def test_generate_fingerprint(self):
fingerprint = crypto.generate_fingerprint(self.rsa_pub)
self.assertEqual(self.rsa_fp, fingerprint)
fingerprint = crypto.generate_fingerprint(self.dss_pub)
self.assertEqual(self.dss_fp, fingerprint)
fingerprint = crypto.generate_fingerprint(self.ecdsa_pub)
self.assertEqual(self.ecdsa_fp, fingerprint)
def test_generate_fingerprint(self):
fingerprint = crypto.generate_fingerprint(self.rsa_pub)
self.assertEqual(self.rsa_fp, fingerprint)
fingerprint = crypto.generate_fingerprint(self.dss_pub)
self.assertEqual(self.dss_fp, fingerprint)
fingerprint = crypto.generate_fingerprint(self.ecdsa_pub)
self.assertEqual(self.ecdsa_fp, fingerprint)
def create(self, req, body):
"""
Create or import keypair.
Sending name will generate a key and return private_key
and fingerprint.
You can send a public_key to add an existing ssh key
params: keypair object with:
name (required) - string
public_key (optional) - string
"""
context = req.environ['nova.context']
authorize(context)
params = body['keypair']
name = params['name']
self._validate_keypair_name(name)
if not 0 < len(name) < 256:
msg = _('Keypair name must be between 1 and 255 characters long')
raise webob.exc.HTTPBadRequest(explanation=msg)
# NOTE(ja): generation is slow, so shortcut invalid name exception
try:
db.key_pair_get(context, context.user_id, name)
msg = _("Key pair '%s' already exists.") % name
raise webob.exc.HTTPConflict(explanation=msg)
except exception.NotFound:
pass
keypair = {'user_id': context.user_id,
'name': name}
if quota.allowed_key_pairs(context, 1) < 1:
msg = _("Quota exceeded, too many key pairs.")
raise webob.exc.HTTPRequestEntityTooLarge(
explanation=msg,
headers={'Retry-After': 0})
# import if public_key is sent
if 'public_key' in params:
try:
fingerprint = crypto.generate_fingerprint(params['public_key'])
except exception.InvalidKeypair:
msg = _("Keypair data is invalid")
raise webob.exc.HTTPBadRequest(explanation=msg)
keypair['public_key'] = params['public_key']
keypair['fingerprint'] = fingerprint
else:
generated_key = self._gen_key()
keypair['private_key'] = generated_key['private_key']
keypair['public_key'] = generated_key['public_key']
keypair['fingerprint'] = generated_key['fingerprint']
db.key_pair_create(context, keypair)
return {'keypair': keypair}
def create(self, req, body):
"""
Create or import keypair.
Sending name will generate a key and return private_key
and fingerprint.
You can send a public_key to add an existing ssh key
params: keypair object with:
name (required) - string
public_key (optional) - string
"""
context = req.environ['nova.context']
authorize(context)
params = body['keypair']
name = params['name']
self._validate_keypair_name(name)
if not 0 < len(name) < 256:
msg = _('Keypair name must be between 1 and 255 characters long')
raise webob.exc.HTTPBadRequest(explanation=msg)
# NOTE(ja): generation is slow, so shortcut invalid name exception
try:
db.key_pair_get(context, context.user_id, name)
msg = _("Key pair '%s' already exists.") % name
raise webob.exc.HTTPConflict(explanation=msg)
except exception.NotFound:
pass
keypair = {'user_id': context.user_id,
'name': name}
# import if public_key is sent
if 'public_key' in params:
try:
fingerprint = crypto.generate_fingerprint(params['public_key'])
except exception.InvalidKeypair:
msg = _("Keypair data is invalid")
raise webob.exc.HTTPBadRequest(explanation=msg)
keypair['public_key'] = params['public_key']
keypair['fingerprint'] = fingerprint
else:
generated_key = self._gen_key()
keypair['private_key'] = generated_key['private_key']
keypair['public_key'] = generated_key['public_key']
keypair['fingerprint'] = generated_key['fingerprint']
db.key_pair_create(context, keypair)
return {'keypair': keypair}
def create(self, req, body):
"""
Create or import keypair.
Sending name will generate a key and return private_key
and fingerprint.
