def read(self):
fp = self.runner.get_service(self.resource.file, 'fileio')
gpg = self.runner.get_service(self.resource.gpg, 'describe').get_gnupg()
result = force_bytes(str(gpg.decrypt(
force_bytes(fp.read().read()),
passphrase=self.resource.gpg.passphrase,
)))
return BytesIO(result)
def write(self, c):
fp = self.runner.get_service(self.resource.file, 'fileio')
gpg = self.runner.get_service(self.resource.gpg, 'describe').get_gnupg()
fp.write(force_bytes(str(gpg.encrypt(
force_bytes(c),
recipients=self.resource.gpg.recipients,
symmetric=self.resource.gpg.symmetric,
passphrase=self.resource.gpg.passphrase,
))))
def test_handle_13(self):
# Test handling a SSH2_AGENTC_SIGN_REQUEST
msg = Message()
# Please sign some data
msg.add_byte(byte_chr(13))
# The id of the key to sign with
key = list(self.agent.identities.values())[0][0].asbytes()
msg.add_int(len(key))
msg.add_bytes(bytes(key))
# A blob of binary to sign
blob = b'\x0e' * 10
msg.add_int(len(blob))
msg.add_bytes(blob)
# Go go go
mtype, msg = self.send(msg)
self.assertEqual(mtype, 14)
self.assertEqual(binascii.hexlify(msg.get_binary()), force_bytes((
'000000077373682d7273610000010031d4c2bfad183557a7055f005c3d0d838d5'
'701bd7b8a09d6d7f06699c691842c18e2bb62504a4beba0fbf5aeaf62f8106352'
'b99f60d1fdc2dac1f5ad29566022eff25f62fac38cb2db849ed6b862af5e6bd36'
'09b249a099848aa6fcfdfe1d93d2538ab4e614ecc95a4282abf8742c7bb591db9'
'3e049e70a559d29134d207018a650b77fd9a7b6be8a2b1f75efbd66fa5a1e9e96'
'3a5245ebe76294e0d150dfa2348bc7303203263b11952f0300e7b3a9efab81827'
'b9e53d8c1cb8b2a1551c22cbab9e747fcff79bf57373f7ec8cb2a0dc9b42a7264'
'afa4b7913693b709c5418eda02175b0a183549643127be92e79936ffc91479629'
'c2acdc6aa5c83250a8edfe'
)))
def render(self, runner, object):
if object is None:
return None
try:
return force_bytes(self.inner.render(runner, object))
except ValueError:
return str(self.inner.render(runner, object))
def render(self, runner, value):
private_key = serialization.load_pem_private_key(
force_bytes(value),
password=None,
backend=default_backend(),
)
numbers = private_key.public_key().public_numbers()
output = b''
parts = [b'ssh-rsa', deflate_long(numbers.e), deflate_long(numbers.n)]
for part in parts:
output += struct.pack('>I', len(part)) + part
return force_str(b'ssh-rsa ' + base64.b64encode(output) + b'\n')
def clean_certificate_body(self, value):
backend = default_backend()
cert = load_pem_x509_certificate(force_bytes(value), backend)
private_key = serialization.load_pem_private_key(
self.private_key.encode('utf-8'),
password=None,
backend=backend,
)
if cert.public_key().public_numbers() != private_key.public_key().public_numbers():
raise errors.Error(
'Certificate does not match private_key',
)
return value.strip()
def add_describe_launch_configurations_one_response(self, user_data=None):
launch_config = {
'LaunchConfigurationName': self.resource.name,
'ImageId': 'ami-cba130bc',
'InstanceType': 't2.micro',
'CreatedTime': datetime.datetime.now(),
}
if user_data:
launch_config['UserData'] = force_str(base64.b64encode(force_bytes(user_data)))
return self.add_response(
'describe_launch_configurations',
service_response={
'LaunchConfigurations': [launch_config],
},
expected_params={},
)
def clean_certificate_chain(self, value):
# Perform a basic validation of the SSL chain.
# This isn't a complete and secure validation. It's just to try and
# catch problems before doing a deployment.
backend = default_backend()
certs = [load_pem_x509_certificate(force_bytes(self.certificate_body), backend)]
for cert in split_cert_chain(value):
certs.append(load_pem_x509_certificate(cert, backend))
for i, (cert, issuer) in enumerate(zip(certs, certs[1:])):
verifier = issuer.public_key().verifier(
cert.signature,
asymmetric.padding.PKCS1v15(),
cert.signature_hash_algorithm,
)
verifier.update(cert.tbs_certificate_bytes)
try:
verifier.verify()
except:
error_message = '\n'.join([
'Invalid chain for {} at position {}.',
'Expected cert with subject "{}" and subject key identifier "{}".',
'Got cert with subject "{}" and subject key identifier "{}".',
])
cert_name = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
cert_issuer = cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
akib = cert.extensions.get_extension_for_oid(ExtensionOID.AUTHORITY_KEY_IDENTIFIER).value.key_identifier
aki = format_key_identifier(akib)
issuer_name = issuer.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
skib = issuer.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_KEY_IDENTIFIER).value.digest
ski = format_key_identifier(skib)
raise errors.Error(
error_message.format(
cert_name,
i,
cert_issuer,
aki,
issuer_name,
ski,
))
return value.strip()
def test_bytes_str(self):
self.assertEqual(force_bytes("foo"), b"foo")
def write(self, c):
fp = self.runner.get_service(self.resource.file, 'fileio')
s = six.StringIO()
c.write(s)
fp.write(force_bytes(s.getvalue()))
def make_id(self, name):
''' Return consistent 'id's' given a name. Subclasses will typically
trim and prefix this to get something like i-abcd1234. '''
return sha1(force_bytes(name)).hexdigest()
def test_bytes_str(self):
self.assertEqual(force_bytes("foo"), b"foo")
def test_bytes_b(self):
self.assertEqual(force_bytes(b'foo'), b'foo')
def test_bytes_str(self):
self.assertEqual(force_bytes('foo'), b'foo')
def test_bytes_b(self):
self.assertEqual(force_bytes(b"foo"), b"foo")
def execute(self, value):
f = self.runner.get_service(self.resource, 'fileio')
f.write(force_bytes(value))
def test_bytes_b(self):
self.assertEqual(force_bytes(b"foo"), b"foo")
