%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/auth/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/auth/pki.pyc

�
���^c@@s�dZddlmZmZmZddlZy�yddlmZeZ	Wn[e
k
r�eZ	yddlm
Z
Wn!e
k
r�ddlm
Z
nXddlZnXeZWne
k
r�eZnXddlZeje�Zd�Zd�ZdS(uz
Authenticate via a PKI certificate.

.. note::

    This module is Experimental and should be used with caution

Provides an authenticate function that will allow the caller to authenticate
a user via their public cert against a pre-defined Certificate Authority.

TODO: Add a 'ca_dir' option to configure a directory of CA files, a la Apache.

:depends:    - pyOpenSSL module
i(tabsolute_importtprint_functiontunicode_literalsN(tX509(tasn1cC@str
tStS(u/
    Requires newer pycrypto and pyOpenSSL
    (tHAS_DEPStTruetFalse(((s1/usr/lib/python2.7/site-packages/salt/auth/pki.pyt__virtual__.scK@s?|}tdd�}tjd�tjd|�tjd|�tr�tj|tj�}tj|tj�}|j|j	��r�tj
dj|��tStj
dj|��t
Sntj}|j|j|�}tjjj|��"}|j|j|j��}WdQX|j�}	|j|j|�}
tj�}|j|
�|d	}|d
}
tj�}|j|
�|j}|d	dkr�td��n|d
}y\|j||||	�t |j!�j"��d|ks�t#d��tj
d|�tSWn-tjj$t#fk
r:tj
d|�nXt
S(u�
    Returns True if the given user cert (password is the cert contents)
    was issued by the CA and if cert's Common Name is equal to username.

    Returns False otherwise.

    ``username``: we need it to run the auth function from CLI/API;
                  it should be in master config auth/acl
    ``password``: contents of user certificate (pem-encoded user public key);
                  why "password"? For CLI, it's the only available name

    Configure the CA cert in the master config file:

    .. code-block:: yaml

        external_auth:
          pki:
            ca_file: /etc/pki/tls/ca_certs/trusted-ca.crt
            your_user:
              - .*
    u
config.getuexternal_auth:pki:ca_fileu#Attempting to authenticate via pki.uUsing CA file: %suCertificate contents: %su+Successfully authenticated certificate: {0}u'Failed to authenticate certificate: {0}Niiuu Number of unused bits is strangeiuCNu*Certificate's CN should match the usernameu*Successfully authenticated certificate: %su&Failed to authenticate certificate: %s(%t__salt__tlogtdebugtHAS_M2Rtload_cert_stringt
FORMAT_PEMt	load_certtverifyt
get_pubkeytinfotformatRRtOpenSSLtcryptotload_certificatetFILETYPE_PEMtsalttutilstfilestfopentreadtget_signature_algorithmtdump_certificatet
FILETYPE_ASN1RtDerSequencetdecodet	DerObjecttpayloadt	Exceptiontdicttget_subjecttget_componentstAssertionErrortError(tusernametpasswordtkwargstpemtcacert_filetcerttcacerttctftalgot	cert_asn1tdertder_certtder_sigt
der_sig_intsig0tsig((s1/usr/lib/python2.7/site-packages/salt/auth/pki.pytauth7sJ
	!



	
.(t__doc__t
__future__RRRtloggingtM2CryptoRRRtImportErrorRtCryptodome.UtilRtCrypto.UtilRRtsalt.utils.filesRt	getLoggert__name__R
RR;(((s1/usr/lib/python2.7/site-packages/salt/auth/pki.pyt<module>s(







Zerion Mini Shell 1.0