=key_object.label,
key_size=key_object.size(),
))
return key_object
def register_key(key_id, key_object_or_string, label='', keys_folder=None):
"""
"""
if key_id in known_keys():
lg.warn('key %s already exists' % key_id)
return None
if not label:
label = 'key%s' % utime.make_timestamp()
if strng.is_string(key_object_or_string):
if _Debug:
lg.out(_DebugLevel, 'my_keys.register_key %s from %d bytes openssh_input_string' % (
key_id, len(key_object_or_string)))
key_object = unserialize_key_to_object(key_object_or_string)
if not key_object:
lg.warn('invalid openssh string, unserialize_key_to_object() failed')
return None
else:
if _Debug:
lg.out(_DebugLevel, 'my_keys.register_key %s from object' % key_id)
key_object = key_object_or_string
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %s added' % key_id)
if not keys_folder:
keys_folder = settings.KeyStoreDir()
save_key(key_id, keys_folder=keys_folder)
events.send('key-registered', data=dict(key_id=key_id, label=label, key_size=key_object.size(), ))
return key_object
def read_key_file(key_id, keys_folder=None):
if not keys_folder:
keys_folder = settings.KeyStoreDir()
key_filepath = os.path.join(keys_folder, '%s.private' % key_id)
is_private = True
if not os.path.exists(key_filepath):
key_filepath = os.path.join(keys_folder, '%s.public' % key_id)
is_private = False
key_raw = local_fs.ReadTextFile(key_filepath)
if not key_raw:
lg.warn('failed reading key from %r' % key_filepath)
return None
key_raw_strip = key_raw.strip()
try:
if key_raw_strip.startswith('{') and key_raw_strip.endswith('}'):
key_dict = jsn.loads_text(key_raw_strip)
else:
key_dict = {
'label': key_id,
'is_private': is_private,
'body': key_raw_strip,
'local_key_id': None,
'need_to_convert': True,
}
except:
lg.exc()
return None
return key_dict
def register_key(key_id, key_object_or_string, keys_folder=None):
"""
"""
if key_id in known_keys():
lg.warn('key %s already exists' % key_id)
return None
if isinstance(key_object_or_string, six.string_types):
lg.out(
4, 'my_keys.register_key %s from %d bytes openssh_input_string' %
(key_id, len(key_object_or_string)))
key_object = unserialize_key_to_object(key_object_or_string)
if not key_object:
lg.warn(
'invalid openssh string, unserialize_key_to_object() failed')
return None
else:
lg.out(4, 'my_keys.register_key %s from object' % key_id)
key_object = key_object_or_string
known_keys()[key_id] = key_object
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if key_object.isPublic():
key_string = key_object.toPublicString()
key_filepath = os.path.join(keys_folder, key_id + '.public')
bpio.WriteTextFile(key_filepath, key_string)
else:
key_string = key_object.toPrivateString()
key_filepath = os.path.join(keys_folder, key_id + '.private')
bpio.WriteTextFile(key_filepath, key_string)
if _Debug:
lg.out(_DebugLevel,
' key %s added, saved to %s' % (key_id, key_filepath))
return key_filepath
def load_local_keys(keys_folder=None):
"""
"""
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if _Debug:
lg.out(_DebugLevel,
'my_keys.load_local_keys will read files from %s' % keys_folder)
known_keys().clear()
count = 0
for key_filename in os.listdir(keys_folder):
key_filepath = os.path.join(keys_folder, key_filename)
try:
key_object = rsa_key.RSAKey()
key_object.fromFile(key_filepath)
except:
lg.exc()
continue
if not key_object.isPublic():
if not validate_key(key_object):
lg.warn('validation failed for %s' % key_filepath)
continue
key_id = key_filename.replace('.private', '').replace('.public', '')
if not is_valid_key_id(key_id):
lg.warn('key_id is not valid: %s' % key_id)
continue
known_keys()[key_id] = key_object
