File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/__pycache__/crypt.cpython-310.pyc
o
�����N�g�������������������������@���sT���d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z���e���e ��Z
�d
d�d���Z�d�d�d ��Z�d�S�)�z#
Functions dealing with encryption
�����N)���SaltInvocationErrorFc������������ ���
���C���s����z�|�r�|�|�v�r�t�d���|�d���|���������W�n���t�y1��}���z�t�|�t���r!��t���d�|�����W�Y�d�}�~�n�d�}�~�w�w�|�d�u�rI|�d�u�r>t�d�����d�d�l�}�|�j�� |�i���}�|��
|���}�|�d�u�rZt�d�|���d�������|�|�|�d ��S�)
a����
.. versionadded:: 2017.7.0
Decrypt a data structure using the specified renderer. Written originally
as a common codebase to handle decryption of encrypted elements within
Pillar data, but should be flexible enough for other uses as well.
Returns the decrypted result, but any decryption renderer should be
recursively decrypting mutable types in-place, so any data structure passed
should be automagically decrypted using this function. Immutable types
obviously won't, so it's a good idea to check if ``data`` is hashable in
the calling function, and replace the original value with the decrypted
result if that is not the case. For an example of this, see
salt.pillar.Pillar.decrypt_pillar().
data
The data to be decrypted. This can be a string of ciphertext or a data
structure. If it is a data structure, the items in the data structure
will be recursively decrypted.
rend
The renderer used to decrypt
translate_newlines : False
If True, then the renderer will convert a literal backslash followed by
an 'n' into a newline before performing the decryption.
renderers
Optionally pass a loader instance containing loaded renderer functions.
If not passed, then the ``opts`` will be required and will be used to
invoke the loader to get the available renderers. Where possible,
renderers should be passed to avoid the overhead of loading them here.
opts
The master/minion configuration opts. Used only if renderers are not
passed.
valid_rend
A list containing valid renderers, used to restrict the renderers which
this function will be allowed to use. If not passed, no restriction
will be made.
z>'{}' is not a valid decryption renderer. Valid choices are: {}z�, z+Non-iterable value %s passed for valid_rendNz�opts are requiredr����z�Decryption renderer 'z�' is not available)���translate_newlines)�r������format��join� TypeError�
isinstance��log��errorZ�salt.loader��loaderZ�render��get) ��dataZ�rendr����Z renderers��optsZ
valid_rend��exc��saltZ rend_func��r�����D/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/crypt.py��decrypt����s.����-������
���������
�������������������
�������r������sha256c��������������������C���s����|�s8t�j���|���s
d�S�t�j�j���|�d�����}�d���d�d���|�����D���d�d�������}�|�� d�d ��}�W�d
��������n�1�s3w�������Y���t
|�t���sB|���d���}�t
t�|���|�������}�d�}�t�|���D�]�\�}�}�|�d���rc|�|�|�����d
��7�}�qQ|�|�|���7�}�qQ|���d
��S�)�a%���
Pass in either a raw pem string, or the path on disk to the location of a
pem file, and the type of cryptographic hash to use. The default is SHA256.
The fingerprint of the pem will be returned.
If neither a key nor a path are passed in, a blank string will be returned.
����rb�����c��������������������S���s����g�|�]�}�|�����r�|���q�S�r����)���strip)���.0��xr����r����r�����
<listcomp>h���s������z�pem_finger.<locals>.<listcomp>��������s����
�����
Nz�utf-8�������:)���os��path��isfiler������utils��filesZ�fopenr����� readlines��replacer������bytes��encode��getattr��hashlib� hexdigest� enumerate��rstrip)�r!�����keyZ�sum_typeZ�fp_Z�preZ�fingerZ�ind��_r����r����r�����
pem_finger[���s ����������� �����
�
�������������
�r0���)�FNNN)�NNr����)
��__doc__r*�����loggingr ���Z�salt.utils.filesr����Z�salt.exceptionsr����� getLogger��__name__r����r����r0���r����r����r����r������<module>����s����������������
���
��L