ó h'dWc@sŠdZddlZddlZddlmZddlmZmZmZddl m Z m Z m Z m Z mZmZmZmZddlmZmZmZmZmZmZmZmZmZmZdZdZe d d d d ƒZe d ƒZ!eddƒZ"de fd„ƒYZ#de#fd„ƒYZ$e$ƒZ%de#fd„ƒYZ&de#fd„ƒYZ'd e#fd„ƒYZ(d„Z)dS(s/ module to define API Authentication Container iÿÿÿÿN(t namedtuple(tPopentCalledProcessErrortsystem_temp_path(tenumt AIServerErrort ERROR_TYPEtEventsGeneratort CreatedEventt DeletedEventtObjectChangedEventt MACAddress( t SRC_CLI_DEFtSRC_CIDt SRC_SERVERtSRC_SVCtSRC_CAt AISecurityt calc_hashtAUTH_CACERTFILE_DIRNAMEt CLNT_DFLTt HASHSUFFIXs/usr/bin/pktools/usr/bin/openssltKEYt CERTIFICATEtFWtNONEt0123456789abcdefABCDEFtFW_KEYSs aes, sha1t AuthContainercBsÝeZdZddd„Zd„Zd„Zed„ƒZed„ƒZ ed„ƒZ e j d„ƒZ ed„ƒZ e j d „ƒZ d „Z d „Zddd „Zdd „Zed„ƒZd„Zd„ZRS(sóBase Authentication Container The following event types are possible for the AuthContainer and the appropriate children: - ObjectChangedEvent - CreatedEvent - DeletedEvent Certificate, Key and FW classes should be used instead of this base class. Parameter auth_type - an enum of AUTH_TYPE must be KEY, CERTIFICATE, or FW, required, handled by subclasses Certificate, Key and FW source - a string containing the source of the certificate data, required contents - string containing the authority data file_path - string pointing to the credential file Return Value None Raises AIServerError for an unknown Authority type cCs<tt|ƒjtttgƒ|dks=|tjƒkrXt t j t dƒƒ‚n|dks|t ttttfkršt t j t dƒƒ‚n|dk rÍ|dk rÍt t j t dƒƒ‚n|dk r tjj|ƒ r t t j t dƒ|ƒ‚n||_||_||_||_d|_dS(sInitialize the Auth ContainersUnknown authentication type.sUnknown authentication source.s.file_path and contents are mutually exclusive.sFile (%s) not foundN(tsuperRt__init__R RR tNonet AUTH_TYPEtvaluesRRt INVALID_VALUEt_R R RRRtostpathtexistst_AuthContainer__auth_typet_AuthContainer__sourcet_AuthContainer__contentst_AuthContainer__file_patht error_msg(tselft auth_typetsourcetcontentst file_path((sauth.pyRQs(         cCs t|jƒS(s7returns the string representation of the Auth Container(tstrR/(R,((sauth.pyt__repr__mscCsd|_d|_dS(s-clears out the contents and file_path membersN(RR)R*(R,((sauth.pytclearqs cCs|jS(sreturns auth_type member(R'(R,((sauth.pyR-vscCs|jS(sreturns source member(R((R,((sauth.pyR.{scCs^d}|jdk r!|j}n9|jdk rZt|jdƒ}|jƒ}WdQXn|S(sreturns contents membertrN(RR)R0topentread(R,t contents_datatfobj((sauth.pyR/€s cCs||_d|_dS(sassigns contents memberN(R)RR*(R,tvalue((sauth.pyR/Œs cCs|jS(sreturns file_path member(R*(R,((sauth.pyR0’scCsN|r8tjj|ƒ r8ttjtdƒ|ƒ‚n||_d|_ dS(sassigns file_path membersFile (%s) not foundN( R$R%R&RRR"R#R*RR)(R,R9((sauth.pyR0—s   cCs||_d|_dS(s¿updates the contents member, a side effect is that the file_path member is set to None. Parameter content - new contents data for the