count += 1
if _Debug:
lg.out(_DebugLevel, ' %d keys loaded' % count)
def generate_key(key_id,
key_size=4096,
keys_folder=None,
output_type='openssh'):
"""
"""
if key_id in known_keys():
lg.warn('key "%s" already exists' % key_id)
return None
lg.out(4, 'my_keys.generate_key "%s" of %d bits' % (key_id, key_size))
rsa_key = RSA.generate(key_size, os.urandom)
key_object = keys.Key(rsa_key)
known_keys()[key_id] = key_object
if not keys_folder:
keys_folder = settings.KeyStoreDir()
key_string = key_object.toString(output_type)
if key_object.isPublic():
key_filepath = os.path.join(keys_folder, key_id + '.public')
else:
key_filepath = os.path.join(keys_folder, key_id + '.private')
bpio.WriteFile(key_filepath, key_string)
if _Debug:
lg.out(_DebugLevel,
' key %s generated, saved to %s' % (key_id, key_filepath))
return key_object
def save_key(key_id, keys_folder=None):
"""
"""
key_object = known_keys()[key_id]
if key_object is None:
lg.warn('can not save key %s because it is not loaded yet' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if key_object.isPublic():
key_filepath = os.path.join(keys_folder, key_id + '.public')
key_dict = key_object.toDict(include_private=False)
key_string = jsn.dumps(key_dict, indent=1, separators=(',', ':'))
else:
key_filepath = os.path.join(keys_folder, key_id + '.private')
key_dict = key_object.toDict(include_private=True)
key_string = jsn.dumps(key_dict, indent=1, separators=(',', ':'))
if not bpio.WriteTextFile(key_filepath, key_string):
lg.warn('failed saving key %r to %r' % (
key_id,
key_filepath,
))
return False
if _Debug:
lg.out(
_DebugLevel, 'my_keys.save_key stored key %r locally in %r' % (
key_id,
key_filepath,
))
return True
def generate_key(key_id, label='', key_size=4096, keys_folder=None):
"""
"""
if key_id in known_keys():
lg.warn('key "%s" already exists' % key_id)
return None
if not label:
label = 'key%s' % utime.make_timestamp()
if _Debug:
lg.out(
_DebugLevel, 'my_keys.generate_key "%s" of %d bits, label=%r' %
(key_id, key_size, label))
key_object = rsa_key.RSAKey()
key_object.generate(key_size)
key_object.label = label
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %s generated' % key_id)
if not keys_folder:
keys_folder = settings.KeyStoreDir()
save_key(key_id, keys_folder=keys_folder)
events.send('key-generated',
data=dict(
key_id=key_id,
label=label,
key_size=key_size,
))
return key_object
def erase_key(key_id, keys_folder=None):
"""
"""
if key_id not in known_keys():
lg.warn('key %s is not found' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if key_obj(key_id).isPublic():
key_filepath = os.path.join(keys_folder, key_id + '.public')
is_private = False
else:
key_filepath = os.path.join(keys_folder, key_id + '.private')
is_private = True
try:
os.remove(key_filepath)
except:
lg.exc()
return False
known_keys().pop(key_id)
gc.collect()
if _Debug:
lg.out(_DebugLevel,
' key %s removed, file %s deleted' % (key_id, key_filepath))
events.send('key-erased', data=dict(key_id=key_id, is_private=is_private))
return True
def do_restore_key(key_id, is_private, keys_folder=None, wait_result=False):
"""
Restore given key from my suppliers if I do not have it locally.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.do_restore_key key_id=%r is_private=%r' % (key_id, is_private, ))
if my_keys.is_key_registered(key_id):
lg.err('local key already exist: "%s"' % key_id)
if wait_result:
return fail(Exception('local key already exist: "%s"' % key_id))
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if is_private:
remote_path_for_key = '.keys/%s.private' % key_id
else:
remote_path_for_key = '.keys/%s.public' % key_id
global_key_path = global_id.MakeGlobalID(
key_alias='master', customer=my_id.getGlobalID(), path=remote_path_for_key)
ret = api.file_download_start(
remote_path=global_key_path,
destination_path=keys_folder,
wait_result=True,
open_share=False,
)
if not isinstance(ret, Deferred):
lg.err('failed to download key "%s": %s' % (key_id, ret))
if wait_result:
return fail(Exception('failed to download key "%s": %s' % (key_id, ret)))
return False
result = Deferred()
def _on_result(res):
if not isinstance(res, dict):
lg.err('failed to download key "%s": %s' % (key_id, res))
if wait_result:
result.errback(Exception('failed to download key "%s": %s' % (key_id, res)))
return None
if res['status'] != 'OK':
lg.err('failed to download key "%s": %r' % (key_id, res))
if wait_result:
result.errback(Exception('failed to download key "%s": %r' % (key_id, res)))
return None
if not my_keys.load_key(key_id, keys_folder):
lg.err('failed to read key "%s" from local folder "%s"' % (key_id, keys_folder))
if wait_result:
result.errback(Exception('failed to read key "%s" from local folder "%s"' % (key_id, keys_folder)))
return None
if _Debug:
lg.out(_DebugLevel, 'key_ring.do_restore_key._on_result key_id=%s is_private=%r : %r' % (key_id, is_private, res))
if wait_result:
result.callback(res)
return None
ret.addBoth(_on_result)
if not wait_result:
return True
return result
def scan_local_keys(keys_folder=None):
global _LatestLocalKeyID
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if _Debug:
lg.out(_DebugLevel,
'my_keys.scan_local_keys will read files from %r' % keys_folder)
latest_local_key_id_filepath = os.path.join(keys_folder,
'latest_local_key_id')
latest_local_key_id_src = local_fs.ReadTextFile(
latest_local_key_id_filepath)
if latest_local_key_id_src:
_LatestLocalKeyID = int(latest_local_key_id_src)
else:
_LatestLocalKeyID = 0
known_keys().clear()
local_keys().clear()
local_keys_index().clear()
count = 0
unregistered_keys = []
for key_filename in os.listdir(keys_folder):
if key_filename == 'latest_local_key_id':
continue
key_id = key_filename.replace('.private', '').replace('.public', '')
if not is_valid_key_id(key_id):
lg.warn('key_id is not valid: %r' % key_id)
continue
key_dict = read_key_file(key_id, keys_folder=keys_folder)
local_key_id = key_dict.get('local_key_id')
if local_key_id is None:
key_dict['key_id'] = key_id
unregistered_keys.append(key_dict)
continue
if _LatestLocalKeyID < local_key_id:
_LatestLocalKeyID = local_key_id
local_keys()[local_key_id] = key_id
known_keys()[key_id] = None
count += 1
registered_count = 0
for key_dict in unregistered_keys:
key_id = key_dict['key_id']
if not load_key(key_id, keys_folder=keys_folder):
continue
_LatestLocalKeyID += 1
new_local_key_id = _LatestLocalKeyID
lg.warn('about to register key %r with local_key_id=%r' % (
key_id,
new_local_key_id,
))
known_keys()[key_id].local_key_id = new_local_key_id
save_key(key_id, keys_folder=keys_folder)
registered_count += 1
unregistered_keys = []
save_latest_local_key_id(keys_folder=keys_folder)
if _Debug:
lg.out(
_DebugLevel, ' %d keys found and %d registered' % (
count,
registered_count,
))
def load_key(key_id, keys_folder=None):
"""
"""
if not is_valid_key_id(key_id):
lg.warn('key_id is not valid: %s' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
key_filepath = os.path.join(keys_folder, '%s.private' % key_id)
is_private = True
if not os.path.exists(key_filepath):
key_filepath = os.path.join(keys_folder, '%s.public' % key_id)
is_private = False
key_raw = local_fs.ReadTextFile(key_filepath)
if not key_raw:
lg.warn('failed reading key from %r' % key_filepath)
