def __init__(self, initializer=None, allow_prompt=None): if isinstance(initializer, RSAPrivateKey): initializer = initializer._value # pylint: disable=protected-access if initializer is None: super(RSAPrivateKey, self).__init__(None) return if isinstance(initializer, rsa.RSAPrivateKey): super(RSAPrivateKey, self).__init__(initializer) return if isinstance(initializer, Text): initializer = initializer.encode("ascii") if not isinstance(initializer, bytes): raise rdfvalue.InitializeError("Cannot initialize %s from %s." % (self.__class__, initializer)) try: value = serialization.load_pem_private_key(initializer, password=None, backend=openssl.backend) super(RSAPrivateKey, self).__init__(value) return except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: if "private key is encrypted" not in str(e): raise type_info.TypeValueError("Private key invalid: %s" % e) # The private key is passphrase protected, we need to see if we are # allowed to ask the user. # # In the case where allow_prompt was not set at all, we use the context # we are in to see if it makes sense to ask. if allow_prompt is None: # TODO(user): dependency loop with # core/grr_response_core/grr/config/client.py. # pylint: disable=protected-access if "Commandline Context" not in config_lib._CONFIG.context: raise type_info.TypeValueError("Private key invalid: %s" % e) # pylint: enable=protected-access # Otherwise, if allow_prompt is False, we are explicitly told that we are # not supposed to ask the user. elif not allow_prompt: raise type_info.TypeValueError("Private key invalid: %s" % e) try: # The private key is encrypted and we can ask the user for the passphrase. password = utils.PassphraseCallback() value = serialization.load_pem_private_key(initializer, password=password, backend=openssl.backend) super(RSAPrivateKey, self).__init__(value) except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: raise type_info.TypeValueError("Unable to load private key: %s" % e)
def Validate(self): super(AFF4ObjectLabel, self).Validate() if not self.name: raise type_info.TypeValueError("Label name cannot be empty.") if not re.match("^[\\w./:\\- ]+$", self.name): raise type_info.TypeValueError("Label name can only contain: " "a-zA-Z0-9_./:- but got: '%s'" % self.name)
def Validate(self): super(AFF4ObjectLabel, self).Validate() if not self.name: raise type_info.TypeValueError("Label name cannot be empty.") is_valid = lambda char: char.isalnum() or char in " _./:-" if not all(map(is_valid, self.name)): raise type_info.TypeValueError("Label name can only contain: " "a-zA-Z0-9_./:- but got: '%s'" % self.name)
def ParseFromBytes(self, pem_string): precondition.AssertType(pem_string, bytes) try: self._value = serialization.load_pem_public_key( pem_string, backend=openssl.backend) except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: raise type_info.TypeValueError("Public key invalid: %s" % e)
def Validate(self, value): value = super(PathTypeInfo, self).Validate(value) if self.must_exist and not os.access(value, os.R_OK): raise type_info.TypeValueError("Path %s does not exist for %s" % (value, self.name)) return value
def __init__(self, initializer=None): if isinstance(initializer, RSAPublicKey): initializer = initializer._value # pylint: disable=protected-access if initializer is None: super(RSAPublicKey, self).__init__(None) return if isinstance(initializer, rsa.RSAPublicKey): super(RSAPublicKey, self).__init__(initializer) return if isinstance(initializer, Text): initializer = initializer.encode("ascii") if isinstance(initializer, bytes): try: value = serialization.load_pem_public_key( initializer, backend=openssl.backend) super(RSAPublicKey, self).__init__(value) return except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: raise type_info.TypeValueError("Public key invalid: %s" % e) raise rdfvalue.InitializeError("Cannot initialize %s from %s." % (self.__class__, initializer))
def __init__(self, initializer=None): super(FilterString, self).__init__(initializer) if self._value: try: self.query_parser_cls(self._value).Parse() except lexer.ParseError as e: raise type_info.TypeValueError("Malformed filter: %s" % (e))
def ParseFromString(self, value): super(RegularExpression, self).ParseFromString(value) # Check that this is a valid regex. try: self._regex = re.compile(self._value, flags=re.I | re.S | re.M) except re.error: raise type_info.TypeValueError("Not a valid regular expression.")
