Beispiel #1
0
 def read(self):
     fp = self.runner.get_service(self.resource.file, 'fileio')
     gpg = self.runner.get_service(self.resource.gpg, 'describe').get_gnupg()
     result = force_bytes(str(gpg.decrypt(
         force_bytes(fp.read().read()),
         passphrase=self.resource.gpg.passphrase,
     )))
     return BytesIO(result)
Beispiel #2
0
 def write(self, c):
     fp = self.runner.get_service(self.resource.file, 'fileio')
     gpg = self.runner.get_service(self.resource.gpg, 'describe').get_gnupg()
     fp.write(force_bytes(str(gpg.encrypt(
         force_bytes(c),
         recipients=self.resource.gpg.recipients,
         symmetric=self.resource.gpg.symmetric,
         passphrase=self.resource.gpg.passphrase,
     ))))
Beispiel #3
0
 def test_handle_13(self):
     # Test handling a SSH2_AGENTC_SIGN_REQUEST
     msg = Message()
     # Please sign some data
     msg.add_byte(byte_chr(13))
     # The id of the key to sign with
     key = list(self.agent.identities.values())[0][0].asbytes()
     msg.add_int(len(key))
     msg.add_bytes(bytes(key))
     # A blob of binary to sign
     blob = b'\x0e' * 10
     msg.add_int(len(blob))
     msg.add_bytes(blob)
     # Go go go
     mtype, msg = self.send(msg)
     self.assertEqual(mtype, 14)
     self.assertEqual(binascii.hexlify(msg.get_binary()), force_bytes((
         '000000077373682d7273610000010031d4c2bfad183557a7055f005c3d0d838d5'
         '701bd7b8a09d6d7f06699c691842c18e2bb62504a4beba0fbf5aeaf62f8106352'
         'b99f60d1fdc2dac1f5ad29566022eff25f62fac38cb2db849ed6b862af5e6bd36'
         '09b249a099848aa6fcfdfe1d93d2538ab4e614ecc95a4282abf8742c7bb591db9'
         '3e049e70a559d29134d207018a650b77fd9a7b6be8a2b1f75efbd66fa5a1e9e96'
         '3a5245ebe76294e0d150dfa2348bc7303203263b11952f0300e7b3a9efab81827'
         'b9e53d8c1cb8b2a1551c22cbab9e747fcff79bf57373f7ec8cb2a0dc9b42a7264'
         'afa4b7913693b709c5418eda02175b0a183549643127be92e79936ffc91479629'
         'c2acdc6aa5c83250a8edfe'
     )))
Beispiel #4
0
    def render(self, runner, object):
        if object is None:
            return None

        try:
            return force_bytes(self.inner.render(runner, object))
        except ValueError:
            return str(self.inner.render(runner, object))
Beispiel #5
0
    def render(self, runner, value):
        private_key = serialization.load_pem_private_key(
            force_bytes(value),
            password=None,
            backend=default_backend(),
        )
        numbers = private_key.public_key().public_numbers()

        output = b''
        parts = [b'ssh-rsa', deflate_long(numbers.e), deflate_long(numbers.n)]
        for part in parts:
            output += struct.pack('>I', len(part)) + part
        return force_str(b'ssh-rsa ' + base64.b64encode(output) + b'\n')
Beispiel #6
0
    def clean_certificate_body(self, value):
        backend = default_backend()
        cert = load_pem_x509_certificate(force_bytes(value), backend)
        private_key = serialization.load_pem_private_key(
            self.private_key.encode('utf-8'),
            password=None,
            backend=backend,
        )

        if cert.public_key().public_numbers() != private_key.public_key().public_numbers():
            raise errors.Error(
                'Certificate does not match private_key',
            )

        return value.strip()
 def add_describe_launch_configurations_one_response(self, user_data=None):
     launch_config = {
         'LaunchConfigurationName': self.resource.name,
         'ImageId': 'ami-cba130bc',
         'InstanceType': 't2.micro',
         'CreatedTime': datetime.datetime.now(),
     }
     if user_data:
         launch_config['UserData'] = force_str(base64.b64encode(force_bytes(user_data)))
     return self.add_response(
         'describe_launch_configurations',
         service_response={
             'LaunchConfigurations': [launch_config],
         },
         expected_params={},
     )
Beispiel #8
0
    def clean_certificate_chain(self, value):
        # Perform a basic validation of the SSL chain.
        # This isn't a complete and secure validation. It's just to try and
        # catch problems before doing a deployment.
        backend = default_backend()

        certs = [load_pem_x509_certificate(force_bytes(self.certificate_body), backend)]
        for cert in split_cert_chain(value):
            certs.append(load_pem_x509_certificate(cert, backend))

        for i, (cert, issuer) in enumerate(zip(certs, certs[1:])):
            verifier = issuer.public_key().verifier(
                cert.signature,
                asymmetric.padding.PKCS1v15(),
                cert.signature_hash_algorithm,
            )
            verifier.update(cert.tbs_certificate_bytes)
            try:
                verifier.verify()
            except:
                error_message = '\n'.join([
                    'Invalid chain for  {} at position {}.',
                    'Expected cert with subject "{}" and subject key identifier "{}".',
                    'Got cert with subject "{}" and subject key identifier "{}".',
                ])
                cert_name = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
                cert_issuer = cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
                akib = cert.extensions.get_extension_for_oid(ExtensionOID.AUTHORITY_KEY_IDENTIFIER).value.key_identifier
                aki = format_key_identifier(akib)
                issuer_name = issuer.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
                skib = issuer.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_KEY_IDENTIFIER).value.digest
                ski = format_key_identifier(skib)
                raise errors.Error(
                    error_message.format(
                        cert_name,
                        i,
                        cert_issuer,
                        aki,
                        issuer_name,
                        ski,
                    ))

        return value.strip()
Beispiel #9
0
 def test_bytes_str(self):
     self.assertEqual(force_bytes("foo"), b"foo")
Beispiel #10
0
 def write(self, c):
     fp = self.runner.get_service(self.resource.file, 'fileio')
     s = six.StringIO()
     c.write(s)
     fp.write(force_bytes(s.getvalue()))
Beispiel #11
0
 def make_id(self, name):
     ''' Return consistent 'id's' given a name. Subclasses will typically
     trim and prefix this to get something like i-abcd1234. '''
     return sha1(force_bytes(name)).hexdigest()
Beispiel #12
0
 def test_bytes_str(self):
     self.assertEqual(force_bytes("foo"), b"foo")
Beispiel #13
0
 def test_bytes_b(self):
     self.assertEqual(force_bytes(b'foo'), b'foo')
Beispiel #14
0
 def test_bytes_str(self):
     self.assertEqual(force_bytes('foo'), b'foo')
Beispiel #15
0
 def test_bytes_b(self):
     self.assertEqual(force_bytes(b"foo"), b"foo")
Beispiel #16
0
 def execute(self, value):
     f = self.runner.get_service(self.resource, 'fileio')
     f.write(force_bytes(value))
Beispiel #17
0
 def test_bytes_b(self):
     self.assertEqual(force_bytes(b"foo"), b"foo")