ó Ú_e[c@sdZddlZddlmZddlZddlmZddlmZddl m Z ddl m Z m Z mZddlmZdd lmZdd lmZmZmZmZmZdd lmZmZdd lmZd efd„ƒYZdefd„ƒYZ dS(s! Common API for all public keys. iÿÿÿÿN(t unhexlify(tmd5(tdefault_backend(t serialization(t algorithmstmodestCipher(tutil(to600(tut encodebytest decodebytestbt string_types(t SSHExceptiontPasswordRequiredException(tMessagetPKeycBseZdZiiejd6dd6dd6ejd6d6iejd6dd6dd6ejd6d6iejd6d d6d d6ejd6d 6Zd"d"d „Z d „Z d„Z d„Z d„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zed"d„ƒZed"d„ƒZd"d„Zd"d„Zd"d„Zd"d„Zd"d„Zd"d„Zd „Zd!„Z RS(#s% Base class for public keys. tcipheritkeysizet blocksizetmodes AES-128-CBCi s AES-256-CBCiis DES-EDE3-CBCcCsdS(s[ Create a new instance of this public key type. If ``msg`` is given, the key's public part(s) will be filled in from the message. If ``data`` is given, the key's public part(s) will be filled in from the string. :param .Message msg: an optional SSH `.Message` containing a public key of this type. :param str data: an optional string containing a public key of this type :raises: `.SSHException` -- if a key cannot be created from the ``data`` or ``msg`` given, or no key was passed in. N((tselftmsgtdata((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt__init__BscCstƒS(sÇ Return a string of an SSH `.Message` made up of the public part(s) of this key. This string is suitable for passing to `__init__` to re-create the key object later. (tbytes(R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytasbytesTscCs |jƒS(N(R(R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt__str__\scCsJt|ƒ}t|ƒ}||kr1t||ƒSt|jƒ|jƒƒS(sB Compare this key to another. Returns 0 if this key is equivalent to the given key, or non-0 if they are different. Only the public parts of the key are compared, so a public key will compare equal to its corresponding private key. :param .PKey other: key to compare to. (thashtcmpR(Rtotherthstho((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt__cmp__bs    cCst|ƒt|ƒkS(N(R(RR((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt__eq__qscCsdS(sË Return the name of this private key implementation. :return: name of this private key type, in SSH terminology, as a `str` (for example, ``"ssh-rsa"``). t((R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytget_nametscCsdS(s¸ Return the number of significant bits in this key. This is useful for judging the relative security of a key. :return: bits in the key (as an `int`) i((R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytget_bits~scCstS(sf Return ``True`` if this key has the private part necessary for signing data. (tFalse(R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytcan_sign‡scCst|jƒƒjƒS(sã Return an MD5 fingerprint of the public part of this key. Nothing secret is revealed. :return: a 16-byte `string ` (binary) of the MD5 fingerprint, in SSH format. (RRtdigest(R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytget_fingerprintŽs cCs"tt|jƒƒƒjddƒS(s+ Return a base64 string containing the public part of this key. Nothing secret is revealed. This format is compatible with that used to store public key files or recognized host keys. :return: a base64 `string ` containing the public part of the key. s R$(R R Rtreplace(R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt get_base64™scCstƒS(sç Sign a blob of data with this private key, and return a `.Message` representing an SSH signature message. :param str data: the data to sign. :return: an SSH signature `message <.Message>`. (R(RR((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt sign_ssh_data£scCstS(s\ Given a blob of data, and an SSH message representing a signature of that data, verify that it was signed with this key. :param str data: the data that was signed. :param .Message msg: an SSH signature message :return: ``True`` if the signature verifies correctly; ``False`` otherwise. (R'(RRR((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytverify_ssh_sig­s cCs|d|d|ƒ}|S(s² Create a key object by reading a private key file. If the private key is encrypted and ``password`` is not ``None``, the given password will be used to decrypt the key (otherwise `.PasswordRequiredException` is thrown). Through the magic of Python, this factory method will exist in all subclasses of PKey (such as `.RSAKey` or `.DSSKey`), but is useless on the abstract PKey class. :param str filename: name of the file to read :param str password: an optional password to use to decrypt the key file, if it's encrypted :return: a new `.PKey` based on the given private key :raises: ``IOError`` -- if there was