File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/__pycache__/gpg.cpython-310.pyc
o
�����N�g��������������������� ���@���s$���d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l Z�d�d�l
m�Z���e���e
��Z�d�Z�d�d�d�d�d d
d�d�d���Z�d
d�d�d�d�d�d���Z�d�d�d�d�d�d
d���Z�d�d�d�d�d�d���Z�d�Z�z�d�d�l�Z�d�Z�W�n���e�yi������d�Z�Y�n�w�d�d ��Z�d!d"��Z�dQd#d$��Z�d%d&��Z�d'd(��Z�dRd)d*��Z�dSd+d,��Z�dQd-d.��Z�dRd/d0��Z dRd1d2��Z!dRd3d4��Z"e� 5 6 7 8 � � � � � � �dTd9d:����Z# � � � � � �dUd;d<��Z$dVd=d>��Z%dVd?d@��Z&e�dVdAdB����Z' � � � � � � �dWdCdD��Z(e�dVdEdF����Z)dVdGdH��Z* � � � � � � �dXdIdJ��Z+ �dYdKdL��Z, � � � � � � � � � �dZdMdN��Z- � � � � � � �d[dOdP��Z.d�S�)\ai���
Manage a GPG keychains, add keys, create keys, retrieve keys from keyservers.
Sign, encrypt and sign plus encrypt text and files.
.. versionadded:: 2015.5.0
.. note::
The ``python-gnupg`` library and ``gpg`` binary are required to be
installed.
Be aware that the alternate ``gnupg`` and ``pretty-bad-protocol``
libraries are not supported.
�����N)���SaltInvocationError��gpgZ�ExpiredZ�Unknownz�Not Trustedz
Fully Trustedz�Marginally Trustedz�Ultimately TrustedZ�Revoked)���e��q��n��f��m��u��r��-��1��2��3��4��5��6��Z�expired��unknownZ�not_trustedZ
marginallyZ�fullyZ
ultimatelyZ
Marginally)�r����r
���r����r����r����r����Z UndefinedZ�NeverZ�MarginalZ�FullyZ�Ultimate)���0r����r
���r����r����z�keys.openpgp.orgTFc��������������������C���s����t�j�j���d���S�)�z,
Returns the path to the gpg binary
r����)���salt��utils��path��which��r����r�����D/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/gpg.py��_gpgO���s������r����c��������������������C���s����t���s�d�S�t�r t�S�d�S�)�z=
Makes sure that python-gnupg and gpg are available.
)�FzIThe gpg execution module cannot be loaded: gpg binary is not in the path.)�FzTThe gpg execution module cannot be loaded; the gnupg python module is not installed.)�r������HAS_GPG_BINDINGS��__virtualname__r����r����r����r������__virtual__W���s������������������r����c��������������������C���sF���|�s�t�d���d���}�t�d���|���}�|�s!|�d�k�r�t���}�|�S�t�d�|���d�������|�S�)�z-
Wrapper for user.info Salt function
z
config.option��userz user.infor����z�User z� does not exist)���__salt__��_get_user_infor����)�r������userinfor����r����r����r!���l���s����������������������r!���c��������������������C���s<���|�d�k�r�t�j���t�d���d���d���}�|�S�t�j���t�|���d���d���}�|�S�)�z=
Return default GnuPG home directory path for a user
r�����
config.get�
config_dir��gpgkeys��homez�.gnupg)���osr������joinr ���r!���)�r����� gnupghomer����r����r������_get_user_gnupghome����s
�������������r*���c������������������������s����t���������f�d�d�����}�|�S�)�Nc������������
�����������s����|���d���}�|���d���}�|�s�t�|���}�t�|���}�t���}�|�d���|�d���k�rCt�j���|���rCt�d���|�d�����}�|�g�t�d���|�����D�]�}�t�d���|�|�d���|�����q6t�|���D�]
}�|���d ��rQ|�|�=�qG��|�i�|�����} |�d���|�d���k�r}t�d���|�d�����}�|�g�t�d���|�����D�]
}�t�d���|�|�|�����qr| S�)
z<
Wrap gpg function calls to fix permissions
r����r)�����uidz�file.gid_to_group��gidz file.findz
file.chown��name��__) ��getr*���r!���r'���r������existsr �����list�
startswith)
��args��kwargsr����r)���r"���Z�run_user��groupr������key��ret����funcr����r������func_wrapper����s(���
�
�������������������
�����������������z(_restore_ownership.<locals>.func_wrapper)�� functools��wraps)�r9���r:���r����r8���r������_restore_ownership����s���������"r=���c��������������������C���s����|�s�t�|���}�t�j�|�d���}�|�S�)�z�
Create the GPG object
)�r)���)�r*�����gnupgZ�GPG)�r����r)���r����r����r����r������_create_gpg����s������������r?���c��������������������C���s����t�|�|���}�|���|���}�|�S�)�z*
Helper function for Listing keys
)�r?���� list_keys)�r����r)�����secretr������_keysr����r����r�����
_list_keys����s����
�
���rC���c��������������������C���s*���t�|���}�|�r�|���|�|���}�|�S�|���|���}�|�S�)�z;
Helper function for searching keys from keyserver
)�r?�����search_keys)���text� keyserverr����r����rB���r����r����r������_search_keys����s������������
���rG���c������������ ��� ���C���s����|�s�t�}�g�}�t�|�|�|���D�]L}�|�d���|�d���d���}�|���d�d���}�|���d�d���}�|���d�d���}�|�r:t���d�t���t�|�d���������|�d�<�|�rKt���d�t���t�|�d���������|�d <�|�rS|�d���|�d
<�|���|�����q�|�S�)�a����
Search keys from keyserver
text
Text to search the keyserver for, e.g. email address, keyID or fingerprint.
keyserver
Keyserver to use for searching for GPG keys, defaults to keys.openpgp.org.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
CLI Example:
.. code-block:: bash
salt '*' gpg.search_keys user@example.com
salt '*' gpg.search_keys user@example.com keyserver=keyserver.ubuntu.com
salt '*' gpg.search_keys user@example.com keyserver=keyserver.ubuntu.com user=username
��keyid��uids)�rH���rI�����expiresN��date��length��%Y-%m-%d��created� keyLength)���_DEFAULT_KEY_SERVERrG���r/�����time��strftime� localtime��float��append) rE���rF���r����rB�����_key��tmprJ���rK���rL���r����r����r����rD�������s(�������������������������������������������rD���c������������
��� ���C���s����g�}�t�|�|���D�]o}�|�d���|�d���|�d���d���}�|���d�d���}�|���d�d���}�|���d�d���}�|���d d���}�|���d
d���} |�rDt���d�t���t�|�d���������|�d�<�|�rUt���d�t���t�|�d���������|�d�<�|�r]|�d���|�d
<�|�rgt�|�d ����|�d�<�| rqt�|�d
����|�d
<�|���|�����q�|�S�)�a����
List keys in GPG keychain
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.list_keys
rH�����fingerprintrI�����rH���rX���rI���rJ���NrK���rL����
ownertrust��trustrM���rN���rO����
ownerTrust��rC���r/���rQ���rR���rS���rT�����LETTER_TRUST_DICTrU����
r����r)���rB���rV���rW���rJ���rK���rL�����owner_trustr[���r����r����r����r@�������s6���������������������������������������������������������r@���c������������
��� ���C���s����g�}�t�|�|�d�d���D�]o}�|�d���|�d���|�d���d���}�|���d�d���}�|���d d���}�|���d
d���}�|���d�d���}�|���d�d���} |�rFt���d
t���t�|�d���������|�d�<�|�rWt���d
t���t�|�d ��������|�d�<�|�r_|�d
��|�d�<�|�rit�|�d�����|�d�<�| rst�|�d�����|�d�<�|���|�����q |�S�)�a����
List secret keys in GPG keychain
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.list_secret_keys
T��rA���rH���rX���rI���rY���rJ���NrK���rL���rZ���r[���rM���rN���rO���r\���r]���r_���r����r����r������list_secret_keys;���s6���������������������������������������������������������rb�����RSA�������Autogenerated Key��Generated by SaltStackc��������������������C���s����d�d�d�d���}�|�|�|�|�d���}�t�| |
��}
|�r�|�|�d�<�|�r�|�|�d�<�|�r$|�|�d�<�|�r*|�|�d�<�|�rCt�d ��d
��}�|�s>d�|�d�<�d
|�d�<�|�S�|�|�d�<�n�d�|�d�<�|
j�d�i�|�����}�d�|�v�rl|�����}�|���d�����|���|���d���d�����d���|���d���}�|
��|���}�|�j r|�j |�d�<�d�|�d�<�|�S�d�|�d�<�d�|�d�<�|�S�)�a����
Create a key in the GPG keychain
.. note::
GPG key generation requires *a lot* of entropy and randomness.
