def generate_key(key_id, label='', key_size=4096, keys_folder=None):
"""
"""
if key_id in known_keys():
lg.warn('key "%s" already exists' % key_id)
return None
if not label:
label = 'key%s' % utime.make_timestamp()
if _Debug:
lg.out(
_DebugLevel, 'my_keys.generate_key "%s" of %d bits, label=%r' %
(key_id, key_size, label))
key_object = rsa_key.RSAKey()
key_object.generate(key_size)
key_object.label = label
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %s generated' % key_id)
if not keys_folder:
keys_folder = settings.KeyStoreDir()
save_key(key_id, keys_folder=keys_folder)
events.send('key-generated',
data=dict(
key_id=key_id,
label=label,
key_size=key_size,
))
return key_object
def register_key(key_id, key_object_or_string, label='', keys_folder=None):
"""
"""
if key_id in known_keys():
lg.warn('key %s already exists' % key_id)
return None
if not label:
label = 'key%s' % utime.make_timestamp()
if strng.is_string(key_object_or_string):
if _Debug:
lg.out(_DebugLevel, 'my_keys.register_key %s from %d bytes openssh_input_string' % (
key_id, len(key_object_or_string)))
key_object = unserialize_key_to_object(key_object_or_string)
if not key_object:
lg.warn('invalid openssh string, unserialize_key_to_object() failed')
return None
else:
if _Debug:
lg.out(_DebugLevel, 'my_keys.register_key %s from object' % key_id)
key_object = key_object_or_string
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %s added' % key_id)
if not keys_folder:
keys_folder = settings.KeyStoreDir()
save_key(key_id, keys_folder=keys_folder)
events.send('key-registered', data=dict(key_id=key_id, label=label, key_size=key_object.size(), ))
return key_object
def generate_group_key(creator_id=None, label=None, key_size=4096):
group_key_id = None
group_alias = None
while True:
random_sample = os.urandom(24)
group_alias = 'group_%s' % strng.to_text(key.HashMD5(random_sample, hexdigest=True))
group_key_id = my_keys.make_key_id(alias=group_alias, creator_glob_id=creator_id)
if my_keys.is_key_registered(group_key_id):
continue
break
if not label:
label = 'group%s' % utime.make_timestamp()
my_keys.generate_key(key_id=group_key_id, label=label, key_size=key_size)
my_keys.sign_key(key_id=group_key_id)
if _Debug:
lg.args(_DebugLevel, group_key_id=group_key_id, group_alias=group_alias, creator_id=creator_id, label=label)
return group_key_id
def generate_key(key_id, label='', key_size=4096, keys_folder=None):
global _LatestLocalKeyID
key_id = latest_key_id(key_id)
if is_key_registered(key_id):
lg.warn('key %r already registered' % key_id)
return None
if not label:
label = 'key%s' % utime.make_timestamp()
if _Debug:
lg.out(
_DebugLevel, 'my_keys.generate_key %r of %d bits, label=%r' %
(key_id, key_size, label))
_LatestLocalKeyID += 1
save_latest_local_key_id(keys_folder=keys_folder)
key_object = rsa_key.RSAKey()
key_object.generate(key_size)
key_object.label = label
key_object.local_key_id = _LatestLocalKeyID
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %r generated' % key_id)
if not keys_folder:
keys_folder = settings.KeyStoreDir()
save_key(key_id, keys_folder=keys_folder)
events.send('key-generated',
data=dict(
key_id=key_id,
label=label,
key_size=key_size,
))
listeners.push_snapshot('key',
snap_id=key_id,
data=make_key_info(
key_object=key_object,
key_id=key_id,
event='key-generated',
include_private=False,
include_local_id=True,
include_signature=True,
include_label=True,
))
return key_object
def register_key(key_id, key_object_or_string, label='', keys_folder=None):
global _LatestLocalKeyID
key_id = latest_key_id(key_id)
if is_key_registered(key_id):
lg.warn('key %s already registered' % key_id)
return None
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if not label:
label = 'key%s' % utime.make_timestamp()
if strng.is_string(key_object_or_string):
key_object_or_string = strng.to_bin(key_object_or_string)
if _Debug:
lg.out(
_DebugLevel,
'my_keys.register_key %r from %d bytes openssh_input_string' %
(key_id, len(key_object_or_string)))
key_object = unserialize_key_to_object(key_object_or_string)
if not key_object:
lg.warn(
'invalid openssh string, unserialize_key_to_object() failed')
return None
else:
if _Debug:
lg.out(_DebugLevel, 'my_keys.register_key %r from object' % key_id)
key_object = key_object_or_string
known_local_key_id = local_keys_index().get(key_object.toPublicString())
if known_local_key_id is not None:
known_key_id = local_keys().get(known_local_key_id)
if known_key_id is not None:
known_key_id = latest_key_id(known_key_id)
if known_key_id != key_id:
raise Exception(
'must not register same key with local_key_id=%r twice with different key_id: %r ~ %r'
% (
known_local_key_id,
known_key_id,
key_id,
))
new_local_key_id = known_local_key_id
if new_local_key_id is None:
_LatestLocalKeyID += 1
save_latest_local_key_id(keys_folder=keys_folder)
new_local_key_id = _LatestLocalKeyID
key_object.local_key_id = new_local_key_id
known_keys()[key_id] = key_object
if _Debug:
lg.out(_DebugLevel, ' key %r registered' % key_id)
save_key(key_id, keys_folder=keys_folder)
events.send('key-registered',
data=dict(
key_id=key_id,
label=label,
key_size=key_object.size(),
))
listeners.push_snapshot('key',
snap_id=key_id,
data=make_key_info(
key_object=key_object,
key_id=key_id,
event='key-registered',
include_private=False,
include_local_id=True,
include_signature=True,
include_label=True,
))
return key_object