an error reading the file :raises: `.PasswordRequiredException` -- if the private key file is encrypted, and ``password`` is ``None`` :raises: `.SSHException` -- if the key file is invalid tfilenametpassword((tclsR/R0tkey((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytfrom_private_key_file¹scCs|d|d|ƒ}|S(s Create a key object by reading a private key from a file (or file-like) object. If the private key is encrypted and ``password`` is not ``None``, the given password will be used to decrypt the key (otherwise `.PasswordRequiredException` is thrown). :param file_obj: the file-like object to read from :param str password: an optional password to use to decrypt the key, if it's encrypted :return: a new `.PKey` based on the given private key :raises: ``IOError`` -- if there was an error reading the key :raises: `.PasswordRequiredException` -- if the private key file is encrypted, and ``password`` is ``None`` :raises: `.SSHException` -- if the key file is invalid tfile_objR0((R1R4R0R2((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytfrom_private_keyÑscCstdƒ‚dS(sŸ Write private key contents into a file. If the password is not ``None``, the key is encrypted before writing. :param str filename: name of the file to write :param str password: an optional password to use to encrypt the key file :raises: ``IOError`` -- if there was an error writing the file :raises: `.SSHException` -- if the key is invalid sNot implemented in PKeyN(t Exception(RR/R0((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytwrite_private_key_fileæs cCstdƒ‚dS(s¬ Write private key contents into a file (or file-like) object. If the password is not ``None``, the key is encrypted before writing. :param file_obj: the file-like object to write into :param str password: an optional password to use to encrypt the key :raises: ``IOError`` -- if there was an error writing to the file :raises: `.SSHException` -- if the key is invalid sNot implemented in PKeyN(R6(RR4R0((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pytwrite_private_keyôs cCs1t|dƒ}|j|||ƒ}WdQX|S(sí Read an SSH2-format private key file, looking for a string of the type ``"BEGIN xxx PRIVATE KEY"`` for some ``xxx``, base64-decode the text we find, and return it as a string. If the private key is encrypted and ``password`` is not ``None``, the given password will be used to decrypt the key (otherwise `.PasswordRequiredException` is thrown). :param str tag: ``"RSA"`` or ``"DSA"``, the tag used to mark the data block. :param str filename: name of the file to read. :param str password: an optional password to use to decrypt the key file, if it's encrypted. :return: data blob (`str`) that makes up the private key. :raises: ``IOError`` -- if there was an error reading the file. :raises: `.PasswordRequiredException` -- if the private key file is encrypted, and ``password`` is ``None``. :raises: `.SSHException` -- if the key file is invalid. trN(topent_read_private_key(RttagR/R0tfR((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt_read_private_key_filescCsò|jƒ}d}d|d}x6|t|ƒkrX||jƒ|krX|d7}q#W|t|ƒkr‚td|dƒ‚ni}|d7}xg|t|ƒkrû||jdƒ}t|ƒdkrÐPn|djƒ||djƒ<|d7}q•W|} d|d} x6| t|ƒkrH|| jƒ| krH| d7} qWy&ttd j||| !ƒƒƒ} Wn/t j j k r } td t | ƒƒ‚nXd |kr±| S|d } | d krßtd j | ƒƒ‚ny|djdƒ\}}Wntdƒ‚nX||jkr9tdj |ƒƒ‚n|dkrTtdƒ‚n|j|d}|j|d}|j|d}tt|ƒƒ}tjt|||ƒ}t||ƒ||ƒdtƒƒjƒ}|j| ƒ|jƒS(Nis -----BEGIN s PRIVATE KEY-----is not a valid s private key files: s -----END R$sbase64 decoding error: s proc-types 4,ENCRYPTEDs"Unknown private key structure "{}"sdek-infot,s(Can't parse DEK-info in private key filesUnknown private key cipher "{}"sPrivate key file is encryptedRRRtbackend(t readlinestlentstripRtsplittlowerR R tjointbase64tbinasciitErrortstrtformatt _CIPHER_TABLEtNoneRRRtgenerate_key_bytesRRRt decryptortupdatetfinalize(RR<R=R0tlineststarttbeginning_of_keytheaderstltendt ending_of_keyRtet proc_typetencryption_typetsaltstrRRRtsaltR2RO((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyR;s\ + +&    'c CsEt|dƒ0}tj|tƒ|j|||d|ƒWdQXdS(s’ Write an SSH2-format private key file in a form that can be read by paramiko or openssh. If no password is given, the key is written in a trivially-encoded format (base64) which is completely insecure. If a password is given, DES-EDE3-CBC is used. :param str tag: ``"RSA"`` or ``"DSA"``, the tag used to mark the data block. :param filename: name of the file to write. :param str data: data blob that makes up the private key. :param str password: an optional password to use to encrypt the file. :raises: ``IOError`` -- if there was an