Difficult to do over a remote connection, consider having
another process available which is generating randomness for
the machine. Also especially difficult on virtual machines,
consider the `rng-tools
<http://www.gnu.org/software/hurd/user/tlecarrour/rng-tools.html>`_
package.
The create_key process takes awhile so increasing the timeout
may be necessary, e.g. -t 15.
key_type
The type of the primary key to generate. It must be capable of signing.
'RSA' or 'DSA'.
key_length
The length of the primary key in bits.
name_real
The real name of the user identity which is represented by the key.
name_comment
A comment to attach to the user id.
name_email
An email address for the user.
subkey_type
The type of the secondary key to generate.
subkey_length
The length of the secondary key in bits.
expire_date
The expiration date for the primary and any secondary key.
You can specify an ISO date, A number of days/weeks/months/years,
an epoch value, or 0 for a non-expiring key.
use_passphrase
Whether to use a passphrase with the signing key. Passphrase is received
from Pillar.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt -t 15 '*' gpg.create_key
T��)���resrX�����message)���key_type�
key_length� name_real��name_comment�
name_email��subkey_type�
subkey_length��expire_date�
pillar.get��gpg_passphraseFrh����'gpg_passphrase not available in pillar.ri����
passphraseZ
no_protectionz�No-Protection: Truez�%commitz�%no-protection��
rX���z$GPG key pair successfully generated.z Unable to generate GPG key pair.Nr����)
r?���r ���Z
gen_key_input�
splitlines��remove��insert��indexr(���Z�gen_keyrX���)�rj���rk���rl���rm���rn���ro���rp���rq�����use_passphraser����r)���r7���Z
create_paramsr����rs���Z
input_dataZ temp_datar6���r����r����r�����
create_keyn���sJ����L����������
�����������������������������
���������
�����
���
�����������r|���c������������ �����������s
���d�d�d�����|�r�|�r�d���d�<�d���d�<���S�|�s!|�s!d���d�<�d���d�<���S�t�|�|�����t�|�|�|���}�����f�d d
��}�|�r{|�d���}�t�|�|�|���}�|�r_|�sMd���d�<�d���d�<���S�t�|�|�d�|�����d
k�r_d�|���d�����d�<�t�|�|�d�|�����d
k�ru��d�����d�|���d���7���<�d���d�<���S�d���d�<�d���d�<���S�)�a]���
Get a key from the GPG keychain
keyid
The keyid of the key to be deleted.
fingerprint
The fingerprint of the key to be deleted.
delete_secret
Whether to delete a corresponding secret key prior to deleting the public key.
Secret keys must be deleted before deleting any corresponding public keys.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
use_passphrase
Whether to use a passphrase with the signing key. Passphrase is received
from Pillar.
.. versionadded:: 3003
CLI Example:
.. code-block:: bash
salt '*' gpg.delete_key keyid=3FAD9F1E
salt '*' gpg.delete_key fingerprint=53C96788253E58416D20BCD352952C84C3252192
salt '*' gpg.delete_key keyid=3FAD9F1E user=username
salt '*' gpg.delete_key keyid=3FAD9F1E user=username delete_secret=True
Trg�����rh���ri���Frh����/Only specify one argument, fingerprint or keyidri����'Required argument, fingerprint or keyidc������������������������sP���|�r�t�d���d���}�|�s�d���d�<�d���d�<���S���j�|�|�|�d���}�|�S���j�|�|�d�d���}�|�S�) Nrr���rs���Frh���rt���ri�����ru�����Z�expect_passphrase)�r ���Z�delete_keys)�rX���rA���r{���rs�����out��r����r7���r����r������__delete_key0���s������������������������z delete_key.<locals>.__delete_keyrX���z;Secret key exists, delete first or pass delete_secret=True.��okz�Secret key for z deleted
z�Public key for z� deletedz�Key not available in keychain.)�r?�����get_key��get_secret_key��str) rH���rX���Z
delete_secretr����r)���r{���r6���r����Z�skeyr����r����r�����
delete_key����s<���
0����������������
������
����������������������������������r����c���������������� ���C���s(���i�}�t�|�|���D�]�}�|�d���|�k�s�|�d���|�k�s�|�d���d�d�����|�k�r�|�d���|�d�<�|�d���|�d�<�|�d���|�d�<�|���d�d���}�|���d�d���}�|���d�d���}�|���d d���} |���d
d���}
|�r`t���d�t���t�|�d���������|�d�<�|�rqt���d�t���t�|�d���������|�d�<�|�ry|�d���|�d
<�| r�t�|�d ����|�d�<�|
r�t�|�d
����|�d
<�q�|�s�d�S�|�S�)�a����
Get a key from the GPG keychain
keyid
The key ID (short or long) of the key to be retrieved.
