def test_generate_key_pair_1024_bits(self):
bits = 1024
(private_key, public_key, fingerprint) = crypto.generate_key_pair(bits)
pub_bytes = public_key.encode('utf-8')
pkey = serialization.load_ssh_public_key(
pub_bytes, backends.default_backend())
self.assertEqual(bits, pkey.key_size)
def generate_key_pair(self, user, key_name):
"""Generates a key pair for a user
Generates a public and private key, stores the public key using the
key_name, and returns the private key and fingerprint.
@type user: User or uid
@param user: User for which to create key pair.
@type key_name: str
@param key_name: Name to use for the generated KeyPair.
@rtype: tuple (private_key, fingerprint)
@return: A tuple containing the private_key and fingerprint.
"""
# NOTE(vish): generating key pair is slow so check for legal
# creation before creating keypair
uid = User.safe_id(user)
with self.driver() as drv:
if not drv.get_user(uid):
raise exception.NotFound("User %s doesn't exist" % user)
if drv.get_key_pair(uid, key_name):
raise exception.Duplicate("The keypair %s already exists"
% key_name)
private_key, public_key, fingerprint = crypto.generate_key_pair()
self.create_key_pair(uid, key_name, public_key, fingerprint)
return private_key, fingerprint
def _gen_key(self):
"""
Generate a key
"""
private_key, public_key, fingerprint = crypto.generate_key_pair()
return {'private_key': private_key,
'public_key': public_key,
'fingerprint': fingerprint}
def _gen_key(self):
"""
Generate a key
"""
private_key, public_key, fingerprint = crypto.generate_key_pair()
return {'private_key': private_key,
'public_key': public_key,
'fingerprint': fingerprint}
def test_generate_key_pair_2048_bits(self):
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
raw_pub = public_key.split(' ')[1]
if six.PY3:
raw_pub = raw_pub.encode('ascii')
raw_pub = base64.b64decode(raw_pub)
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(2048, pkey.get_bits())
def is_valid_appliance():
nova_home = get_nova_home()
' Change to user nova '
LOG.debug(_('Executing as ' + whoami()))
if whoami() == 'root':
change_user('nova')
if whoami() != 'nova':
LOG.debug(_('nova does not exists'))
return False
if os.path.exists(nova_home) is False:
'''
nova does not exists.Exiting now
#todo : sys.exit()
'''
return False
# Check if the id_rsa and id_rsa.pub already exists.
# If they exist don't generate new keys"
if not os.path.exists(os.path.join(nova_home + '/.ssh/')):
os.makedirs(os.path.join(nova_home + '/.ssh/'), 01700)
if os.path.isfile(
os.path.join(nova_home + '/.ssh/id_rsa.pub')) is False and \
os.path.isfile(os.path.join(nova_home + '/.ssh/id_rsa')) is False:
' Generate id_rsa and id_rsa.pub files. '
' This will be stored in $NOVAHOME/.ssh/ '
' use nova'
private_key, public_key, _fingerprint = crypto.generate_key_pair()
pub_file = open(os.path.join(nova_home + '/.ssh/id_rsa.pub'), "w+")
pub_file.writelines(public_key)
pub_file.close()
private_file = open(os.path.join(nova_home + '/.ssh/id_rsa'), "w+")
private_file.writelines(private_key)
private_file.close()
os.chmod(os.path.join(nova_home + '/.ssh/id_rsa.pub'), 0700)
os.chmod(os.path.join(nova_home + '/.ssh/id_rsa'), 0700)
# os.popen('ssh-keygen -t rsa', 'w').write(''' ''')
LOG.debug(_('created new id_rsa and id_rsa.pub'))
else:
LOG.debug(_('id_rsa and id_rsa.pub exists'))
' create known_hosts file if it does not exist'
if os.path.isfile(os.path.join(nova_home + '/.ssh/known_hosts')) is False:
filename = os.path.join(nova_home + '/.ssh/known_hosts')
handle = open(filename, 'w')
handle.close
os.chmod(os.path.join(nova_home + '/.ssh/known_hosts'), 0700)
return True
def is_valid_appliance():
nova_home = get_nova_home()
' Change to user nova '
LOG.debug(_('Executing as ' + whoami()))
if whoami() == 'root':
change_user('nova')
if whoami() != 'nova':
LOG.debug(_('nova does not exists'))
return False
if os.path.exists(nova_home) is False:
'''
nova does not exists.Exiting now
#todo : sys.exit()
'''