You can send a public_key to add an existing ssh key
params: keypair object with:
name (required) - string
public_key (optional) - string
"""
context = req.environ["nova.context"]
authorize(context)
params = body["keypair"]
name = params["name"]
self._validate_keypair_name(name)
if not 0 < len(name) < 256:
msg = _("Keypair name must be between 1 and 255 characters long")
raise webob.exc.HTTPBadRequest(explanation=msg)
# NOTE(ja): generation is slow, so shortcut invalid name exception
try:
db.key_pair_get(context, context.user_id, name)
msg = _("Key pair '%s' already exists.") % name
raise webob.exc.HTTPConflict(explanation=msg)
except exception.NotFound:
pass
keypair = {"user_id": context.user_id, "name": name}
# import if public_key is sent
if "public_key" in params:
try:
fingerprint = crypto.generate_fingerprint(params["public_key"])
except exception.InvalidKeypair:
msg = _("Keypair data is invalid")
raise webob.exc.HTTPBadRequest(explanation=msg)
keypair["public_key"] = params["public_key"]
keypair["fingerprint"] = fingerprint
else:
generated_key = self._gen_key()
keypair["private_key"] = generated_key["private_key"]
keypair["public_key"] = generated_key["public_key"]
keypair["fingerprint"] = generated_key["fingerprint"]
db.key_pair_create(context, keypair)
return {"keypair": keypair}
def create(self, req, body):
"""
Create or import keypair.
Sending name will generate a key and return private_key
and fingerprint.
You can send a public_key to add an existing ssh key
params: keypair object with:
name (required) - string
public_key (optional) - string
"""
context = req.environ['nova.context']
authorize(context)
params = body['keypair']
name = params['name']
if not 0 < len(name) < 256:
msg = _('Keypair name must be between 1 and 255 characters long')
raise webob.exc.HTTPBadRequest(explanation=msg)
# NOTE(ja): generation is slow, so shortcut invalid name exception
try:
db.key_pair_get(context, context.user_id, name)
raise exception.KeyPairExists(key_name=name)
except exception.NotFound:
pass
keypair = {'user_id': context.user_id,
'name': name}
# import if public_key is sent
if 'public_key' in params:
try:
fingerprint = crypto.generate_fingerprint(params['public_key'])
except exception.InvalidKeypair:
msg = _("Keypair data is invalid")
raise webob.exc.HTTPBadRequest(explanation=msg)
keypair['public_key'] = params['public_key']
keypair['fingerprint'] = fingerprint
else:
generated_key = self._gen_key()
keypair['private_key'] = generated_key['private_key']
keypair['public_key'] = generated_key['public_key']
keypair['fingerprint'] = generated_key['fingerprint']
db.key_pair_create(context, keypair)
return {'keypair': keypair}
def test_openssh_67(self, mock_execute):
# test ssh-keygen of OpenSSH 6.7 and older
mock_execute.side_effect = [
(('2048 67:6e:f8:21:5c:b4:d5:95:74:54:e4:9e:f8:63:7d:60 '
'test (RSA)', '')),
]
fingerprint = crypto.generate_fingerprint('public key')
self.assertEqual('67:6e:f8:21:5c:b4:d5:95:74:54:e4:9e:f8:63:7d:60',
fingerprint)
self.assertEqual(1, len(mock_execute.call_args_list),
mock_execute.call_args)
self.assertEqual([('ssh-keygen', '-q', '-l', '-f', mock.ANY)],
mock_execute.call_args_list[0])
def test_openssh_67(self, mock_execute):
# test ssh-keygen of OpenSSH 6.7 and older
mock_execute.side_effect = [
(('2048 67:6e:f8:21:5c:b4:d5:95:74:54:e4:9e:f8:63:7d:60 '
'test (RSA)',
'')),
]
fingerprint = crypto.generate_fingerprint('public key')
self.assertEqual('67:6e:f8:21:5c:b4:d5:95:74:54:e4:9e:f8:63:7d:60',
fingerprint)
self.assertEqual(1, len(mock_execute.call_args_list),
mock_execute.call_args)
self.assertEqual([('ssh-keygen', '-q', '-l', '-f', mock.ANY)],
mock_execute.call_args_list[0])
def create(self, req, body):
"""
Create or import keypair.
Sending name will generate a key and return private_key
and fingerprint.