return False
key_raw_strip = key_raw.strip()
need_to_convert = False
try:
if key_raw_strip.startswith('{') and key_raw_strip.endswith('}'):
key_dict = jsn.loads_text(key_raw_strip)
else:
key_dict = {
'label': key_id,
'body': key_raw_strip,
}
need_to_convert = True
except:
lg.exc()
return False
try:
key_object = rsa_key.RSAKey()
key_object.fromDict(key_dict)
except:
lg.exc()
return False
if not key_object.isPublic():
if not validate_key(key_object):
lg.warn('validation failed for %s' % key_filepath)
return False
known_keys()[key_id] = key_object
if _Debug:
lg.out(
_DebugLevel,
'my_keys.load_key %r label=%r is_private=%r from %s' % (
key_id,
key_object.label,
is_private,
keys_folder,
))
if need_to_convert:
save_key(key_id, keys_folder=keys_folder)
lg.info('key %r format converted to JSON' % key_id)
return True
def save_latest_local_key_id(keys_folder=None):
global _LatestLocalKeyID
if not keys_folder:
keys_folder = settings.KeyStoreDir()
latest_local_key_id_filepath = os.path.join(keys_folder,
'latest_local_key_id')
if not bpio.WriteTextFile(latest_local_key_id_filepath,
'{}'.format(_LatestLocalKeyID)):
lg.warn('failed saving latest_local_key_id to %r' %
latest_local_key_id_filepath)
return False
return True
def sign_key(key_id, keys_folder=None, ignore_shared_keys=False, save=True):
key_id = latest_key_id(strng.to_text(key_id))
if not is_key_registered(key_id):
lg.warn('key %s is not found' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
key_object = known_keys()[key_id]
if key_object.signed:
if key_object.signed[1] != key.MyPublicKey():
if ignore_shared_keys:
if _Debug:
lg.dbg(
_DebugLevel,
'skip generating signature for shared key: %r' %
key_id)
return True
raise Exception(
'must not generate and overwrite existing signature for shared key: %r'
% key_id)
signed_key_info = make_key_info(
key_object=key_object,
key_id=key_id,
include_private=not key_object.isPublic(),
generate_signature=True,
)
key_object.signed = (
signed_key_info['signature'],
signed_key_info['signature_pubkey'],
)
known_keys()[key_id] = key_object
if save:
save_key(key_id, keys_folder=keys_folder)
events.send('key-signed',
data=dict(
key_id=key_id,
label=key_object.label,
key_size=key_object.size(),
))
listeners.push_snapshot('key',
snap_id=key_id,
data=make_key_info(
key_object=key_object,
key_id=key_id,
event='key-signed',
include_private=False,
include_local_id=True,
include_signature=True,
include_label=True,
))
return key_object
def save_keys_local(keys_folder=None):
"""
"""
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if _Debug:
lg.out(_DebugLevel, 'my_keys.save_keys_local will store all known keys in %s' % keys_folder)
count = 0
for key_id in known_keys().keys():
if save_key(key_id, keys_folder=keys_folder):
count += 1
if _Debug:
lg.out(_DebugLevel, ' %d keys saved' % count)
return count
def load_local_keys(keys_folder=None):
"""
"""
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if _Debug:
lg.out(_DebugLevel,
'my_keys.load_local_keys will read files from %s' % keys_folder)
known_keys().clear()
count = 0
for key_filename in os.listdir(keys_folder):
key_filepath = os.path.join(keys_folder, key_filename)
key_id = key_filename.replace('.private', '').replace('.public', '')
if not is_valid_key_id(key_id):
lg.warn('key_id is not valid: %s' % key_id)
continue
key_raw = local_fs.ReadTextFile(key_filepath)
if not key_raw:
lg.warn('failed reading key from %r' % key_filepath)
continue
key_raw_strip = key_raw.strip()
try:
if key_raw_strip.startswith('{') and key_raw_strip.endswith('}'):
key_dict = jsn.loads_text(key_raw_strip)
else:
key_dict = {
