%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/modules/win_pki.pyc

�
���^c@@sfdZddlmZmZmZddlZddlZddlZddlZ	ddl
Z	ddlZ	ddlZ	ddl
mZddlmZdZdZdZeje�Zd	Zd
�Zed�Zd�Zd
�Zd�Zeed�Zedd�Zeeee ddd�Z!eeedd�Z"eeeddd�Z#eed�Z$dS(u�
Microsoft certificate management via the PKI Client PowerShell module.
https://technet.microsoft.com/en-us/itpro/powershell/windows/pkiclient/pkiclient

The PKI Client PowerShell module is only available on Windows 8+ and Windows
Server 2012+.
https://technet.microsoft.com/en-us/library/hh848636(v=wps.620).aspx

:platform:      Windows

:depends:
    - PowerShell 4
    - PKI Client Module (Windows 8+ / Windows Server 2012+)

.. versionadded:: 2016.11.0
i(tabsolute_importtunicode_literalstprint_functionN(tSaltInvocationError(tsixuLocalMachineuceruMyuwin_pkicC@s�tjjj�stdfStjjjtdd�dkrHtdfStdd�dsftd	fStjj	j
d
�s�tdfStS(u�
    Requires Windows
    Requires Windows 8+ / Windows Server 2012+
    Requires PowerShell
    Requires PKI Client PowerShell module installed.
    u!Only available on Windows Systemsu	osversionu6.2.9200i����u4Only available on Windows 8+ / Windows Server 2012 +ucmd.shell_infou
powershellu	installeduPowershell not availableuPKIu#PowerShell PKI module not available(tsalttutilstplatformt
is_windowstFalsetversionstversion_cmpt
__grains__t__salt__t
powershellt
module_existst__virtualname__(((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt__virtual__+s
"


cC@s�dg}|r(|jdj|��n
|j|�tdtj�j|�dddt�}|ddkr�tjd	||d
�n|r�y't	j
jj|ddt
�}|SWq�tk
r�tjd
�q�Xn|dS(uh
    Ensure that the Pki module is loaded, and convert to and extract data from
    Json as needed.
    uImport-Module -Name PKI; u5ConvertTo-Json -Compress -Depth 4 -InputObject @({0})ucmd.run_alltshellu
powershelltpython_shelluretcodeiu'Unable to execute command: %s
Error: %sustderrustdouttstrictu$Unable to parse return data as Json.(tappendtformatR
Rt	text_typetjointTruet_LOGterrorRRtjsontloadsR	t
ValueError(tcmdtas_jsontcmd_fulltcmd_rettitems((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt_cmd_runAs"	

$
cC@sCdj|�}tjtd|��s?tdj|���ndS(uS
    Ensure that the certificate path, as determind from user input, is valid.
    uTest-Path -Path '{0}'RuInvalid path specified: {0}N(Rtasttliteral_evalR$R(tnameR((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt_validate_cert_path^scC@s=ddg}||kr9dj||�}t|��ndS(uU
    Ensure that the certificate format, as determind from user input, is valid.
    ucerupfxu>Invalid certificate format '{0}' specified. Valid formats: {1}N(RR(R'tcert_formatstmessage((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt_validate_cert_formaths
cC@stt�}d}td|dt�}xI|D]A}t�||d<x'|dD]}||dj|�qMWq+W|S(u�
    Get the certificate location contexts and their corresponding stores.

    :return: A dictionary of the certificate location contexts and stores.
    :rtype: dict

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.get_stores
    uEGet-ChildItem -Path 'Cert:\' | Select-Object LocationName, StoreNamesRR uLocationNameu
StoreNames(tdictR$RtlistR(tretRR#titemtstore((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt
get_storests
	
cC@s5t�}t�}dg}dj||�}td|�|jdj|��|jd�tdtj�j|�dt	�}x�|D]�}t�}x1|D])}	|	|kr�||	||	j
�<q�q�W|jdd�}
t
|
t�rg|
D]}|jd�^q�|d	<n
g|d	<|||d
<q�W|S(um
    Get the available certificates in the given store.

    :param str context: The name of the certificate store location context.
    :param str store: The name of the certificate store.