def ParseFromString(self, pem_string): precondition.AssertType(pem_string, bytes) try: self._value = serialization.load_pem_private_key( pem_string, password=None, backend=openssl.backend) return except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: if "private key is encrypted" not in str(e): raise type_info.TypeValueError("Private key invalid: %s" % e) # pylint: disable=g-explicit-bool-comparison, g-equals-none # The private key is passphrase protected, we need to see if we are # allowed to ask the user. # # If allow_prompt is False, we are explicitly told that we are not. if self.allow_prompt == False: raise type_info.TypeValueError("Private key invalid: %s" % e) # allow_prompt was not set, we use the context we are in to see if it # makes sense to ask. elif self.allow_prompt == None: # TODO(user): dependency loop with # core/grr_response_core/grr/config/client.py. # pylint: disable=protected-access if "Commandline Context" not in config_lib._CONFIG.context: raise type_info.TypeValueError("Private key invalid: %s" % e) # pylint: enable=protected-access # pylint: enable=g-explicit-bool-comparison, g-equals-none try: # The private key is encrypted and we can ask the user for the passphrase. password = utils.PassphraseCallback() self._value = serialization.load_pem_private_key( pem_string, password=password, backend=openssl.backend) except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: raise type_info.TypeValueError("Unable to load private key: %s" % e)
def _Normalize(cls, string): normalized = super(ClientURN, cls)._Normalize(string.strip()) if normalized: match = cls.CLIENT_ID_RE.match(normalized) if not match: raise type_info.TypeValueError( "Client URN '{!r} from initializer {!r} malformed".format( normalized, string)) clientid = match.group("clientid") clientid_correctcase = "".join( (clientid[0].upper(), clientid[1:].lower())) normalized = normalized.replace(clientid, clientid_correctcase, 1) return normalized
def DataRefreshRequired(self, path=None, last=None): """True if we need to update this path from the client. Args: path: The path relative to the root to check freshness of. last: An aff4:last attribute to check freshness of. At least one of path or last must be supplied. Returns: True if the path hasn't been updated in the last self.max_age_before_refresh seconds, else False. Raises: type_info.TypeValueError: If no arguments are supplied. """ # If we didn't get given a last attribute, use the path to get one from the # object. if last is None: if path is None: # If we didn't get a path either, we can't do anything. raise type_info.TypeValueError("Either 'path' or 'last' must" " be supplied as an argument.") fd = aff4.FACTORY.Open(self.root.Add(path), token=self.token) # We really care about the last time the stat was updated, so we use # this instead of the LAST attribute, which is the last time anything # was updated about the object. stat_obj = fd.Get(fd.Schema.STAT) if stat_obj: last = stat_obj.age else: last = rdfvalue.RDFDatetime(0) # If the object doesn't even have a LAST attribute by this point, # we say it hasn't been accessed within the cache expiry time. if last is None: return True last = last.AsDatetime() # Remember to use UTC time, since that's what the datastore uses. return datetime.datetime.utcnow() - last > self.max_age_before_refresh
def ParseFromString(self, value): """Parse a string into a client URN. Convert case so that all URNs are of the form C.[0-9a-f]. Args: value: string value to parse """ value = value.strip() super(ClientURN, self).ParseFromString(value) match = self.CLIENT_ID_RE.match(self._string_urn) if not match: raise type_info.TypeValueError("Client urn malformed: %s" % value) clientid = match.group("clientid") clientid_correctcase = "".join((clientid[0].upper(), clientid[1:].lower())) self._string_urn = self._string_urn.replace(clientid, clientid_correctcase, 1)
def __init__(self, initializer=None): super().__init__(initializer) if self._value and not self.Validate(self._value): raise type_info.TypeValueError("Client urn malformed: %s" % initializer)
def __init__(self, initializer=None, age=None): if isinstance(initializer, rdfvalue.RDFURN): if not self.Validate(initializer.Path()): raise type_info.TypeValueError("Client urn malformed: %s" % initializer) super(ClientURN, self).__init__(initializer=initializer, age=age)
def ParseFromString(self, value): super(FilterString, self).ParseFromString(value) try: self.query_parser_cls(self._value).Parse() except lexer.ParseError, e: raise type_info.TypeValueError("Malformed filter: %s" % (e))