Authority container N(R)RR*(R,t new_contents((sauth.pytupdate_contents s cCsN|r8tjj|ƒ r8ttjtdƒ|ƒ‚n||_d|_ dS(s¶updates the file_path member, a side effect is that the contents member is set to None. Parameter new_path - new path for the Authority container sFile (%s) not foundN( R$R%R&RRR"R#R*RR)(R,tnew_path((sauth.pytupdate_file_pathªs   cCsxd}|dk r(|j|ƒ}}n@|dk r=|}n+|jdk rX|j}n|jƒ}}|||kfS(s5returns the path to use and if it is a temporary pathN(Rt _save_tempR0(R,R/R0t temp_pathR%((sauth.pyt correct_path¸s    cCs|d kr6|jd kr6ttjtdƒƒ‚n|jtjkrQd}n<|jtj krld}n!|jtj kr‡d}nd}t j d|dt ƒƒ\}}|d krÃ|jn|}tj||ƒ}|t|ƒkrttjtdƒƒ‚ntj|ƒ|S( sÉsave the contents temporarily Parameter contents - contents data for the Authority container, optional Raises AIServerError - if contents are not saved sNothing to savetkey_tcrt_tfw_tunknown_tprefixtdirsContents write failed.N(RR/RRR"R#R-R RRRttempfiletmkstempRR)R$twritetlent RUNTIME_ERRORtclose(R,R/REtfdescR%tdatat write_len((sauth.pyR>Æs&      cCs|jdko|jdkS(s/property to check if the AuthContainer is emptyN(R)RR0(R,((sauth.pytis_emptyæscCs d|_dS(sclear the error messageN(RR+(R,((sauth.pyt clear_errorëscCs ||_dS(sset the error messageN(R+(R,terror((sauth.pyt set_error_msgïsN(t__name__t __module__t__doc__RRR2R3tpropertyR-R.R/tsetterR0R;R=R@R>RPRQRS(((sauth.pyR7s"      t _AuthNonecBsVeZdZd„Zed„ƒZed„ƒZed„ƒZd„Zd„Z RS(s¯Authentication None class - subclass of AuthContainer _AuthNone is a private AuthContainer. Use AUTH_NONE instead to create an AuthContainer equivalent to None. cCs)tt|ƒjtjtƒd|_dS(sAuthNone class initializers**UNASSIGNED**N(RRYRR RRt_hash(R,((sauth.pyRúscCstt|ƒjS(N(RRYR0(R,((sauth.pyR0ÿscCstt|ƒjS(N(RRYR/(R,((sauth.pyR/scCs|jS(s#returns the hash of the certificate(RZ(R,((sauth.pythashscCsttdƒƒ‚dS(svprevents updates to the contents member from the parent class Parameter content - ignored s1Updating the contents of AuthNone is not allowed.N(tAttributeErrorR#(R,t _new_contents((sauth.pyR; scCsttdƒƒ‚dS(sxprevents updates to the file_path member from the parent class Parameter new_path - ignored s2Updating the file_path of AuthNone is not allowed.N(R\R#(R,t _new_path((sauth.pyR=s( RTRURVRRWR0R/R[R;R=(((sauth.pyRYôs  t CertificatecBsòeZdZdddd„Zd„Zed„ƒZdddd„Zd„Z ed„ƒZ e j d„ƒZ ed„ƒZ e j d „ƒZ ddd „Z d „Zed „ƒZed „ƒZd„Zed„ƒZed„ƒZRS(sÈAuthentication Certificate class - subclass of AuthContainer Certificate can be either a CA certificate or a simple certificate. If it is a CA certificate then the uses method can be used to determine the usage of the CA certificate. If it is a simple certificate then a CA certificate can be associated with it. Parameter source - a string containing the source of the certificate data, required contents - a string