def key_for_hostname(hostname): # fireball mode is an implementation of ansible firing up zeromq via SSH # to use no persistent daemons or key management if not KEYCZAR_AVAILABLE: raise errors.AnsibleError( "python-keyczar must be installed to use fireball mode") key_path = os.path.expanduser("~/.fireball.keys") if not os.path.exists(key_path): os.makedirs(key_path) key_path = os.path.expanduser("~/.fireball.keys/%s" % hostname) # use new AES keys every 2 hours, which means fireball must not allow running for longer either if not os.path.exists(key_path) or ( time.time() - os.path.getmtime(key_path) > 60 * 60 * 2): key = AesKey.Generate() fh = open(key_path, "w") fh.write(str(key)) fh.close() return key else: fh = open(key_path) key = AesKey.Read(fh.read()) fh.close() return key
def key_for_hostname(hostname): # fireball mode is an implementation of ansible firing up zeromq via SSH # to use no persistent daemons or key management if not KEYCZAR_AVAILABLE: raise AnsibleError("python-keyczar must be installed on the control machine to use accelerated modes") key_path = os.path.expanduser(C.ACCELERATE_KEYS_DIR) if not os.path.exists(key_path): os.makedirs(key_path, mode=0o700) os.chmod(key_path, int(C.ACCELERATE_KEYS_DIR_PERMS, 8)) elif not os.path.isdir(key_path): raise AnsibleError('ACCELERATE_KEYS_DIR is not a directory.') if stat.S_IMODE(os.stat(key_path).st_mode) != int(C.ACCELERATE_KEYS_DIR_PERMS, 8): raise AnsibleError('Incorrect permissions on the private key directory. Use `chmod 0%o %s` to correct this issue, and make sure any of the keys files contained within that directory are set to 0%o' % (int(C.ACCELERATE_KEYS_DIR_PERMS, 8), C.ACCELERATE_KEYS_DIR, int(C.ACCELERATE_KEYS_FILE_PERMS, 8))) key_path = os.path.join(key_path, hostname) # use new AES keys every 2 hours, which means fireball must not allow running for longer either if not os.path.exists(key_path) or (time.time() - os.path.getmtime(key_path) > 60*60*2): key = AesKey.Generate(size=256) fd = os.open(key_path, os.O_WRONLY | os.O_CREAT, int(C.ACCELERATE_KEYS_FILE_PERMS, 8)) fh = os.fdopen(fd, 'w') fh.write(str(key)) fh.close() return key else: if stat.S_IMODE(os.stat(key_path).st_mode) != int(C.ACCELERATE_KEYS_FILE_PERMS, 8): raise AnsibleError('Incorrect permissions on the key file for this host. Use `chmod 0%o %s` to correct this issue.' % (int(C.ACCELERATE_KEYS_FILE_PERMS, 8), key_path)) fh = open(key_path) key = AesKey.Read(fh.read()) fh.close() return key
def key_for_hostname(hostname): # fireball mode is an implementation of ansible firing up zeromq via SSH # to use no persistent daemons or key management if not KEYCZAR_AVAILABLE: raise AnsibleError("python-keyczar must be installed on the control machine to use accelerated modes") key_path = os.path.expanduser(C.ACCELERATE_KEYS_DIR) if not os.path.exists(key_path): # avoid race with multiple forks trying to create paths on host # but limit when locking is needed to creation only with(_LOCK): if not os.path.exists(key_path): # use a temp directory and rename to ensure the directory # searched for only appears after permissions applied. tmp_dir = tempfile.mkdtemp(dir=os.path.dirname(key_path)) os.chmod(tmp_dir, int(C.ACCELERATE_KEYS_DIR_PERMS, 8)) os.rename(tmp_dir, key_path) elif not os.path.isdir(key_path): raise AnsibleError('ACCELERATE_KEYS_DIR is not a directory.') if stat.S_IMODE(os.stat(key_path).st_mode) != int(C.ACCELERATE_KEYS_DIR_PERMS, 8): raise AnsibleError('Incorrect permissions on the private key directory. Use `chmod 0%o %s` to correct this issue, and make sure any of the keys files ' 'contained within that directory are set to 0%o' % (int(C.ACCELERATE_KEYS_DIR_PERMS, 8), C.ACCELERATE_KEYS_DIR, int(C.ACCELERATE_KEYS_FILE_PERMS, 8))) key_path = os.path.join(key_path, hostname) # use new AES keys every 2 hours, which means fireball must not allow running for longer either if not os.path.exists(key_path) or (time.time() - os.path.getmtime(key_path) > 60 * 60 * 2): # avoid race with multiple forks trying to create key # but limit when locking is needed to creation only with(_LOCK): if not os.path.exists(key_path) or (time.time() - os.path.getmtime(key_path) > 60 * 60 * 2): key = AesKey.Generate() # use temp file to ensure file only appears once it has # desired contents and permissions with tempfile.NamedTemporaryFile(mode='w', dir=os.path.dirname(key_path), delete=False) as fh: tmp_key_path = fh.name fh.write(str(key)) os.chmod(tmp_key_path, int(C.ACCELERATE_KEYS_FILE_PERMS, 8)) os.rename(tmp_key_path, key_path) return key if stat.S_IMODE(os.stat(key_path).st_mode) != int(C.ACCELERATE_KEYS_FILE_PERMS, 8): raise AnsibleError('Incorrect permissions on the key file for this host. Use `chmod 0%o %s` to ' 'correct this issue.' % (int(C.ACCELERATE_KEYS_FILE_PERMS, 8), key_path)) fh = open(key_path) key = AesKey.Read(fh.read()) fh.close() return key
def __init__(self): # check if the key.kz file exists try: with open("keys.kz", "r") as fd: data = fd.read() except IOError: print "ERROR: no key file found, generating the file" self.key = AesKey.Generate() with open("keys.kz", "w+") as fd: fd.write(str(self.key)) else: self.key = AesKey.Read(data) if DEBUG: print self.key.key_string print self.key.hmac_key # If keyczar changes their header format this would need to change: # 5 bytes for the header and 16 for the IV self.header_len = 5 + 16 self.block_len = self.key.block_size self.hmac_len = self.key.hmac_key.size / 8 self.overhead = self.header_len + self.hmac_len
#!/usr/bin/python from keyczar.keys import AesKey k = AesKey.Generate() print str(k)
def setUpClass(cls): super(CryptoUtilsTestCase, cls).setUpClass() CryptoUtilsTestCase.test_crypto_key = AesKey.Generate()