fingerprint
The fingerprint of the key to be retrieved.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.get_key keyid=3FAD9F1E
salt '*' gpg.get_key fingerprint=53C96788253E58416D20BCD352952C84C3252192
salt '*' gpg.get_key keyid=3FAD9F1E user=username
rX���rH��������NrI���rJ���rK���rL���rZ���r[���rM���rN���rO���r\���F��rC���r/���rQ���rR���rS���rT���r^�����rH���rX���r����r)���rW���rV���rJ���rK���rL���r`���r[���r����r����r����r����W���s>�����������������������������������������������������������������r����c���������������� ���C���s,���i�}�t�|�|�d�d���D�]�}�|�d���|�k�s!|�d���|�k�s!|�d���d�d�����|�k�r�|�d���|�d�<�|�d���|�d�<�|�d���|�d�<�|���d�d���}�|���d d���}�|���d
d���}�|���d�d���} |���d�d���}
|�rbt���d
t���t�|�d���������|�d�<�|�rst���d
t���t�|�d ��������|�d�<�|�r{|�d
��|�d�<�| r�t�|�d�����|�d�<�|
r�t�|�d�����|�d�<�q |�s�d�S�|�S�)�a����
Get a key from the GPG keychain
keyid
The key ID (short or long) of the key to be retrieved.
fingerprint
The fingerprint of the key to be retrieved.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.get_secret_key keyid=3FAD9F1E
salt '*' gpg.get_secret_key fingerprint=53C96788253E58416D20BCD352952C84C3252192
salt '*' gpg.get_secret_key keyid=3FAD9F1E user=username
Tra���rX���rH���r����NrI���rJ���rK���rL���rZ���r[���rM���rN���rO���r\���Fr����r����r����r����r����r��������s>�����������������������������������������������������������������r����c��������������������C���s����d�d�d���}�t�|�|���}�|�s�|�s�t�d�����|�rCz#t�j�j���|�d�����}�t�j�j���|�������}�W�d���������n�1�s1w�������Y���W�n���t yB������t�d�����w�|��
|���}�|�j�sN|�j�rTd�|�d <�|�S�|�j
r]d
|�d <�|�S�|�j�rjd�|�d�<�d
|�d <�|�S�|�j�sud�|�d�<�d
|�d <�|�S�)�a����
Import a key from text or file
text
The text containing to import.
filename
The filename containing the key to import.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.import_key text='-----BEGIN PGP PUBLIC KEY BLOCK-----\n ... -----END PGP PUBLIC KEY BLOCK-----'
salt '*' gpg.import_key filename='/path/to/public-key-file'
Trg���r}���� filename or text must be passed.��rbNz�filename does not exist.z�Successfully imported key(s).ri���z!Key(s) already exist in keychain.Frh���z�Unable to import key.)�r?���r����r����r������files��flopen��stringutilsZ
to_unicode��read��OSErrorZ�import_keysZ�importedZ�imported_rsaZ unchangedZ�not_imported��count)�rE�����filenamer����r)���r7���r������_fpZ
imported_datar����r����r�����
import_key����s8���
�
�����������������������
������ ����������������������r����c��������������������C���s����d�d�i�}�t�|�|���}�t�|�t���r�|���d���}�|�r,|�r,t�d���d���} | s#t�d�����|�j�|�|�| d���}
n�|�j�|�|�d�d ��}
|
rZ|�rZt�j�j �
|�d
����}�|���t�j�j��
|
������W�d���������n�1�sUw�������Y���|
rs|�so|�rid���|���|�d
<�|�S�|
|�d
<�|�S�|
}�|�S�|�s{d�|�d�<�|�S�d�}�|�S�)�am���
Export a key from the GPG keychain
keyids
The key ID(s) of the key(s) to be exported. Can be specified as a comma
separated string or a list. Anything which GnuPG itself accepts to identify a key
for example, the key ID, fingerprint, user ID or email address could be used.
secret
Export the secret key identified by the ``keyids`` information passed.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
use_passphrase
Whether to use a passphrase to export the secret key.