'label': key_id,
'body': key_raw_strip,
}
except:
lg.exc()
continue
try:
key_object = rsa_key.RSAKey()
key_object.fromDict(key_dict)
except:
lg.exc()
continue
if not key_object.isPublic():
if not validate_key(key_object):
lg.warn('validation failed for %s' % key_filepath)
continue
known_keys()[key_id] = key_object
count += 1
if _Debug:
lg.out(_DebugLevel, ' %d keys loaded' % count)
return count
def scan_local_keys(keys_folder=None):
"""
"""
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if _Debug:
lg.out(_DebugLevel, 'my_keys.scan_local_keys will read files from %s' % keys_folder)
known_keys().clear()
count = 0
for key_filename in os.listdir(keys_folder):
key_id = key_filename.replace('.private', '').replace('.public', '')
if not is_valid_key_id(key_id):
lg.warn('key_id is not valid: %s' % key_id)
continue
known_keys()[key_id] = None
count += 1
if _Debug:
lg.out(_DebugLevel, ' %d keys found' % count)
def generate_key(key_id, key_size=4096, keys_folder=None):
"""
"""
if key_id in known_keys():
lg.warn('key "%s" already exists' % key_id)
return None
lg.out(4, 'my_keys.generate_key "%s" of %d bits' % (key_id, key_size))
key_object = rsa_key.RSAKey()
key_object.generate(key_size)
known_keys()[key_id] = key_object
if not keys_folder:
keys_folder = settings.KeyStoreDir()
key_string = key_object.toPrivateString()
key_filepath = os.path.join(keys_folder, key_id + '.private')
bpio.WriteTextFile(key_filepath, key_string)
if _Debug:
lg.out(_DebugLevel,
' key %s generated, saved to %s' % (key_id, key_filepath))
return key_object
def generate_key(key_id, label='', key_size=4096, keys_folder=None):
global _LatestLocalKeyID
key_id = latest_key_id(key_id)
if is_key_registered(key_id):
lg.warn('key %r already registered' % key_id)
return None
if not label:
label = 'key%s' % utime.make_timestamp()
if _Debug:
lg.out(
_DebugLevel, 'my_keys.generate_key %r of %d bits, label=%r' %
(key_id, key_size, label))
_LatestLocalKeyID += 1
save_latest_local_key_id(keys_folder=keys_folder)
key_object = rsa_key.RSAKey()
key_object.generate(key_size)
key_object.label = label
key_object.local_key_id = _LatestLocalKeyID
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %r generated' % key_id)
if not keys_folder:
keys_folder = settings.KeyStoreDir()
save_key(key_id, keys_folder=keys_folder)
events.send('key-generated',
data=dict(
key_id=key_id,
label=label,
key_size=key_size,
))
listeners.push_snapshot('key',
snap_id=key_id,
data=make_key_info(
key_object=key_object,
key_id=key_id,
event='key-generated',
include_private=False,
include_local_id=True,
include_signature=True,
include_label=True,
))
return key_object
def save_keys_local(keys_folder=None):
"""
"""
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if _Debug:
lg.out(
_DebugLevel,
'my_keys.save_keys_local will store all known keys in %s' %
keys_folder)
count = 0
for key_id, key_object in known_keys().items():
if key_object.isPublic():
key_filepath = os.path.join(keys_folder, key_id + '.public')
else:
key_filepath = os.path.join(keys_folder, key_id + '.private')
key_string = key_object.toPrivateString()
bpio.WriteTextFile(key_filepath, key_string)
count += 1
if _Debug:
lg.out(_DebugLevel, ' %d keys saved' % count)
def erase_key(key_id, keys_folder=None):
key_id = latest_key_id(key_id)
if not is_key_registered(key_id):
lg.warn('key %s is not registered' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if key_obj(key_id).isPublic():
key_filepath = os.path.join(keys_folder, key_id + '.public')
is_private = False
else:
key_filepath = os.path.join(keys_folder, key_id + '.private')
is_private = True
try:
os.remove(key_filepath)
except:
lg.exc()
return False
k_obj = known_keys().pop(key_id)
local_keys().pop(k_obj.local_key_id, None)
local_keys_index().pop(k_obj.toPublicString(), None)
gc.collect()
if _Debug:
lg.out(_DebugLevel,
' key %s removed, file %s deleted' % (key_id, key_filepath))
events.send('key-erased', data=dict(key_id=key_id, is_private=is_private))
listeners.push_snapshot('key',
snap_id=key_id,
deleted=True,
data=make_key_info(
key_object=None,
key_id=key_id,
event='key-erased',
include_private=False,
include_local_id=True,
include_signature=True,
include_label=True,
))
return True
def erase_key(key_id, keys_folder=None):
"""
"""
if key_id not in known_keys():
lg.warn('key %s is not found' % key_id)
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if key_obj(key_id).isPublic():
key_filepath = os.path.join(keys_folder, key_id + '.public')
else:
key_filepath = os.path.join(keys_folder, key_id + '.private')
try:
os.remove(key_filepath)
except:
lg.exc()
return False
known_keys().pop(key_id)
if _Debug:
lg.out(_DebugLevel,
' key %s removed, file %s deleted' % (key_id, key_filepath))
return True
def do_backup_key(key_id, keys_folder=None, wait_result=False):
"""
Send given key to my suppliers to store it remotely.
This will make a regular backup copy of that key file - encrypted with my master key.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.do_backup_key key_id=%r' % key_id)
if key_id == my_id.getGlobalID(key_alias='master') or key_id == 'master':
lg.err('master key must never leave local host')
if wait_result:
return fail(Exception('master key must never leave local host'))
return False
if not my_keys.is_key_registered(key_id):
lg.err('unknown key: "%s"' % key_id)
if wait_result:
return fail(Exception('unknown key: "%s"' % key_id))
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if my_keys.is_key_private(key_id):
local_key_filepath = os.path.join(keys_folder, '%s.private' % key_id)
remote_path_for_key = '.keys/%s.private' % key_id
else:
local_key_filepath = os.path.join(keys_folder, '%s.public' % key_id)
remote_path_for_key = '.keys/%s.public' % key_id
global_key_path = global_id.MakeGlobalID(
key_alias='master', customer=my_id.getGlobalID(), path=remote_path_for_key)
res = api.file_exists(global_key_path)
if res['status'] == 'OK' and res['result'] and res['result'].get('exist'):
lg.warn('key %s already exists in catalog' % global_key_path)
global_key_path_id = res['result'].get('path_id')
if global_key_path_id and backup_control.IsPathInProcess(global_key_path_id):
lg.warn('skip, another backup for key already started: %s' % global_key_path_id)
if not wait_result:
return True
backup_id_list = backup_control.FindRunningBackup(global_key_path_id)
if backup_id_list:
backup_id = backup_id_list[0]
backup_job = backup_control.GetRunningBackupObject(backup_id)
if backup_job:
backup_result = Deferred()
backup_job.resultDefer.addCallback(
lambda resp: backup_result.callback(True) if resp == 'done' else backup_result.errback(
Exception('failed to upload key "%s", task was not started: %r' % (global_key_path, resp))))
if _Debug:
backup_job.resultDefer.addErrback(lg.errback, debug=_Debug, debug_level=_DebugLevel, method='key_ring.do_backup_key')
backup_job.resultDefer.addErrback(backup_result.errback)
if _Debug:
lg.args(_DebugLevel, backup_id=backup_id, global_key_path_id=global_key_path_id)
return backup_result
else:
lg.warn('did not found running backup job: %r' % backup_id)
else:
lg.warn('did not found running backup id for path: %r' % global_key_path_id)
else:
res = api.file_create(global_key_path)
if res['status'] != 'OK':