containing the certificate data, optional, mutually exclusive with file_path file_path - string pointing to the certificate file, optional, mutually exclusive with contents cacert - a Certificate container for the CA certificate, optional Return Value None Raises AIServerError - if contents is not None and not a valid certificate if cacert is not None and not a Certificate container cCs¾tt|ƒjtj|d|d|ƒ|dk r_t|tƒ r_ttj t dƒƒ‚n||_ d|_ |dk s‰|dk r±|j ƒ r±ttj t dƒƒ‚nd|_dS(s,Initialize a Certificate Authority ContainerR/R0s%cacert must be a Certificate or None.sInvalid certificate.N(RR_RR RRt isinstanceRRR"R#tcacertRZtverifyt_pktool_output(R,R.R/R0Ra((sauth.pyR:s     cCsr|jrtdƒS|jƒs)tdƒS|j\}}}}tdƒi|jd6|d6|d6|d6|d6S(NsBlank Certificates[Identifier hash: %(hash)s Subject: %(sub)s Issuer: %(issuer)s Valid from %(from)s to %(to)sR[tsubtissuertfromtto(RPR#RbR1Rt cert_infoR[(R,tsubjectRet valid_fromtvalid_to((sauth.pyR2Ns     c Cs¿g}|jr|Stƒ}|j}|jƒ}|rwx=|dD].}|t|ƒkrB|jtdƒƒqBqBWntjj |j t t |t ƒ}tjj|ƒrÓ|t|ƒkrÓ|jtdƒƒntjj|jƒr{xtj|jƒD]y}tjj |j|t |t ƒ}tjj|ƒrû|t|ƒkrû|jtdƒdj t|dƒƒƒqûqûWntjj|jƒrx}tj|jƒD]f} tjj |j| t |t ƒ} tjj| ƒr£|t| ƒkr£|jtdƒ| ƒq£q£Wn|j} | rYtjj| ƒrY|t| ƒkrY|jtdƒƒn|j} | r¢tjj| ƒr¢|t| ƒkr¢|jtd ƒƒnt|ƒr²|Std ƒgS( s÷returns a list of strings describing the use(s) for this CA Certificate, based on the hash. If cert is empty, an empty list is returned. If no uses are discovered, a list containing 'Unknown' is returned. is'Note: this is the server CA certificatesClient defaultsClient t:isService s(Note: this is the signing CA certificates%Note: this is the root CA certificatetUnknown(RPRR[tget_server_cacrtRtappendR#R$R%tjointauth_client_dirRRRR&tauth_client_cid_dirtlistdirR tauth_service_dirtsigning_cacrt_pathtroot_cacrt_pathRJ( R,tusestsecobjt cert_hashtserver_cacrt_patht cert_pathtdefault_client_pathtcidtcid_pathtsvctsvc_pathRuRv((sauth.pyRw[sX      4 !  cCs|r'|r'ttjtdƒƒ‚n|jƒ|dkro|jdkro|dkro|jtdƒƒtS|j d|d|ƒ\}}|j dkr<|dkr<dt |f}zUy-t j |jƒdt jdt jƒtSWn!tk r }|j|ƒtSXWd|r8tjj|ƒr8tj|ƒnXn|dk rst|tƒ rsttjtd ƒƒ‚n|dk r½x;|D]0}t|tƒs†ttjtd ƒƒ‚q†q†Wn|rÉ|n|j } t| tƒsí| g} nd } x| D]} | | j7} qúWtjd d dtƒƒ\} } tj| | ƒtj| ƒdt | |f}ziyAt j |jƒdt jdt jƒ}|jj dƒdkSWn!tk rÉ}|j|ƒtSXWd|rötjj|ƒrötj|ƒntjj| ƒrtj| ƒnXdS(s˜verify the certificate against the CA certificate Paramater cacert - a list of Certificate containers containing the CA certificates to validate against, optional contents - the data for the Certificate container to be verified, optional, mutually exclusive with file_path file_path - the path of the Certificate to be verified, optional, mutually exclusive with contents Return Value True if a valid certificate is represented else False Raises AIServerError - if cacert is None or not a