File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/__pycache__/crypt.cpython-310.pyc
o
�N�g�� � @ s� d Z ddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl
Z
ddlZddlZddl
Z
ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlm Z m!Z!m"Z"m#Z#m$Z$m%Z% z"ddl&Z'ddl(m)Z)m*Z* ddl+m,Z,m-Z- ddl.m/Z/m0Z0m1Z1 dZ2W n e3y� dZ2Y nw e�4e5�Z6d Z7d
Z8dZ9dZ:e7� d
e9� �Z;e7� d
e:� �Z<e8� d
e9� �Z=e8� d
e:� �Z>e9e:fZ?e8fZ@e7fZAe;e<fZBe=e>fZCdd� ZDdd� ZEd5dd�ZFd6dd�ZGG dd� d�ZHG dd� deH�ZIG dd� deH�ZJejKjLjMdd� �ZNdd � ZOd!d"� ZPde=fd#d$�ZQe=fd%d&�ZRd5d'd(�ZSd)d*� ZTd+d,� ZUG d-d.� d.eV�ZWG d/d0� d0�ZXG d1d2� d2eX�ZYG d3d4� d4�ZZdS )7z�
The crypt module manages all of the cryptography functions for minions and
masters, encrypting and decrypting payloads, preparing messages, and
authenticating peers
� N)�AuthenticationError�InvalidKeyError�
MasterExit�SaltClientError�SaltReqTimeoutError�UnsupportedAlgorithm)�hashes�
serialization)�padding�rsa)�Cipher�
algorithms�modesTF�OAEP�PKCS1v15�SHA1�SHA224�-c C s t r
dd l} | jjjjjS d S )Nr )�HAS_CRYPTOGRAPHYZ,cryptography.hazmat.backends.openssl.backendZhazmatZbackends�opensslZbackendZ
_fips_enabled)�cryptography� r �>/opt/saltstack/salt/lib/python3.10/site-packages/salt/crypt.py�fips_enabledY s �r c C s d� | �� �� �S )zH
Clean the key so that it only has unix style line endings (\n)
�
)�join�strip�
splitlines)�keyr r r � clean_key` � r c C sN t j�| d�}tjj�d��� t�d� t j� |�r(t�d� W d � dS t j� |�r?t �
|t j�s?t �|t
jt
jB � tjj�|d��
}|�d� W d � n1 sWw Y t �|t
j� |r�zddl}|�|�j}t �||d � W n tttfy� Y nw W d � dS W d � dS W d � dS 1 s�w Y dS )
zR
Set an AES dropfile to request the master update the publish session key
z.dfn� zRotating AES keyz"AES key rotation already requestedN�wb+� r ���)�os�pathr �salt�utils�files� set_umask�log�info�isfile�access�W_OK�chmod�stat�S_IRUSR�S_IWUSR�fopen�write�pwd�getpwnam�pw_uid�chown�KeyError�ImportError�OSError)Zcachedir�userZdfn�fp_r6 �uidr r r �dropfileg s6
������"�r@ � c
C s� t j�| |�}|� d�}|� d�}t�||�} t j�|�r|S t �| t j�s4td� t j�
| �t�� ���t
jj�d��L t
jj�|d��4}
|rZt�|�� �}tjj}t� rYtjj}nt�� }tjj}| jtjj||d�}
|
�|
� W d � n1 s{w Y W d � n1 s�w Y | �� }t
jj�|d��}
|jtjjtj j!d�}
|
�|
� W d � n1 s�w Y t �"|d � |r�zd
dl#}|�$|�j%}t �&||d� t �&||d� W |S t't(tfy� Y |S w |S )a
Generate a RSA public keypair for use with salt
:param str keydir: The directory to write the keypair to
:param str keyname: The type of salt server for whom this key should be written. (i.e. 'master' or 'minion')
:param int keysize: The number of bits in the key
:param str user: The user on the system who should own this keypair
:param str passphrase: The passphrase which should be used to encrypt the private key
:rtype: str
:return: Path on the filesystem to the RSA private key
�.pem�.pubz*Write access denied to "{}" for user "{}".r! r"