lg.err('failed to create path "%s" in the catalog: %r' % (global_key_path, res))
if wait_result:
return fail(Exception('failed to create path "%s" in the catalog: %r' % (global_key_path, res)))
return False
res = api.file_upload_start(
local_path=local_key_filepath,
remote_path=global_key_path,
wait_result=wait_result,
open_share=False,
)
if not wait_result:
if res['status'] != 'OK':
lg.err('failed to upload key "%s": %r' % (global_key_path, res))
return False
if _Debug:
lg.out(_DebugLevel, 'key_ring.do_backup_key key_id=%s : %r' % (key_id, res))
return True
backup_result = Deferred()
# TODO: put that code bellow into api.file_upload_start() method with additional parameter
def _job_done(result):
if _Debug:
lg.args(_DebugLevel, key_id=key_id, result=result)
if result == 'done':
backup_result.callback(True)
else:
backup_result.errback(Exception('failed to upload key "%s", backup is %r' % (key_id, result)))
return None
def _task_started(resp):
if _Debug:
lg.args(_DebugLevel, key_id=key_id, response=resp)
if resp['status'] != 'OK':
backup_result.errback(Exception('failed to upload key "%s", task was not started: %r' % (global_key_path, resp)))
return None
backupObj = backup_control.jobs().get(resp['version'])
if not backupObj:
backup_result.errback(Exception('failed to upload key "%s", task %r failed to start' % (global_key_path, resp['version'])))
return None
backupObj.resultDefer.addCallback(_job_done)
backupObj.resultDefer.addErrback(backup_result.errback)
return None
if not isinstance(res, Deferred):
res_defer = Deferred()
res_defer.callback(res)
res = res_defer
res.addCallback(_task_started)
res.addErrback(backup_result.errback)
return backup_result
def register_key(key_id, key_object_or_string, label='', keys_folder=None):
global _LatestLocalKeyID
key_id = latest_key_id(key_id)
if is_key_registered(key_id):
lg.warn('key %s already registered' % key_id)
return None
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if not label:
label = 'key%s' % utime.make_timestamp()
if strng.is_string(key_object_or_string):
key_object_or_string = strng.to_bin(key_object_or_string)
if _Debug:
lg.out(
_DebugLevel,
'my_keys.register_key %r from %d bytes openssh_input_string' %
(key_id, len(key_object_or_string)))
key_object = unserialize_key_to_object(key_object_or_string)
if not key_object:
lg.warn(
'invalid openssh string, unserialize_key_to_object() failed')
return None
else:
if _Debug:
lg.out(_DebugLevel, 'my_keys.register_key %r from object' % key_id)
key_object = key_object_or_string
known_local_key_id = local_keys_index().get(key_object.toPublicString())
if known_local_key_id is not None:
known_key_id = local_keys().get(known_local_key_id)
if known_key_id is not None:
known_key_id = latest_key_id(known_key_id)
if known_key_id != key_id:
raise Exception(
'must not register same key with local_key_id=%r twice with different key_id: %r ~ %r'
% (
known_local_key_id,
known_key_id,
key_id,
))
new_local_key_id = known_local_key_id
if new_local_key_id is None:
_LatestLocalKeyID += 1
save_latest_local_key_id(keys_folder=keys_folder)
new_local_key_id = _LatestLocalKeyID
key_object.local_key_id = new_local_key_id
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %r registered' % key_id)
save_key(key_id, keys_folder=keys_folder)
events.send('key-registered',
data=dict(
key_id=key_id,
label=label,
key_size=key_object.size(),
))
listeners.push_snapshot('key',
snap_id=key_id,
data=make_key_info(
key_object=key_object,
key_id=key_id,
event='key-registered',
include_private=False,
include_local_id=True,
include_signature=True,
include_label=True,
))
return key_object