Certificate s.file_path and contents are mutually exclusive.sBlank certificate.R/R0s%s x509 -noout -text -in %ststdouttstderrNs Invalid list of CA certificates.sInvalid CA certificate.tREt ca_certs_RFs%s verify -CAfile %s %stOKiÿÿÿÿ(!RRR"R#RQRR/RStFalseR@RatOPENSSLRt check_calltsplittDEVNULLtTrueRR$R%R&tremoveR`tlistR_RGRHRRIRLtSTORERtfind(R,RaR/R0R%R?tcmd_strRRt a_ca_certtcacertst ca_contentstca_certRMtca_pathtprocess((sauth.pyRbžsh   '             cCsw|dkrd|_dSt|tƒsCttjtdƒƒ‚n|jƒr[||_nttjtdƒƒ‚dS(sUpdate the CA certificate Parameter cacert - a Certificate Authority container for the CA certificate, optional Return Value None Raises AIServerError - if cacert is not a Certificate NsNot a CA certificate.sNot a valid CA certificate.( RRaR`R_RRR"R#Rb(R,Ra((sauth.pyt update_cacertìs      cCstt|ƒjS(s returns the certificate contents(RR_R/(R,((sauth.pyR/scCs£|tt|ƒjkr+|jdkr+dS|dk rY|jd|ƒrY|j|ƒn4|dkru|jdƒnttj t dƒƒ‚d|_ d|_ dS(s(assigns the contents for the CertificateNR/sNot a valid certificate.( RR_R/R0RRbR;RRR"R#RZRc(R,R9((sauth.pyR/ s   cCstt|ƒjS(s!returns the certificate file_path(RR_R0(R,((sauth.pyR0scCsÈ|tt|ƒjkrdS|rPtjj|ƒ rPttjt dƒƒ‚n|dk r~|j d|ƒr~|j |ƒn4|dkrš|j dƒnttjt dƒƒ‚d|_ d|_dS(s)assigns the file_path for the CertificateNsInvalid certificate file path.R0sNot a valid certificate.(RR_R0R$R%R&RRR"R#RRbR=RZRc(R,R9((sauth.pyR0!s    cCs°|dkr&|dkr&|jƒdS|dk rT|jd|ƒrT|j|ƒnF|dk r‚|jd|ƒr‚|j|ƒnttjtdƒƒ‚d|_ d|_ dS(s²Update the certificate Parameter contents - certificate data for the Certificate container, optional, mutually exclusive with file_path file_path - file path for the Certificate container, optional, mutually exclusive with contents Return Value None Raises AIServerError if openssl terminates improperly NR/R0sNot a valid certificate.( RR3RbR;R=RRR"R#RZRc(R,R/R0((sauth.pyt update_cert5s   cCs|j|jkS(sReturns True if hashes equal(R[(R,tother((sauth.pyt__eq__RscCsç|jdkrdS|jdkrà|jƒ\}}dt|f}z[y+tj|jƒdtjdtjƒ}Wn)t k rt t j t dƒƒ‚nXWd|rÊtjj|ƒrÊtj|ƒnX|jjƒ|_n|jS(s~Return the hash value of the certificate Raises AIServerError - if openssl terminates improperly s%s x509 -hash -in %s -nooutRR‚s-Unable to calculate the hash for certificate.N(R/RRZR@R‡RRˆR‰tPIPERRRRKR#R$R%R&RŒRtstrip(R,R%R?RR–((sauth.pyR[Vs   cCs³|dkr'ttjtdƒƒ‚n|jƒ}t|ƒdkr`ttjtdƒƒ‚n|djg|D]}|tkrp|^qpƒkr¯ttjtdƒƒ‚ndS(svalidate the certificate hash Args: cert_hash - a hexidecimal hash for a certificate Raises: AIServerError - if the hash has invalid digits or not 8 characters. returns - nothing sMust provide a hash valueisInvalid hash lengthRƒsInvalid hash digitN( RRRR"R#RœRJRpt HEXDIGITS(tclsRytx((sauth.pyt validate_hashrs    4 cCsÌ|jdkrtSt|tƒ s2|jdkr6tS|j|jkrLtS|jƒ\}}dt|f}z[y+tj |j ƒdtj dtj ƒ}Wn)t k rÇt