ó =OXc@sìdZddlZddlmZddlZddlmZddlmZddl m Z ddl m Z m Z mZddlmZdd lmZdd lmZmZmZmZdd lmZmZd efd „ƒYZdS(s! Common API for all public keys. iÿÿÿÿN(t unhexlify(tmd5(tdefault_backend(t serialization(t algorithmstmodestCipher(tutil(to600(tut encodebytest decodebytestb(t SSHExceptiontPasswordRequiredExceptiontPKeycBsDeZdZiiejd6dd6dd6ejd6d6iejd6dd6dd6ejd6d 6Zddd „Z d „Z d „Z d „Z d„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zedd„ƒZedd„ƒZdd„Zdd„Zdd„Zdd„Zdd„Zdd„ZRS(s% Base class for public keys. tcipheritkeysizet blocksizetmodes AES-128-CBCiis DES-EDE3-CBCcCsdS(sI Create a new instance of this public key type. If ``msg`` is given, the key's public part(s) will be filled in from the message. If ``data`` is given, the key's public part(s) will be filled in from the string. :param .Message msg: an optional SSH `.Message` containing a public key of this type. :param str data: an optional string containing a public key of this type :raises SSHException: if a key cannot be created from the ``data`` or ``msg`` given, or no key was passed in. N((tselftmsgtdata((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt__init__;scCstƒS(sÇ Return a string of an SSH `.Message` made up of the public part(s) of this key. This string is suitable for passing to `__init__` to re-create the key object later. (tbytes(R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytasbytesLscCs |jƒS(N(R(R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt__str__TscCsJt|ƒ}t|ƒ}||kr1t||ƒSt|jƒ|jƒƒS(sB Compare this key to another. Returns 0 if this key is equivalent to the given key, or non-0 if they are different. Only the public parts of the key are compared, so a public key will compare equal to its corresponding private key. :param .Pkey other: key to compare to. (thashtcmpR(Rtotherthstho((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt__cmp__Xs    cCst|ƒt|ƒkS(N(R(RR((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt__eq__gscCsdS(sË Return the name of this private key implementation. :return: name of this private key type, in SSH terminology, as a `str` (for example, ``"ssh-rsa"``). t((R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytget_namejscCsdS(s¸ Return the number of significant bits in this key. This is useful for judging the relative security of a key. :return: bits in the key (as an `int`) i((R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytget_bitstscCstS(sf Return ``True`` if this key has the private part necessary for signing data. (tFalse(R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytcan_sign}scCst|jƒƒjƒS(sã Return an MD5 fingerprint of the public part of this key. Nothing secret is revealed. :return: a 16-byte `string ` (binary) of the MD5 fingerprint, in SSH format. (RRtdigest(R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytget_fingerprint„s cCs"tt|jƒƒƒjddƒS(s+ Return a base64 string containing the public part of this key. Nothing secret is revealed. This format is compatible with that used to store public key files or recognized host keys. :return: a base64 `string ` containing the public part of the key. s R"(R R Rtreplace(R((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt get_base64scCstƒS(sç Sign a blob of data with this private key, and return a `.Message` representing an SSH signature message. :param str data: the data to sign. :return: an SSH signature `message <.Message>`. (R(RR((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt sign_ssh_data™scCstS(s\ Given a blob of data, and an SSH message representing a signature of that data, verify that it was signed with this key. :param str data: the data that was signed. :param .Message msg: an SSH signature message :return: ``True`` if the signature verifies correctly; ``False`` otherwise. (R%(RRR((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytverify_ssh_sig£s cCs|d|d|ƒ}|S(sŸ Create a key object by reading a private key file. If the private key is encrypted and ``password`` is not ``None``, the given password will be used to decrypt the key (otherwise `.PasswordRequiredException` is thrown). Through the magic of Python, this factory method will exist in all subclasses of PKey (such as `.RSAKey` or `.DSSKey`), but is useless on the abstract PKey class. :param str filename: name of the file to read :param str password: an optional password to use to decrypt the key file, if it's encrypted :return: a new `.PKey` based on the given private key :raises IOError: if there was an error reading the file :raises PasswordRequiredException: if the private key file is encrypted, and ``password`` is ``None`` :raises SSHException: if the key file is invalid tfilenametpassword((tclsR-R.tkey((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytfrom_private_key_file¯scCs|d|d|ƒ}|S(sû Create a key object by reading a private key from a file (or file-like) object. If the private key is encrypted and ``password`` is not ``None``, the given password will be used to decrypt the key (otherwise `.PasswordRequiredException` is thrown). :param file_obj: the file-like object to read from :param str password: an optional password to use to decrypt the key, if it's encrypted :return: a new `.PKey` based on the given private key :raises IOError: if there was an error reading the key :raises PasswordRequiredException: if the private key file is encrypted, and ``password`` is ``None`` :raises SSHException: if the key file is invalid tfile_objR.