You can send a public_key to add an existing ssh key
params: keypair object with:
name (required) - string
public_key (optional) - string
"""
context = req.environ['nova.context']
params = body['keypair']
name = params['name']
# NOTE(ja): generation is slow, so shortcut invalid name exception
try:
db.key_pair_get(context, context.user_id, name)
raise exception.KeyPairExists(key_name=name)
except exception.NotFound:
pass
keypair = {'user_id': context.user_id,
'name': name}
# import if public_key is sent
if 'public_key' in params:
tmpdir = tempfile.mkdtemp()
fn = os.path.join(tmpdir, 'import.pub')
with open(fn, 'w') as pub:
pub.write(params['public_key'])
fingerprint = crypto.generate_fingerprint(fn)
shutil.rmtree(tmpdir)
keypair['public_key'] = params['public_key']
keypair['fingerprint'] = fingerprint
else:
generated_key = self._gen_key()
keypair['private_key'] = generated_key['private_key']
keypair['public_key'] = generated_key['public_key']
keypair['fingerprint'] = generated_key['fingerprint']
db.key_pair_create(context, keypair)
return {'keypair': keypair}
def create(self, req, body):
"""
Create or import keypair.
Sending name will generate a key and return private_key
and fingerprint.
You can send a public_key to add an existing ssh key
params: keypair object with:
name (required) - string
public_key (optional) - string
"""
context = req.environ['nova.context']
params = body['keypair']
name = params['name']
# NOTE(ja): generation is slow, so shortcut invalid name exception
try:
db.key_pair_get(context, context.user_id, name)
raise exception.KeyPairExists(key_name=name)
except exception.NotFound:
pass
keypair = {'user_id': context.user_id,
'name': name}
# import if public_key is sent
if 'public_key' in params:
tmpdir = tempfile.mkdtemp()
fn = os.path.join(tmpdir, 'import.pub')
with open(fn, 'w') as pub:
pub.write(params['public_key'])
fingerprint = crypto.generate_fingerprint(fn)
shutil.rmtree(tmpdir)
keypair['public_key'] = params['public_key']
keypair['fingerprint'] = fingerprint
else:
generated_key = self._gen_key()
keypair['private_key'] = generated_key['private_key']
keypair['public_key'] = generated_key['public_key']
keypair['fingerprint'] = generated_key['fingerprint']
db.key_pair_create(context, keypair)
return {'keypair': keypair}
def test_openssh_68(self, mock_execute):
# test ssh-keygen of OpenSSH 6.8 and newer
mock_execute.side_effect = [
(('2048 SHA256:p3Wk0H3odRa1ugL+7YNP5PC9R/OkUKlY6/6/Md2+yho '
'test (RSA)\n', '')),
(('2048 MD5:b7:7d:ca:d5:31:9c:27:c6:b4:60:b2:d0:fa:0d:b4:9d '
'test (RSA)\n', '')),
]
fingerprint = crypto.generate_fingerprint('public key')
self.assertEqual('b7:7d:ca:d5:31:9c:27:c6:b4:60:b2:d0:fa:0d:b4:9d',
fingerprint)
self.assertEqual(2, len(mock_execute.call_args_list),
mock_execute.call_args)
self.assertEqual([('ssh-keygen', '-q', '-l', '-f', mock.ANY)],
mock_execute.call_args_list[0])
self.assertEqual(
[('ssh-keygen', '-q', '-l', '-f', mock.ANY, '-E', 'md5')],
mock_execute.call_args_list[1])
def test_openssh_68(self, mock_execute):
# test ssh-keygen of OpenSSH 6.8 and newer
mock_execute.side_effect = [
(('2048 SHA256:p3Wk0H3odRa1ugL+7YNP5PC9R/OkUKlY6/6/Md2+yho '
'test (RSA)\n',
'')),
(('2048 MD5:b7:7d:ca:d5:31:9c:27:c6:b4:60:b2:d0:fa:0d:b4:9d '
'test (RSA)\n',
'')),
]
fingerprint = crypto.generate_fingerprint('public key')
self.assertEqual('b7:7d:ca:d5:31:9c:27:c6:b4:60:b2:d0:fa:0d:b4:9d',
fingerprint)
self.assertEqual(2, len(mock_execute.call_args_list),
mock_execute.call_args)
self.assertEqual([('ssh-keygen', '-q', '-l', '-f', mock.ANY)],
mock_execute.call_args_list[0])
self.assertEqual([('ssh-keygen', '-q', '-l', '-f', mock.ANY,
'-E', 'md5')],
mock_execute.call_args_list[1])