    :return: A dictionary of the certificate thumbprints and properties.
    :rtype: dict

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.get_certs
    uDnsNameListu
Cert:\{0}\{1}R'u)Get-ChildItem -Path '{0}' | Select-Objectu8 DnsNameList, SerialNumber, Subject, Thumbprint, VersionRR uUnicodeudnsnamesu
ThumbprintN(R,R-RR(RR$RRRRtlowertgettNonet
isinstance(tcontextR0R.Rtblacklist_keyst
store_pathR#R/t	cert_infotkeytnamesR'((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt	get_certs�s&			

$
	
)
uc	C@s�t�}t�}dg}|j�}td|�|sNtjj|�rbtjd|�|S|dkr�|r�|j	d�|j	d�|j	dj
|��|j	dj
|��|j	d	�|j	d
�q:|j	dj
|��|j	d
�n=|j	d�|j	d�|j	dj
|��|j	d
�td
tj
�j|�dt�}xg|D]_}x1|D])}||krr||||j�<qrqrWg|dD]}|d^q�|d<qeW|r�tjd|�ntjd|�|S(u�
    Get the details of the certificate file.

    :param str name: The filesystem path of the certificate file.
    :param str cert_format: The certificate format. Specify 'cer' for X.509, or
        'pfx' for PKCS #12.
    :param str password: The password of the certificate. Only applicable to pfx
        format. Note that if used interactively, the password will be seen by all minions.
        To protect the password, use a state and get the password from pillar.

    :return: A dictionary of the certificate thumbprints and properties.
    :rtype: dict

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.get_cert_file name='C:\certs\example.cer'
    uDnsNameListR'uPath is not present: %supfxu$CertObject = New-Objectu@ System.Security.Cryptography.X509Certificates.X509Certificate2;u $CertObject.Import('{0}'u,'{0}'u,'DefaultKeySet') ; $CertObjectuH | Select-Object DnsNameList, SerialNumber, Subject, Thumbprint, Versionu"Get-PfxCertificate -FilePath '{0}'u' $CertObject.Import('{0}'); $CertObjectRR uUnicodeudnsnamesu0Certificate thumbprint obtained successfully: %su+Unable to obtain certificate thumbprint: %s(R,R-R2R+tostpathtisfileRRRRR$RRRRtdebug(	R'tcert_formattpasswordR.RR7R#R/R:((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt
get_cert_file�s@			






$

)ubasecC@s(t�}d}dj||�}	|j�}td|�td||�}
|
sgtjd|�tS|r�t	d|
d|d|�}nt	d|
d|�}t
d|d|�}|d	|kr�tjd
|d	|	�tS|dkrw|r|j
dj|��|j
d
�n
|j
d�|j
dj|
��|j
dj|	��|j
d�|r�|j
d�q�n,|j
dj|
��|j
dj|	��tdtj�j|��t
d|d|�}
x#|
D]}||kr�|}q�q�W|rtjd|�tStjd|�tS(u�
    Import the certificate file into the given certificate store.

    :param str name: The path of the certificate file to import.
    :param str cert_format: The certificate format. Specify 'cer' for X.509, or
        'pfx' for PKCS #12.
    :param str context: The name of the certificate store location context.
    :param str store: The name of the certificate store.
    :param bool exportable: Mark the certificate as exportable. Only applicable
        to pfx format.
    :param str password: The password of the certificate. Only applicable to pfx
        format. Note that if used interactively, the password will be seen by all minions.
        To protect the password, use a state and get the password from pillar.
    :param str saltenv: The environment the file resides in.

    :return: A boolean representing whether all changes succeeded.
    :rtype: bool

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.import_cert name='salt://cert.cer'
    u
Cert:\{0}\{1}R'u
cp.cache_fileu%Unable to get cached copy of file: %sRARBR6R0u
thumbprintu8Certificate thumbprint '%s' already present in store: %supfxu0$Password = ConvertTo-SecureString -String '{0}'u -AsPlainText -Force; u5$Password = New-Object System.Security.SecureString; u%Import-PfxCertificate -FilePath '{0}'u -CertStoreLocation '{0}'u -Password $Passwordu -Exportableu"Import-Certificate -FilePath '{0}'Ru%Certificate imported successfully: %su Unable to import certificate: %sN(R-R4RR2R+R
RRR	RCR<R@RRR$RRR(R'RAR6R0t
exportableRBtsaltenvRt
thumbprintR8tcached_source_patht
cert_propst
current_certst	new_certstnew_cert((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pytimport_cert�sT	
	






c	C@sAt�}|j�}dj|||�}|j�}td|�td|�|dkr�|r�|jdj|��|jd�n
|jd�|jdj||��|jd�n|jd	j||��|jd
j|��tjt	dt
j�j|���}|r-t
jd|�nt
jd
|�|S(u�
    Export the certificate to a file from the given certificate store.