Passphrase is received from Pillar.
.. versionadded:: 3003
output
The filename where the exported key data will be written to, default is standard out.
.. versionadded:: 3006.0
bare
If ``True``, return the (armored) exported key block as a string without the
standard comment/res dict.
.. versionadded:: 3006.0
CLI Example:
.. code-block:: bash
salt '*' gpg.export_key keyids=3FAD9F1E
salt '*' gpg.export_key keyids=3FAD9F1E secret=True
salt '*' gpg.export_key keyids="['3FAD9F1E','3FBD8F1E']" user=username
rh���T��,rr���rs���rt���r����Fr������wNz(Exported key data has been written to {}��comment)�r?����
isinstancer������splitr ���r����Z�export_keysr����r����r����r������writer����Z�to_str��format)�Z�keyidsrA���r����r)���r{�����output��barer7���r����rs�����result��foutr����r����r�����
export_key����s<����8
�
�
����������������������������������
��� ��������������r����c��������������������C���s����d�i�g�d���}�t�|�|���}�|�s�t�}�t�|�t���r�|���d���}�|�j�|�g�|���R���}�|�j�D�]7}�d�|�v�rQ|�d���d�k�r>|�d�����d���|�d���������q%|�d���d k�rP|�d�����d
��|�d���������q%d�|�v�r\|�d�����d�����q%|�S�)
a#���
Receive key(s) from keyserver and add them to keychain
keyserver
Keyserver to use for searching for GPG keys, defaults to keys.openpgp.org
keys
The keyID(s) to retrieve from the keyserver. Can be specified as a comma
separated string or a list.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.receive_keys keys='3FAD9F1E'
salt '*' gpg.receive_keys keys="['3FAD9F1E','3FBD9F2E']"
salt '*' gpg.receive_keys keys=3FAD9F1E user=username
T)�rh���Z�changesri���r����r����r����ri���z�Key {} added to keychainrX���r����z!Key {} already exists in keychainZ�problemz�Unable to add key to keychain) r?���rP���r����r����r����Z recv_keys��resultsrU���r����)�rF�����keysr����r)���r7���r����Z recv_datar����r����r����r������receive_keysp���s,�����
�����
�
���
�����������������������������r����c������������
�������C���s����d�d�d���}�g�d���}�|�r�|�r�d�|�d�<�d�|�d�<�|�S�|�sQ|�rGt�|�|�d ��}�|�r9d
|�v�r4d�|�d�<�d�|�����|�d�<�|�S�|�d
��}�n�d�|�d�<�d�|���d
��|�d�<�|�S�d�|�d�<�d�|�d�<�|�S�|�|�v�r]d���d���|�����S�|���d�t�|�����d���}�t���d�g�}�|�} |�d�k�r�t�j���t�d���d���d���}
|���d�|
g�����d�} t�d���|�|�| d�d���}�|�d���d�k�s�d�|�d�<�|�d���|�d�<�|�S�|�d���r�t �
d�|�d�����}�t�|���d k�r�|�|�d
<�d!��t�|�d�����t�|�d"������|�d�<�|�S�|�|�d
<�d#��t�|�d�������|�d�<�|�S�|�d���|�d�<�|�S�)$a���
Set the trust level for a key in GPG keychain
keyid
The keyid of the key to set the trust level for.
fingerprint
The fingerprint of the key to set the trust level for.
trust_level
The trust level to set for the specified key, must be one
of the following:
expired, unknown, not_trusted, marginally, fully, ultimately
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
CLI Example:
.. code-block:: bash
salt '*' gpg.trust_key keyid='3FAD9F1E' trust_level='marginally'
salt '*' gpg.trust_key fingerprint='53C96788253E58416D20BCD352952C84C3252192' trust_level='not_trusted'
salt '*' gpg.trust_key keys=3FAD9F1E trust_level='ultimately' user='username'
Trg���r}���r����Frh���r~���ri���)�r����rX���z Fingerprint not found for keyid z�KeyID z� not in GPG keychainr���z�ERROR: Valid trust levels - {}r������:rv���z�--import-ownertrustr����r#���r$���r%���z --homedir��rootz�cmd.run_all)���stdinZ�runasZ�python_shell��retcoder������stderrz�\d�����z'Changing ownership trust from {} to {}.�����z�Setting ownership trust to {}.)