error writing the file. twR0N(R:tostchmodRt_write_private_key(RR/R2RKR0R=((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt_write_private_key_fileSscCs\|dkrtjƒ}ntjt|ƒƒ}|j|jtjj||ƒj ƒƒdS(N( RMRt NoEncryptiontBestAvailableEncryptionR twritet private_bytestEncodingtPEMtdecode(RR=R2RKR0t encryption((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyRafs   cCsÜ|}|}t|tƒr'|g}nt|tƒrB|g}n|dkr]tdƒ‚n|jƒ|jƒ}||kr‚nV||kr´|jt|jƒƒƒ|j ƒn$d}t|j |j j |ƒƒ‚dS(s¡ Perform message type-checking & optional certificate loading. This includes fast-forwarding cert ``msg`` objects past the nonce, so that the subsequent fields are the key numbers; thus the caller may expect to treat the message as key material afterwards either way. The obtained key type is returned for classes which need to know what it was (e.g. ECDSA.) sKey object may not be emptys%Invalid key (class: {}, data type: {}N( t isinstanceR RMRtrewindtget_texttload_certificateRRt get_stringRKt __class__t__name__(RRtkey_typet cert_typet key_typest cert_typesttype_terr((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt_check_type_and_load_certrs"         cCst|tƒrd}n!tjj|ƒr3d}nd}tt|ƒ|ƒ}|jj|j ƒƒsd}t |j |j|j ƒƒƒ‚n||_ dS(s5 Supplement the private key contents with data loaded from an OpenSSH public key (``.pub``) or certificate (``-cert.pub``) file, a string containing such a file, or a `.Message` object. The .pub contents adds no real value, since the private key file includes sufficient information to derive the public key info. For certificates, however, this can be used on the client side to offer authentication requests to the server based on certificate instead of raw public key. See: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys Note: very little effort is made to validate the certificate contents, that is for the server to decide if it is good enough to authenticate successfully. t from_messaget from_filet from_strings0PublicBlob type {} incompatible with key type {}N( RkRR_tpathtisfiletgetattrt PublicBlobRrt startswithR%t ValueErrorRKt public_blob(Rtvaluet constructortblobRw((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyRn¡s  $N(!Rqt __module__t__doc__RtAESRtCBCt TripleDESRLRMRRRR"R#R%R&R(R*R,R-R.t classmethodR3R5R7R8R>R;RbRaRxRn(((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyR'sR            9  /RcBsbeZdZdd„Zed„ƒZed„ƒZed„ƒZd„Z d„Z d„Z RS( s† OpenSSH plain public key or OpenSSH signed public key (certificate). Tries to be as dumb as possible and barely cares about specific per-key-type data. ..note:: Most of the time you'll want to call `from_file`, `from_string` or `from_message` for useful instantiation, the main constructor is basically "I should be using ``attrs`` for this." cCs||_||_||_dS(sü Create a new public blob of given type and contents. :param str type_: Type indicator, eg ``ssh-rsa``. :param blob: The blob bytes themselves. :param str comment: A comment, if one was given (e.g. file-based.) N(Rrtkey_blobtcomment(RRvR…R((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyRÓs  cCs.t|ƒ}|jƒ}WdQX|j|ƒS(sO Create a public blob from a ``-cert.pub``-style file on disk. N(R:treadR{(R1R/R=tstring((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyRzßsc Csî|jd dƒ}t|ƒdkrBd}t|j|ƒƒ‚n|d}tt|dƒƒ}y|djƒ}Wntk rd }nXt |ƒ}|j ƒ}||krÕd}t|j||ƒƒ‚n|d|d|d|ƒS( sI Create a public blob from a ``-cert.pub``-style string. is%Not enough fields for public blob: {}iis>Invalid PublicBlob contents: key type={!r}, but blob type={!r}RvR…RN( RDRMRBRRKR R RCt IndexErrorRRm( R1RtfieldsRRrRŒRtmt blob_type((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyR{ès       cCs%|jƒ}|d|d|jƒƒS(sÝ Create a public blob from a network `.Message`. Specifically, a cert-bearing pubkey auth packet, because by definition OpenSSH-style certificates 'are' their own network representation." RvR…(RmR(R1tmessageRv((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyRys cCs8dj|jƒ}|jr4|dj|jƒ7}n|S(Ns{} public key/certificates- {}(RKRrR(Rtret((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyR s cCs|o|o|j|jkS(N(RŒ(RR((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyR#scCs ||k S(N((RR((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyt__ne__sN( RqR†R‡RMRR‹RzR{RyRR#R–(((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyRÇs     (!R‡RGRHRR_thashlibRtcryptography.hazmat.backendsRtcryptography.hazmat.primitivesRt&cryptography.hazmat.primitives.ciphersRRRtparamikoRtparamiko.commonRtparamiko.py3compatR R R R R tparamiko.ssh_exceptionRRtparamiko.messageRtobjectRR(((s1/tmp/pip-install-KP2Jbq/paramiko/paramiko/pkey.pyts  (ÿ¡