return False
# Check if the id_rsa and id_rsa.pub already exists.
# If they exist don't generate new keys"
if not os.path.exists(os.path.join(nova_home + '/.ssh/')):
os.makedirs(os.path.join(nova_home + '/.ssh/'), 01700)
if os.path.isfile(
os.path.join(nova_home + '/.ssh/id_rsa.pub')) is False and \
os.path.isfile(os.path.join(nova_home + '/.ssh/id_rsa')) is False:
' Generate id_rsa and id_rsa.pub files. '
' This will be stored in $NOVAHOME/.ssh/ '
' use nova'
private_key, public_key, _fingerprint = crypto.generate_key_pair()
pub_file = open(os.path.join(nova_home + '/.ssh/id_rsa.pub'), "w+")
pub_file.writelines(public_key)
pub_file.close()
private_file = open(os.path.join(nova_home + '/.ssh/id_rsa'), "w+")
private_file.writelines(private_key)
private_file.close()
os.chmod(os.path.join(nova_home + '/.ssh/id_rsa.pub'), 0700)
os.chmod(os.path.join(nova_home + '/.ssh/id_rsa'), 0700)
#os.popen('ssh-keygen -t rsa', 'w').write(''' ''')
LOG.debug(_('created new id_rsa and id_rsa.pub'))
else:
LOG.debug(_('id_rsa and id_rsa.pub exists'))
' create known_hosts file if it does not exist'
if os.path.isfile(os.path.join(nova_home + '/.ssh/known_hosts')) is False:
filename = os.path.join(nova_home + '/.ssh/known_hosts')
handle = open(filename, 'w')
handle.close
os.chmod(os.path.join(nova_home + '/.ssh/known_hosts'), 0700)
return True
def test_generate_key_pair_mocked_private_key(self):
keyin = six.StringIO()
keyin.write(self.rsa_prv)
keyin.seek(0)
key = paramiko.RSAKey.from_private_key(keyin)
with mock.patch.object(crypto, 'generate_key') as mock_generate:
mock_generate.return_value = key
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
self.assertEqual(self.rsa_pub, public_key)
self.assertEqual(self.rsa_fp, fingerprint)
def generate_key_pair(self, user, key_name):
# generating key pair is slow so delay generation
# until after check
user = User.safe_id(user)
with LDAPWrapper() as conn:
if not conn.user_exists(user):
raise exception.NotFound("User %s doesn't exist" % user)
if conn.key_pair_exists(user, key_name):
raise exception.Duplicate("The keypair %s already exists" % key_name)
private_key, public_key, fingerprint = crypto.generate_key_pair()
self.create_key_pair(User.safe_id(user), key_name, public_key, fingerprint)
return private_key, fingerprint
def test_generate_key_pair(self):
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
raw_pub = public_key.split(' ')[1].decode('base64')
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(2048, pkey.get_bits())
bits = 4096
(private_key, public_key, fingerprint) = crypto.generate_key_pair(bits)
raw_pub = public_key.split(' ')[1].decode('base64')
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(bits, pkey.get_bits())
keyin = StringIO.StringIO()
keyin.write(self.rsa_prv)
keyin.seek(0)
key = paramiko.RSAKey.from_private_key(keyin)
with mock.patch.object(paramiko.RSAKey, 'generate') as mock_generate:
mock_generate.return_value = key
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
self.assertEqual(self.rsa_pub, public_key)
self.assertEqual(self.rsa_fp, fingerprint)
def generate_key_pair(self, uid, key_name):
# generating key pair is slow so delay generation
# until after check
with LDAPWrapper() as conn:
if not conn.user_exists(uid):
raise UserError("User " + uid + " doesn't exist")
if conn.key_pair_exists(uid, key_name):
raise InvalidKeyPair(
"The keypair '" + key_name + "' already exists.",
"Duplicate")
private_key, public_key, fingerprint = crypto.generate_key_pair()
self.create_key_pair(uid, key_name, public_key, fingerprint)
return private_key, fingerprint
def test_generate_key_pair(self):
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
raw_pub = public_key.split(' ')[1].decode('base64')
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(2048, pkey.get_bits())
bits = 4096
(private_key, public_key, fingerprint) = crypto.generate_key_pair(bits)
raw_pub = public_key.split(' ')[1].decode('base64')
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(bits, pkey.get_bits())
keyin = StringIO.StringIO()
keyin.write(self.rsa_prv)
keyin.seek(0)
key = paramiko.RSAKey.from_private_key(keyin)
with mock.patch.object(paramiko.RSAKey, 'generate') as mock_generate:
mock_generate.return_value = key
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
self.assertEqual(self.rsa_pub, public_key)
self.assertEqual(self.rsa_fp, fingerprint)
def generate_key_pair(self, uid, key_name):
# generating key pair is slow so delay generation
# until after check
with LDAPWrapper() as conn:
if not conn.user_exists(uid):
raise UserError("User " + uid + " doesn't exist")
if conn.key_pair_exists(uid, key_name):
raise InvalidKeyPair("The keypair '" +
key_name +
"' already exists.",
"Duplicate")
private_key, public_key, fingerprint = crypto.generate_key_pair()
self.create_key_pair(uid, key_name, public_key, fingerprint)
return private_key, fingerprint
def _gen_key(self, context, user_id, key_name):
"""Generate a key
This is a module level method because it is slow and we need to defer
it into a process pool."""
# NOTE(vish): generating key pair is slow so check for legal
# creation before creating key_pair
try:
db.key_pair_get(context, user_id, key_name)
raise exception.KeyPairExists(key_name=key_name)
except exception.NotFound:
pass
private_key, public_key, fingerprint = crypto.generate_key_pair()
key = {}
key['user_id'] = user_id
key['name'] = key_name
key['public_key'] = public_key
key['fingerprint'] = fingerprint
db.key_pair_create(context, key)
return {'private_key': private_key, 'fingerprint': fingerprint}
def test_generate_key_pair_2048_bits(self):
(private_key, public_key, fingerprint) = crypto.generate_key_pair()
raw_pub = public_key.split(' ')[1].decode('base64')
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(2048, pkey.get_bits())
def _gen_key(self):
"""
Generate a key
"""
private_key, public_key, fingerprint = crypto.generate_key_pair()
return {"private_key": private_key, "public_key": public_key, "fingerprint": fingerprint}
def test_generate_key_pair_1024_bits(self):
bits = 1024
(private_key, public_key, fingerprint) = crypto.generate_key_pair(bits)
raw_pub = base64.b64decode(public_key.split(' ')[1])
pkey = paramiko.rsakey.RSAKey(None, raw_pub)
self.assertEqual(bits, pkey.get_bits())