((R/R2R.R0((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytfrom_private_keyÇscCstdƒ‚dS(s’ Write private key contents into a file. If the password is not ``None``, the key is encrypted before writing. :param str filename: name of the file to write :param str password: an optional password to use to encrypt the key file :raises IOError: if there was an error writing the file :raises SSHException: if the key is invalid sNot implemented in PKeyN(t Exception(RR-R.((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytwrite_private_key_fileÜs cCstdƒ‚dS(sŸ Write private key contents into a file (or file-like) object. If the password is not ``None``, the key is encrypted before writing. :param file_obj: the file-like object to write into :param str password: an optional password to use to encrypt the key :raises IOError: if there was an error writing to the file :raises SSHException: if the key is invalid sNot implemented in PKeyN(R4(RR2R.((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pytwrite_private_keyês cCs1t|dƒ}|j|||ƒ}WdQX|S(sÎ Read an SSH2-format private key file, looking for a string of the type ``"BEGIN xxx PRIVATE KEY"`` for some ``xxx``, base64-decode the text we find, and return it as a string. If the private key is encrypted and ``password`` is not ``None``, the given password will be used to decrypt the key (otherwise `.PasswordRequiredException` is thrown). :param str tag: ``"RSA"`` or ``"DSA"``, the tag used to mark the data block. :param str filename: name of the file to read. :param str password: an optional password to use to decrypt the key file, if it's encrypted. :return: data blob (`str`) that makes up the private key. :raises IOError: if there was an error reading the file. :raises PasswordRequiredException: if the private key file is encrypted, and ``password`` is ``None``. :raises SSHException: if the key file is invalid. trN(topent_read_private_key(RttagR-R.tfR((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt_read_private_key_file÷scCsÚ|jƒ}d}x>|t|ƒkrR||jƒd|dkrR|d7}qW|t|ƒkr|td|dƒ‚ni}|d7}xg|t|ƒkrõ||jdƒ}t|ƒdkrÊPn|djƒ||djƒ<|d7}qW|}x>|t|ƒkr<||jƒd|dkr<|d7}qÿWy&ttd j|||!ƒƒƒ} Wn/t j j k r”} td t | ƒƒ‚nXd |kr¥| S|d d krÌtd |d ƒ‚ny|djdƒ\} } Wntdƒ‚nX| |j kr!td| ƒ‚n|dkr<tdƒ‚n|j | d} |j | d}|j | d}tt| ƒƒ}tjt|||ƒ}t| |ƒ||ƒdtƒƒjƒ}|j| ƒ|jƒS(Nis -----BEGIN s PRIVATE KEY-----is not a valid s private key files: s -----END R"sbase64 decoding error: s proc-types 4,ENCRYPTEDs"Unknown private key structure "%s"sdek-infot,s(Can't parse DEK-info in private key filesUnknown private key cipher "%s"sPrivate key file is encryptedRRRtbackend(t readlinestlentstripR tsplittlowerR R tjointbase64tbinasciitErrortstrt _CIPHER_TABLEtNoneRRRtgenerate_key_bytesRRRt decryptortupdatetfinalize(RR:R;R.tlineststarttheaderstltendRtetencryption_typetsaltstrRRRtsaltR0RL((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyR9sR 3 3&  'cCs?t|dƒ*}tj|tƒ|j|||ƒWdQXdS(s‹ Write an SSH2-format private key file in a form that can be read by paramiko or openssh. If no password is given, the key is written in a trivially-encoded format (base64) which is completely insecure. If a password is given, DES-EDE3-CBC is used. :param str tag: ``"RSA"`` or ``"DSA"``, the tag used to mark the data block. :param filename: name of the file to write. :param str data: data blob that makes up the private key. :param str password: an optional password to use to encrypt the file. :raises IOError: if there was an error writing the file. twN(R8tostchmodRt_write_private_key(RR-R0tformatR.R;((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyt_write_private_key_fileAscCsV|dkrtjƒ}ntj|ƒ}|j|jtjj||ƒjƒƒdS(N( RJRt NoEncryptiontBestEncryptiontwritet private_bytestEncodingtPEMtdecode(RR;R0R\R.t encryption((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyR[Ts   N(t__name__t __module__t__doc__RtAESRtCBCt TripleDESRIRJRRRR R!R#R$R&R(R*R+R,t classmethodR1R3R5R6R<R9R]R[(((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyR&sD           2 (RhRERFRRYthashlibRtcryptography.hazmat.backendsRtcryptography.hazmat.primitivesRt&cryptography.hazmat.primitives.ciphersRRRtparamikoRtparamiko.commonRtparamiko.py3compatR R R R tparamiko.ssh_exceptionR RtobjectR(((s1/usr/lib/python2.7/site-packages/paramiko/pkey.pyts  "