def _async_request(self, fileobj, t, *arg):
# this method may be called from other threads (prefetch)
self._lock.acquire()
try:
msg = Message()
msg.add_int(self.request_number)
for item in arg:
if isinstance(item, long):
msg.add_int64(item)
elif isinstance(item, int):
msg.add_int(item)
elif isinstance(item, (string_types, bytes_types)):
msg.add_string(item)
elif isinstance(item, SFTPAttributes):
item._pack(msg)
else:
raise Exception('unknown type for %r type %r' %
(item, type(item)))
num = self.request_number
self._expecting[num] = fileobj
self.request_number += 1
finally:
self._lock.release()
self._send_packet(t, msg)
return num
def test_1_encode(self):
msg = Message()
msg.add_int(23)
msg.add_int(123789456)
msg.add_string("q")
msg.add_string("hello")
msg.add_string("x" * 1000)
self.assertEqual(msg.asbytes(), self.__a)
msg = Message()
msg.add_boolean(True)
msg.add_boolean(False)
msg.add_byte(byte_chr(0xf3))
msg.add_bytes(zero_byte + byte_chr(0x3f))
msg.add_list(["huey", "dewey", "louie"])
self.assertEqual(msg.asbytes(), self.__b)
msg = Message()
msg.add_int64(5)
msg.add_int64(0xf5e4d3c2b109)
msg.add_mpint(17)
msg.add_mpint(0xf5e4d3c2b109)
msg.add_mpint(-0x65e4d3c2b109)
self.assertEqual(msg.asbytes(), self.__c)
def _async_request(self, fileobj, t, *arg):
# this method may be called from other threads (prefetch)
self._lock.acquire()
try:
msg = Message()
msg.add_int(self.request_number)
for item in arg:
if isinstance(item, long):
msg.add_int64(item)
elif isinstance(item, int):
msg.add_int(item)
elif isinstance(item, (string_types, bytes_types)):
msg.add_string(item)
elif isinstance(item, SFTPAttributes):
item._pack(msg)
else:
raise Exception(
'unknown type for %r type %r' % (item, type(item)))
num = self.request_number
self._expecting[num] = fileobj
self.request_number += 1
finally:
self._lock.release()
self._send_packet(t, msg)
return num
def test_encode(self):
msg = Message()
msg.add_int(23)
msg.add_int(123789456)
msg.add_string('q')
msg.add_string('hello')
msg.add_string('x' * 1000)
self.assertEqual(msg.asbytes(), self.__a)
msg = Message()
msg.add_boolean(True)
msg.add_boolean(False)
msg.add_byte(byte_chr(0xf3))
msg.add_bytes(zero_byte + byte_chr(0x3f))
msg.add_list(['huey', 'dewey', 'louie'])
self.assertEqual(msg.asbytes(), self.__b)
msg = Message()
msg.add_int64(5)
msg.add_int64(0xf5e4d3c2b109)
msg.add_mpint(17)
msg.add_mpint(0xf5e4d3c2b109)
msg.add_mpint(-0x65e4d3c2b109)
self.assertEqual(msg.asbytes(), self.__c)
def make_certificate(ca_key, duration_hours, real_name, username, host, now, expiry):
"""http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.9"""
pkey = paramiko.RSAKey.from_private_key(StringIO(ca_key))
principals = Message()
principals.add_string(username)
principals = principals.asbytes()
m = Message()
m.add_string('*****@*****.**')
m.add_string(sha1(str(random.random())).hexdigest())
m.add_mpint(pkey.e)
m.add_mpint(pkey.n)
m.add_int64(0) # serial
m.add_int(SSH_CERT_TYPE_USER)
m.add_string(real_name)
m.add_string(principals)
m.add_int64(int(now.strftime("%s")))
m.add_int64(int(expiry.strftime("%s")))
m.add_string("") # critical_options
m.add_string("") # extensions
m.add_string("") # reserved
m.add_string(pkey.asbytes())
key = RSA.construct((long(pkey.n), long(pkey.e), long(pkey.d)))
h = SHA.new(m.asbytes())
signer = PKCS1_v1_5.new(key)
signature = signer.sign(h)
sig_message = Message()
sig_message.add_string("ssh-rsa")
sig_message.add_string(signature)
m.add_string(sig_message.asbytes())
return "[email protected] {0} {1}@{2}".format(base64.b64encode(m.asbytes()), username, host)
def test_1_encode(self):
msg = Message()
msg.add_int(23)
msg.add_int(123789456)
msg.add_string('q')
msg.add_string('hello')
msg.add_string('x' * 1000)
self.assertEquals(str(msg), self.__a)
msg = Message()
msg.add_boolean(True)
msg.add_boolean(False)
msg.add_byte('\xf3')
msg.add_bytes('\x00\x3f')
msg.add_list(['huey', 'dewey', 'louie'])
self.assertEquals(str(msg), self.__b)
msg = Message()
msg.add_int64(5)
msg.add_int64(0xf5e4d3c2b109L)
msg.add_mpint(17)
msg.add_mpint(0xf5e4d3c2b109L)
msg.add_mpint(-0x65e4d3c2b109L)
self.assertEquals(str(msg), self.__c)
def _async_request(self, fileobj, t, *arg):
# this method may be called from other threads (prefetch)
self._lock.acquire()
try:
msg = Message()
msg.add_int(self.request_number)
for item in arg:
if isinstance(item, long):
msg.add_int64(item)
elif isinstance(item, int):
msg.add_int(item)
elif isinstance(item, SFTPAttributes):
item._pack(msg)
else:
# For all other types, rely on as_string() to either coerce
# to bytes before writing or raise a suitable exception.
msg.add_string(item)
num = self.request_number
self._expecting[num] = fileobj
self.request_number += 1
finally:
self._lock.release()
self._send_packet(t, msg)
return num
def _async_request(self, fileobj, t, *arg):
# this method may be called from other threads (prefetch)
self._lock.acquire()
try:
msg = Message()
msg.add_int(self.request_number)
for item in arg:
if isinstance(item, long):
msg.add_int64(item)
elif isinstance(item, int):
msg.add_int(item)
elif isinstance(item, SFTPAttributes):
item._pack(msg)
else:
# For all other types, rely on as_string() to either coerce
# to bytes before writing or raise a suitable exception.
msg.add_string(item)
num = self.request_number
self._expecting[num] = fileobj
self.request_number += 1
finally:
self._lock.release()
self._send_packet(t, msg)
return num
def test_1_encode(self):
msg = Message()
msg.add_int(23)
msg.add_int(123789456)
msg.add_string(b'q')
msg.add_string(b'hello')
msg.add_string(b'x' * 1000)
self.assertEquals(bytes(msg), self.__a)
msg = Message()
msg.add_boolean(True)
msg.add_boolean(False)
msg.add_byte(b'\xf3')
msg.add_bytes(b'\x00\x3f')
msg.add_list([b'huey', b'dewey', b'louie'])
self.assertEquals(bytes(msg), self.__b)
msg = Message()
msg.add_int64(5)
msg.add_int64(0xf5e4d3c2b109)
msg.add_mpint(17)
msg.add_mpint(0xf5e4d3c2b109)
msg.add_mpint(-0x65e4d3c2b109)
self.assertEquals(bytes(msg), self.__c)
def test_1_encode(self):
msg = Message()
msg.add_int(23)
msg.add_int(123789456)
msg.add_string("q")
msg.add_string("hello")
msg.add_string("x" * 1000)
self.assertEquals(str(msg), self.__a)
msg = Message()
msg.add_boolean(True)
msg.add_boolean(False)
msg.add_byte("\xf3")
msg.add_bytes("\x00\x3f")
msg.add_list(["huey", "dewey", "louie"])
self.assertEquals(str(msg), self.__b)
msg = Message()
msg.add_int64(5)
msg.add_int64(0xF5E4D3C2B109L)
msg.add_mpint(17)
msg.add_mpint(0xF5E4D3C2B109L)
msg.add_mpint(-0x65E4D3C2B109L)
self.assertEquals(str(msg), self.__c)
def _message_without_signature(self):
m = Message()
m.add_string('*****@*****.**')
m.add_string(self.nonce)
m.add_mpint(self.public_numbers.e)
m.add_mpint(self.public_numbers.n)
m.add_int64(self.serial)
m.add_int(self.type)
m.add_string(self.key_id)
m.add_string(self.valid_principals)
m.add_int64(self.valid_after)
m.add_int64(self.valid_before)
m.add_string(self.critical_options)
m.add_string(self.extensions)
m.add_string(self.reserved)
m.add_string(self.signature_key)
return m
def generate_body(self, key, nonce):
"""
Create a sequence of bytes representing the certificate except for
the signature. This is used duing the signing process to generate
the body of the certificate for the CA key to sign. ``key`` is an
instance of a paramiko.pkey.PKey and is only used for recording the
public part in body of the certificate. ``nonce`` is a string to use
in the body. This fuction does not change any saved state of the
existing certificate. That is done in `sign`
The attributes in _required_attributes must be defined before the
certificate can be properly created and signed.
:param .PKey key:
The key that will be used for signing.
:param str nonce:
A random nonce
:raises SSHException:
If an unknown key is specified for the certificate or if an
invalid critical option for the given key type has been used.
Only known critical options are allowed per PROTOCOL.certkeys.
An exceptions is also thrown if a required attribute is missing.
"""
for attrib in self._required_attributes:
if getattr(self, attrib) is None:
err = "Required Attribute {} not set".format(attrib)
raise SSHException(err)
msg = Message()
# Use the _key_encoders dictionary to determine a function to use to
# add the key to the beginning of the certificate body. Since parts
# are before and after the nonce, include the nonce in the call.
key_encoder = self._key_encoders.get(type(self.key))
if not key_encoder:
err = "Unknown key type"
raise SSHException(err)
key_encoder(msg, self.key, nonce)
msg.add_int64(self.serial)
msg.add_int(self.type)
msg.add_string(self.key_id)
if len(self.principals) == 0:
msg.add_int(0)
else:
princ_msg = Message()
for princ in self.principals:
princ_msg.add_string(princ)
msg.add_string(princ_msg.asbytes())
msg.add_int64(self.valid_after)
msg.add_int64(self.valid_before)
if len(self.critical_options) == 0:
msg.add_int(0)
else:
# Critical Options have to be added to the certificate in
# lexical order.
copts_msg = Message()
opts = sorted(self.critical_options.keys())
for opt in opts:
if opt not in VALID_CRITICAL_OPTIONS[self.type]:
err = "Invalid critical option {}".format(opt)
raise SSHException(err)
copts_msg.add_string(opt)
val_msg = Message()
val_msg.add_string(self.critical_options[opt])
copts_msg.add_string(val_msg.asbytes())
msg.add_string(copts_msg.asbytes())
if len(self.extensions) == 0:
msg.add_int(0)
else:
# Extensions also have to be added to the certificate in
# lexical order.
ext_msg = Message()
exts = sorted(self.extensions.keys())
for ext in exts:
ext_msg.add_string(ext)
ext_msg.add_string(self.extensions[ext])
msg.add_string(ext_msg.asbytes())
msg.add_string('')
msg.add_string(key.asbytes())
return msg.asbytes()