tjtdƒƒ‚nXWd|rôtjj|ƒrôtj|ƒnX|jjdƒ}|jƒ\}}dt|f}z[y+tj |j ƒdtj dtj ƒ}Wn)t k r‚t tjtdƒƒ‚nXWd|r¯tjj|ƒr¯tj|ƒnX|jjdƒ}||kS( s)verify that the key is the correct one for the certificate Parameter key - a Key Authority Container Return Value True if key and certificate are pairs else False Raises AIServerError - if modulus fails for key or certificate s%s x509 -noout -modulus -in %sRR‚s,Unable to determine modulus for certificate.Ns s%s rsa -noout -modulus -in %ss$Unable to determine modulus for key.(R/RR†R`tKeyR.R@R‡RRˆR‰R›RRRRKR#R$R%R&RŒRRœ(R,tkeyR%R?RR–tcert_modtkey_mod((sauth.pyt matching_keyŠs>     cCsÚ|jd krÓ|jƒ\}}tdddd|g}zjy:tj|dtjdtjƒ}|jjdƒ|_Wn)t k r¢t t j t dƒƒ‚nXWd |rÏtjj|ƒrÏtj|ƒnXn|jS( sReturn the stdout from 'pktool list' on the cert. The output from pktool is presumed to not change over the lifetime of the cert, therefore the output is saved on first retrieval and then referenced on subsequent querys. Rs keystore=files keyvalue=ys infile=%sRR‚s s.Error: unable to inspect certificate contents.N(RcRR@tPKTOOLRRˆRŽRRœRRRRKR#R$R%R&RŒ(R,R%R?tcmdtproc((sauth.pyt pktool_output¼s     cCs |jdkrdS|j}|jdƒtdƒ}||jdƒ|}|jdƒtdƒ}||jdƒ|}|jdƒtdƒ}||jdƒ|}|jdƒtdƒ}||jdƒ|} |||!} |||!} |||!} ||| !} | | | | fS(sReturns a tuple of 4 strings: (subject, issuer, valid_from, valid_to) Method parses the output from "pktool list", and presumes that the row labels in the output are not localized thus the label's are hardcoded here. sSubject:s sIssuer:s Not Before:s Not After:N(NNNN(R/RR©RRJ(R,toutputt subject_startt subject_endt issuer_startt issuer_endtfrom_date_startt from_date_endt to_date_startt to_date_endRiReRjRk((sauth.pyRhÕs      N(RTRURVRRR2RWRwRbR—R/RXR0R˜RšR[t classmethodR R¥R©Rh(((sauth.pyR_"s" CN   2R¡cBseZdZd d d„Zd„Zed„ƒZejd„ƒZed„ƒZ e jd„ƒZ d d d„Z d„Z d d d „Z RS( sÝAuthenitcation Key class - subclass of AuthContainer Parameter source - a string containing the source of the key data, required contents - a string containing the key data, optional, mutually exclusive with file_path file_path - the path of the key, optional, mutually exclusive with contents Return Value None Raises AIServerError - if contents is not None and not a valid key cCsltt|ƒjtj|d|d|ƒ|dk s@|dk rh|jƒ rhttj t dƒƒ‚ndS(s$Initialize a Key Authority ContainerR/R0s Invalid key.N( RR¡RR RRRbRRR"R#(R,R.R/R0((sauth.pyRs !  cCs-|jƒrtdƒS|jr)tdƒSdS(Ns Private Keys Blank Key(RbR#RP(R,((sauth.pyR2s   cCstt|ƒjS(sreturns the contents of the Key(RR¡R/(R,((sauth.pyR/scCs‘|tt|ƒjkr+|jdkr+dS|dk rY|jd|ƒrY|j|ƒn4|dkru|jdƒnttj t dƒƒ‚dS(sassigns the contents of the KeyNR/sNot a valid key.( RR¡R/R0RRbR;RRR"R#(R,R9((sauth.pyR/s  cCstt|ƒjS(s)returns the contents of the Key file_path(RR¡R0(R,((sauth.pyR0(scCs¶|tt|ƒjkrdS|rPtjj|ƒ rPttjt dƒƒ‚n|dk r~|j d|ƒr~|j |ƒn4|dkrš|j dƒnttjt dƒƒ‚dS(s!assigns the file_path for the KeyNsInvalid Key file path.R0sNot a valid Key.