def register(config, args): if args.email: if config.email is None: config.email = args.email if config.email != args.email: raise fa.FruitApiError('Configuration file already contains a different email address') if args.secret_key or args.secret_key_file: config.secret_key_blob = args.secret_key or None path = args.secret_key_file if path: if path[:1] != '~': path = os.path.abspath(path) config.secret_key_path = path else: config.secret_key_path = None else: # Register with existing configured secret key! pass if config.email is None: raise fa.FruitApiError('You must supply an email address for account registration.') if config.secret_key_blob is None and config.secret_key_path is None: raise fa.FruitApiError('You must supply a secret key for account registration.') with config as api: result = api.register(config.email) if result.get('created', False): print('A verification email has been sent to %s.' % (config.email,)) print('Please check your mailbox and follow the instructions.') else: print('The provided secret key is authorized for this account.') config.store_identity() config.dump(args.config_filename)
def __signer(self): blob = self.secret_key_blob source = 'secret key' if blob is None: if self.secret_key_path is None: raise fa.FruitApiError( 'No secret key is available for identity %r in config file %s' % ( self.identityName, self._filename)) with open(os.path.expanduser(self.secret_key_path), 'rt') as fh: blob = fh.read() source = 'secret key from file %r' % (self.secret_key_path,) agent = ssh_agent.Agent() s = agent.signer_for_identity(self.public_key) if s is not None: return s try: return auth.LocalSigner(auth._unb64(blob)) except: pass sk = None try: sk = ssh_key.SshPrivateKey(contents=blob) except ssh_key.SyntaxError: try: sk = signify_key.SignifyPrivateKey(contents=blob) except signify_key.SyntaxError: pass if sk is None: raise fa.FruitApiError('Cannot open %s' % (source,)) try: if sk.password_needed(): sk.unprotect(_get_passphrase(source)) else: sk.unprotect(None) except auth.BadPassword: raise fa.FruitApiError('Bad passphrase when opening %s' % (source,)) return sk.signer_for_identity(sk.public_key)
def signer(self): if self._signer is None: self._signer = self.__signer() if self.public_key is None: self.public_key = self._signer.identity self.store_identity() if self._filename: self.dump(self._filename) elif self.public_key != self._signer.identity: raise fa.FruitApiError('Mismatch between public key and secret key') return self._signer
def _collect_ssh_keys(args): keyfile = fa.SshKeyFile() for literal_key in args.key or []: keyfile.load(io.StringIO(literal_key)) for filename in args.keyfile or []: try: with open(filename, 'rb') as fh: contents = fh.read().decode('utf-8') except: raise fa.FruitApiError('Cannot read keyfile %s', (filename,)) else: keyfile.load(io.StringIO(contents), filename=filename) return keyfile.keys
def _parse_filter(args): if args.filter is None: return None raw_filter = args.filter for triple in raw_filter: (_jsonpath, operator, _expectedvalue) = triple if operator not in ['=', '<', '>', 'glob']: raise fa.FruitApiError('Invalid filter clause operator: %r' % (operator,)) def decode_json(p,v): try: return json.loads(v) except: raise fa.FruitApiError( 'Invalid filter clause JSON comparison value %r for path %r' % (v, p)) return [(p,o,v if o == 'glob' else decode_json(p,v)) for (p,o,v) in raw_filter]
def decode_json(p,v): try: return json.loads(v) except: raise fa.FruitApiError( 'Invalid filter clause JSON comparison value %r for path %r' % (v, p))