r����r����r(�����NUM_TRUST_DICTr����r'���r����r �����extend��re��findall��len��INV_NUM_TRUST_DICT)
rH���rX�����trust_levelr����r7���Z�_VALID_TRUST_LEVELSr6���r������cmd��_userZ�homeDirrh���Z�_matchr����r����r����� trust_key����sd���
���� ����������������������
�������������������
������������������������������������
����
���������r����c��������������������C���s����t�|�|���}�|�r�t�d���d���}�|�s�t�d�����n�d�}�|�r#|�j�|�|�|�d���} | j�S�|�rot�j�j���|�d�����}
|�j�|
|�|�d���} W�d���������n�1�s@w�������Y���|�rlt�j�j���|�d�����}�|�� t�j�j
��| j�������W�d���������| j�S�1�sgw�������Y���| j�S�t�d�����) a����
Sign message or file
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
keyid
The keyid of the key to set the trust level for, defaults to
first key in the secret keyring.
text
The text to sign.
filename
The filename to sign.
output
The filename where the signed file will be written, default is standard out.
use_passphrase
Whether to use a passphrase with the signing key. Passphrase is received
from Pillar.
gnupghome
Specify the location where GPG keyring and related files are stored.
CLI Example:
.. code-block:: bash
salt '*' gpg.sign text='Hello there. How are you?'
salt '*' gpg.sign filename='/path/to/important.file'
salt '*' gpg.sign filename='/path/to/important.file' use_passphrase=True
rr���rs���rt���N)�rH���ru���r������wbr����)
r?���r ���r������signr����r����r����r����Z sign_filer����r������to_bytes��data)�r����rH���rE���r����r����r{���r)���r����rs���Z�signed_datar����r����r����r����r����r����
���s,���
0�����������������
��������������
���������r����c������������
�������C���sX���t�|�|���}�d�}�|�r |�|�v�r d���|�d���|�����}�t���|�����d�|�d���S�g�} |�r+| ��d�|�g�����|�r5|�j�|�| d���}
nI|�rz|�rZt�j�j �
|�d�����}�|�j�|�|�| d���}
W�d ��������n�1�sTw�������Y���n$t�j�j ��|�d�����}�|�j�|�| d���}
W�d ��������n�1�stw�������Y���n�t
d
����i�}�|
j�d u�r�d�|�d�<�|
j�|�d
<�|
j�|�d�<�t�t�|
j�����|�d�<�d�|�d�<�|�S�d�|�d�<�d�|�d�<�|�S�)�a<���
Verify a message or file
text
The text to verify.
filename
The filename to verify.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
gnupghome
Specify the location where GPG keyring and related files are stored.
signature
Specify the filename of a detached signature.
.. versionadded:: 2018.3.0
trustmodel
Explicitly define the used trust model. One of:
- pgp
- classic
- tofu
- tofu+pgp
- direct
- always
- auto
.. versionadded:: 2019.2.0
CLI Example:
.. code-block:: bash
salt '*' gpg.verify text='Hello there. How are you?'
salt '*' gpg.verify filename='/path/to/important.file'
salt '*' gpg.verify filename='/path/to/important.file' use_passphrase=True
salt '*' gpg.verify filename='/path/to/important.file' trustmodel=direct
)�Z�pgpZ�classicZ�tofuz�tofu+pgpZ�direct��always��autoz.Invalid trustmodel defined: {}. Use one of: {}z�, Fr}���z
--trust-model)��
extra_argsr����Nr����Trh�����username��key_idr����z�The signature is verified.ri���z$The signature could not be verified.)�r?���r����r(�����log��warningr������verifyr����r����r����Z�fopenZ�verify_filer����r����r����r����r������VERIFY_TRUST_LEVELSr����)
rE���r����r����r)���Z signatureZ
trustmodelr����Z�trustmodels��msgr����Z�verifiedr����r7���r����r����r����r����P���sF���
/������
���
�
�����������������������������������
���
�
�������������r����c
��������������� ���C���s����d�d�d���}
t�|�|���}�|�r�|�r�t�d���d���}�|�s�t�d�����n�d�}�|�r+|�j�|�|�|�|�|�|�d���}
n*|�rQt�j�j���|�d ����}�|�j�|�|�|�|�|�|�d���}
W�d���������n�1�sKw�������Y���n�t�d
����|
j rq| sl|�red�|�����|
d�<�|
S�|
j
|
d�<�|
S�|
j
}
|
S�| s�d
|
d�<�d���|
j���|
d�<�n�d
}
t
��|
j�����|
S�)�a#���
Encrypt a message or file
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
recipients
The key ID, fingerprint, user ID or email address associated with the recipients
key can be used.
text
The text to encrypt.
filename
The filename to encrypt.
output
The filename where the signed file will be written, default is standard out.
sign
Whether to sign, in addition to encrypt, the data. ``True`` to use
default key or fingerprint to specify a different key to sign with.
use_passphrase
Whether to use a passphrase with the signing key.