    :param str name: The destination path for the exported certificate file.
    :param str thumbprint: The thumbprint value of the target certificate.
    :param str cert_format: The certificate format. Specify 'cer' for X.509, or
        'pfx' for PKCS #12.
    :param str context: The name of the certificate store location context.
    :param str store: The name of the certificate store.
    :param str password: The password of the certificate. Only applicable to pfx
        format. Note that if used interactively, the password will be seen by all minions.
        To protect the password, use a state and get the password from pillar.

    :return: A boolean representing whether all changes succeeded.
    :rtype: bool

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.export_cert name='C:\certs\example.cer' thumbprint='AAA000'
    uCert:\{0}\{1}\{2}R'upfxu0$Password = ConvertTo-SecureString -String '{0}'u -AsPlainText -Force; u5$Password = New-Object System.Security.SecureString; u1Export-PfxCertificate -Cert '{0}' -FilePath '{1}'u -Password $Passwordu.Export-Certificate -Cert '{0}' -FilePath '{1}'u" | Out-Null; Test-Path -Path '{0}'Ru%Certificate exported successfully: %su Unable to export certificate: %s(R-tupperRR2R(R+RR%R&R$RRRRR@R(	R'RFRAR6R0RBRt	cert_pathR.((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pytexport_cert[s.	





'cC@s�t�}|j�}dj|||�}|jdj|��td|�|rc|jd�n|r�|jdj|��n|r�|jdj|��n|jd�tjtdtj	�j
|���S(	u
    Check the certificate for validity.

    :param str thumbprint: The thumbprint value of the target certificate.
    :param str context: The name of the certificate store location context.
    :param str store: The name of the certificate store.
    :param bool untrusted_root: Whether the root certificate is required to be
        trusted in chain building.
    :param str dns_name: The DNS name to verify as valid for the certificate.
    :param str eku: The enhanced key usage object identifiers to verify for the
        certificate chain.

    :return: A boolean representing whether the certificate was considered
        valid.
    :rtype: bool

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.test_cert thumbprint='AAA000' dns_name='example.test'
    uCert:\{0}\{1}\{2}uTest-Certificate -Cert '{0}'R'u -AllowUntrustedRootu -DnsName '{0}'u -EKU '{0}'u -ErrorAction SilentlyContinueR(R-RMRRR(R%R&R$RRR(RFR6R0tuntrusted_roottdns_nametekuRRN((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt	test_cert�s	

cC@s�|j�}dj||�}dj||�}dj|�}td|d|�}||krwtjd||�tStd|�td|�td|d|�}||kr�tjd	|�t	Stjd
|�tS(u�
    Remove the certificate from the given certificate store.

    :param str thumbprint: The thumbprint value of the target certificate.
    :param str context: The name of the certificate store location context.
    :param str store: The name of the certificate store.

    :return: A boolean representing whether all changes succeeded.
    :rtype: bool

    CLI Example:

    .. code-block:: bash

        salt '*' win_pki.remove_cert thumbprint='AAA000'
    u
Cert:\{0}\{1}u{0}\{1}uRemove-Item -Path '{0}'R6R0u,Certificate '%s' already absent in store: %sR'Ru Unable to remove certificate: %su$Certificate removed successfully: %s(
RMRR<RR@RR(R$RR	(RFR6R0R8RNRRIRJ((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pytremove_cert�s"

(%t__doc__t
__future__RRRR%tloggingR=tsalt.utils.jsonRtsalt.utils.platformtsalt.utils.powershelltsalt.utils.versionstsalt.exceptionsRtsalt.extRt_DEFAULT_CONTEXTt_DEFAULT_FORMATt_DEFAULT_STOREt	getLoggert__name__RRRR	R$R(R+R1R<RCRRLRORSRT(((s8/usr/lib/python2.7/site-packages/salt/modules/win_pki.pyt<module>sL		
		+DZ=*

Zerion Mini Shell 1.0