def register(config, args):
if args.email:
if config.email is None:
config.email = args.email
if config.email != args.email:
raise fa.FruitApiError('Configuration file already contains a different email address')
if args.secret_key or args.secret_key_file:
config.secret_key_blob = args.secret_key or None
path = args.secret_key_file
if path:
if path[:1] != '~':
path = os.path.abspath(path)
config.secret_key_path = path
else:
config.secret_key_path = None
else:
# Register with existing configured secret key!
pass
if config.email is None:
raise fa.FruitApiError('You must supply an email address for account registration.')
if config.secret_key_blob is None and config.secret_key_path is None:
raise fa.FruitApiError('You must supply a secret key for account registration.')
with config as api:
result = api.register(config.email)
if result.get('created', False):
print('A verification email has been sent to %s.' % (config.email,))
print('Please check your mailbox and follow the instructions.')
else:
print('The provided secret key is authorized for this account.')
config.store_identity()
config.dump(args.config_filename)
def __signer(self):
blob = self.secret_key_blob
source = 'secret key'
if blob is None:
if self.secret_key_path is None:
raise fa.FruitApiError(
'No secret key is available for identity %r in config file %s' % (
self.identityName,
self._filename))
with open(os.path.expanduser(self.secret_key_path), 'rt') as fh:
blob = fh.read()
source = 'secret key from file %r' % (self.secret_key_path,)
agent = ssh_agent.Agent()
s = agent.signer_for_identity(self.public_key)
if s is not None:
return s
try:
return auth.LocalSigner(auth._unb64(blob))
except:
pass
sk = None
try:
sk = ssh_key.SshPrivateKey(contents=blob)
except ssh_key.SyntaxError:
try:
sk = signify_key.SignifyPrivateKey(contents=blob)
except signify_key.SyntaxError:
pass
if sk is None:
raise fa.FruitApiError('Cannot open %s' % (source,))
try:
if sk.password_needed():
sk.unprotect(_get_passphrase(source))
else:
sk.unprotect(None)
except auth.BadPassword:
raise fa.FruitApiError('Bad passphrase when opening %s' % (source,))
return sk.signer_for_identity(sk.public_key)
def signer(self):
if self._signer is None:
self._signer = self.__signer()
if self.public_key is None:
self.public_key = self._signer.identity
self.store_identity()
if self._filename:
self.dump(self._filename)
elif self.public_key != self._signer.identity:
raise fa.FruitApiError('Mismatch between public key and secret key')
return self._signer
def _collect_ssh_keys(args):
keyfile = fa.SshKeyFile()
for literal_key in args.key or []:
keyfile.load(io.StringIO(literal_key))
for filename in args.keyfile or []:
try:
with open(filename, 'rb') as fh:
contents = fh.read().decode('utf-8')
except:
raise fa.FruitApiError('Cannot read keyfile %s', (filename,))
else:
keyfile.load(io.StringIO(contents), filename=filename)
return keyfile.keys
def _parse_filter(args):
if args.filter is None:
return None
raw_filter = args.filter
for triple in raw_filter:
(_jsonpath, operator, _expectedvalue) = triple
if operator not in ['=', '<', '>', 'glob']:
raise fa.FruitApiError('Invalid filter clause operator: %r' % (operator,))
def decode_json(p,v):
try:
return json.loads(v)
except:
raise fa.FruitApiError(
'Invalid filter clause JSON comparison value %r for path %r' % (v, p))
return [(p,o,v if o == 'glob' else decode_json(p,v)) for (p,o,v) in raw_filter]
def decode_json(p,v):
try:
return json.loads(v)
except:
raise fa.FruitApiError(
'Invalid filter clause JSON comparison value %r for path %r' % (v, p))