Passphrase is received from Pillar.
always_trust
Skip key validation and assume that used keys are fully trusted.
.. versionadded:: 3006.0
gnupghome
Specify the location where GPG keyring and related files are stored.
bare
If ``True``, return the (armored) encrypted block as a string without
the standard comment/res dict.
CLI Example:
.. code-block:: bash
salt '*' gpg.encrypt text='Hello there. How are you?' recipients=recipient@example.com
salt '*' gpg.encrypt filename='/path/to/important.file' recipients=recipient@example.com
salt '*' gpg.encrypt filename='/path/to/important.file' sign=True use_passphrase=True \
recipients=recipient@example.com
Trg�����rh���r����rr���rs���rt���N)�r����ru�����always_trustr����r����r����z#Encrypted data has been written to r����Frh����%{}.
Please check the salt-minion log.)�r?���r ���r������encryptr����r����r����r����Z�encrypt_filer����r����r������statusr������errorr����)�r����Z
recipientsrE���r����r����r����r{���r����r)���r����r7���r����rs���r����r����r����r����r����r��������s^���
A
��������������������������������������������������������
����������
���������������
�������r����c��������������������C���s����d�d�d���}�t�|�|���}�|�r�t�d���d���} | s�t�d�����n�d�} |�r%|�j�|�| d���}
n1|�rRt�j�j���|�d ����}�|�r;|�j�|�| |�d
��}
n�|�j�|�| d���}
W�d���������n�1�sLw�������Y���n�t�d�����|
j rr|�sm|�rfd�|�����|�d
<�|�S�|
j
|�d
<�|�S�|
j
}�|�S�|�s�d�|�d�<�d���|
j���|�d
<�n�d�}�t
��|
j�����|�S�)�a����
Decrypt a message or file
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as ``salt`` will set the GnuPG home directory to the
``/etc/salt/gpgkeys``.
text
The encrypted text to decrypt.
filename
The encrypted filename to decrypt.
output
The filename where the decrypted data will be written, default is standard out.
use_passphrase
Whether to use a passphrase with the signing key. Passphrase is received
from Pillar.
gnupghome
Specify the location where GPG keyring and related files are stored.
bare
If ``True``, return the (armored) decrypted block as a string without the
standard comment/res dict.
CLI Example:
.. code-block:: bash
salt '*' gpg.decrypt filename='/path/to/important.file.gpg'
salt '*' gpg.decrypt filename='/path/to/important.file.gpg' use_passphrase=True
Trg���r����rr���rs���rt���Nr����r����)�ru���r����r����z#Decrypted data has been written to r����Frh���r����)�r?���r ���r������decryptr����r����r����r����Z�decrypt_filer����r����r����r����r����r����r����)�r����rE���r����r����r{���r)���r����r7���r����rs���r����r����r����r����r����r���� ���sH���
.
���������������������������������������������
���������������
�������r����)�N)�NN)�NNF)�rc���rd���re���rf���NNNNFNN)�NNFNNT)�NNNN)�NFNNFNF)�NNNNNFN)�NNNNNN)
NNNNNNFFNF)�NNNNFNF)/��__doc__r;�����loggingr'���r����rQ���Z�salt.utils.filesr����Z�salt.utils.pathZ�salt.utils.stringutilsZ�salt.exceptionsr����� getLogger��__name__r����r����r^���r����r����r����rP���r>���r������ImportErrorr����r����r!���r*���r=���r?���rC���rG���rD���r@���rb���r|���r����r����r����r����r����r����r����r����r����r����r����r����r����r����r������<module>����s������������������������
������������������������������������
�������������
����������������������������
�����
'
�
�
3
3�3�������������������������������������
�
f
B�B���8������������
��]��
8�b������������
��G
��Z������������������
��x��������������