( RR¡R0R$R%R&RRR"R#RRbR=(R,R9((sauth.pyR0-s   cCs6|r'|r'ttjtdƒƒ‚n|jƒ|d kro|jd kro|d kro|jtdƒƒtS|j d|d|ƒ\}}dt |f}ziyAt j |j ƒdt jdt jƒ}|jjdƒd kSWn!tk r}|j|ƒtSXWd |r1tjj|ƒr1tj|ƒnXd S( s/verify that the source is a proper key Parameter contents - the data for the Key container to be verified, optional, mutually exclusive with file_path file_path - the path of the Key to be verified, optional, mutually exclusive with contents Return Value True if a valid key is represented else False Raises AIServerError - if the contents length does not match what was written out, from super class s.file_path and contents are mutually exclusive.s Blank key.R/R0s%s rsa -check -noout -in %sRR‚tokiÿÿÿÿN(RRR"R#RQRR/RSR†R@R‡RRˆR‰RŽRRRR$R%R&RŒ(R,R/R0R%R?RR–RR((sauth.pyRb?s(   '   cCsê|jdkr"|jdkr"tSt|tƒ sP|jdkrT|jdkrTtS|j|jkrjtS|jƒ\}}dt|f}z[y+t j |j ƒdt j dt j ƒ}Wn)t k råttjtdƒƒ‚nXWd|rtjj|ƒrtj|ƒnX|jjdƒ}|jƒ\}}dt|f}z[y+t j |j ƒdt j dt j ƒ}Wn)t k r ttjtdƒƒ‚nXWd|rÍtjj|ƒrÍtj|ƒnX|jjdƒ}||kS( s2verify that the certificate is the correct one for the key Parameter cert - a Certificate Authority Container Return Value True if key and certificate are pairs else False Raises AIServerError - if modulus fails for key or certificate s%s rsa -noout -modulus -in %sRR‚s$Unable to determine modulus for key.Ns s%s x509 -noout -modulus -in %ss,Unable to determine modulus for certificate.(R/RR0R†R`R_R.R@R‡RRˆR‰R›RRRRKR#R$R%R&RŒRRœ(R,tcertR%R?RR–R¤R£((sauth.pyt matching_cerths@     cCsž|dkr&|dkr&|jƒdS|dk rT|jd|ƒrT|j|ƒnF|dk r‚|jd|ƒr‚|j|ƒnttjtdƒƒ‚dS(s”Update the key Parameter contents - key data for the Key container, optional, mutually exclusive with file_path file_path - file path for the Key container, optional, mutually exclusive with contents Return Value None Raises AIServerError - if openssl terminates improperly NR/R0sNot a valid key.( RR3RbR;R=RRR"R#(R,R/R0((sauth.pyt update_key›s  N( RTRURVRRR2RWR/RXR0RbR¶R·(((sauth.pyR¡ôs ) 3cBs†eZdZd d d„Zd„Zed„ƒZejd„ƒZed„ƒZ e jd„ƒZ d d d„Z d d d„Z RS( söAuthentication Firmware class - subclass of AuthContainer Parameter source - a string containing the source of the FW data, required contents - a string containing the key data, optional, mutually exclusive with file_path file_path - the path of the FW Key to be verified, optional, mutually exclusive with contents Return Value None Raises AIServerError - if contents is not None and not a valid FW Key cCsltt|ƒjtj|d|d|ƒ|dk s@|dk rh|jƒ rhttjt dƒƒ‚ndS(s2Initialize a FW (Firmware) Key Authority ContainerR/R0sInvalid FW key.N( RRRR RRbRRR"R#(R,R.R/R0((sauth.pyRÇs !  cCsõ|jrtdƒS|jƒ\}}dt|f}z[y+tj|jƒdtjdtjƒ}Wn)tk rŽt t j tdƒƒ‚nXWd|r»t j j|ƒr»t j|ƒnX|jjdƒjdƒ}t|ƒdkrñ|dSdS( Ns Empty FW Keys6%s list keystore=file objtype=key keyvalue=y infile=%sRR‚sInvalid FW contents.s Rli(RPR#R@R¦RRˆR‰RŽRRRR"R$R%R&RŒRRœRJ(R,R%R?RR–tkeyout((sauth.pyR2Ðs"     cCstt|ƒjS(s"returns the contents of the FW key(RRR/(R,((sauth.pyR/æscCs‘|tt|ƒjkr+|jdkr+dS|dk rY|jd|ƒrY|j|ƒn4|dkru|jdƒnttj t dƒƒ‚dS(s"assigns the contents of the FW keyNR/sNot a valid FW key.( RRR/R0RRbR;RRR"R#(R,R9((sauth.pyR/ës  cCstt|ƒjS(s"returns the contents of the FW key(RRR0(R,((sauth.pyR0úscCsé|tt|ƒjkrdS|rPtjj|ƒ rPttjt dƒƒ‚n|rƒtjj |ƒrƒttjt dƒƒ‚n|dk r±|j d|ƒr±|j |ƒn4|dkrÍ|j dƒnttjt dƒƒ‚dS(s$assigns the file_path for the FW keyNsInvalid FW key file path.R0sNot a valid FW key.(RRR0R$R%R&RRR"R#tisdirRRbR=(R,R9((sauth.pyR0ÿs    cCs*|jƒ|dkrH|jdkrH|dkrH|jtdƒƒtS|r{tjj|ƒr{|jtdƒ|ƒtS|j d|d|ƒ\}}dt |f}zQy)t j |j ƒdt jdt jƒWn!tk rø}|j|ƒtSXWd|r%tjj|ƒr%tj|ƒnXtS( sªverify that the contents are a proper key Parameter contents - data for the FW Authority Container, optional, mutually exclusive with file_path file_path - the path of the FW Key to be verified, optional, mutually exclusive with contents Return Value True if key is valid else False Raises None s Blank FW.sInvalid FW file_path (%s).R/R0s6%s list keystore=file objtype=key keyvalue=y infile=%sRR‚N(RQRR/RSR#R†R$R%R¹R@R¦RRˆR‰RŽRR&RŒR‹(R,R/R0R%R?RRR((sauth.pyRbs* '   cCsž|dkr&|dkr&|jƒdS|dk rT|jd|ƒrT|j|ƒnF|dk r‚|jd|ƒr‚|j|ƒnttjtdƒƒ‚dS(s›Update the key Parameter contents - key data for the FW Key container, optional, mutually exclusive with file_path file_path - file path for the FW Key container, optional, mutually exclusive with contents Return Value None Raises AIServerError - if openssl terminates improperly NR/R0sNot a valid key.( RR3RbR;R=RRR"R#(R,R/R0((sauth.pyR·>s  N( RTRURVRRR2RWR/RXR0RbR·(((sauth.pyR·s )cCs÷|tttfkr0ttjtdƒƒ‚ny›|dkrN||ƒ}n|tjj |ƒru||d|ƒ}nUtjj |ƒs™tjj |ƒr¸ttjtdƒ|ƒ‚n||d|ƒ}Wn%t k rò}ttj|ƒ‚nX|S(sLcreates a credential of type the_class from the source and contents Parameters the_class - the class for the credential -- Certificate, Key or FW source - the source of the credential -- server, service, ca, cid, client_default contents - a string of the contents for the credential Return Value An instance of the_class - Certificate, Key or FW Raises AIServerError - if the_class raises a ValueError Or if the_class is not a Certificate, Key or FW class sInvalid class type.tgenerateR0sInvalid credential file (%s)R/( R_R¡RRRR"R#R$R%tisfiletislinkR¹t ValueError(t the_classR.R/tcredterr((sauth.pytmake_credential[s $ (*RVR$RGt collectionsRtsolaris_installRRRtsolaris_install.ai.serverRRRRRR R R t+solaris_install.ai.server.internal.securityR R RRRRRRRRR¦R‡R tsetRRRRYt AUTH_NONER_R¡RRÁ(((sauth.pyts.  :F  ½+ ÿÓä