Ñò h'dWc @sŠdZddkZddkZddklZddklZlZlZddk l Z l Z l Z l Z lZlZlZlZddklZlZlZlZlZlZlZlZlZlZdZdZe d d d d ƒZe d ƒZ!eddƒZ"de fd„ƒYZ#de#fd„ƒYZ$e$ƒZ%de#fd„ƒYZ&de#fd„ƒYZ'd e#fd„ƒYZ(d„Z)dS(s/ module to define API Authentication Container iÿÿÿÿN(t namedtuple(tPopentCalledProcessErrortsystem_temp_path(tenumt AIServerErrort ERROR_TYPEtEventsGeneratort CreatedEventt DeletedEventtObjectChangedEventt MACAddress( t SRC_CLI_DEFtSRC_CIDt SRC_SERVERtSRC_SVCtSRC_CAt AISecurityt calc_hashtAUTH_CACERTFILE_DIRNAMEt CLNT_DFLTt HASHSUFFIXs/usr/bin/pktools/usr/bin/openssltKEYt CERTIFICATEtFWtNONEt0123456789abcdefABCDEFtFW_KEYSs aes, sha1t AuthContainercBsÝeZdZddd„Zd„Zd„Zed„ƒZed„ƒZ ed„ƒZ e i d„ƒZ ed„ƒZ e i d „ƒZ d „Z d „Zddd „Zdd „Zed„ƒZd„Zd„ZRS(sóBase Authentication Container The following event types are possible for the AuthContainer and the appropriate children: - ObjectChangedEvent - CreatedEvent - DeletedEvent Certificate, Key and FW classes should be used instead of this base class. Parameter auth_type - an enum of AUTH_TYPE must be KEY, CERTIFICATE, or FW, required, handled by subclasses Certificate, Key and FW source - a string containing the source of the certificate data, required contents - string containing the authority data file_path - string pointing to the credential file Return Value None Raises AIServerError for an unknown Authority type cCsHtt|ƒitttgƒ|djp|tiƒjot t i t dƒƒ‚n|djp|t ttttfjot t i t dƒƒ‚n|dj o)|dj ot t i t dƒƒ‚n|dj o4tii|ƒ o t t i t dƒ|ƒ‚n||_||_||_||_d|_dS(sInitialize the Auth ContainersUnknown authentication type.sUnknown authentication source.s.file_path and contents are mutually exclusive.sFile (%s) not foundN(tsuperRt__init__R RR tNonet AUTH_TYPEtvaluesRRt INVALID_VALUEt_R R RRRtostpathtexistst_AuthContainer__auth_typet_AuthContainer__sourcet_AuthContainer__contentst_AuthContainer__file_patht error_msg(tselft auth_typetsourcetcontentst file_path((s ../auth.pyRQs(     !     cCs t|iƒS(s7returns the string representation of the Auth Container(tstrR/(R,((s ../auth.pyt__repr__mscCsd|_d|_dS(s-clears out the contents and file_path membersN(RR)R*(R,((s ../auth.pytclearqs cCs|iS(sreturns auth_type member(R'(R,((s ../auth.pyR-vscCs|iS(sreturns source member(R((R,((s ../auth.pyR.{scCsvd}|idj o |i}nP|idj o?t|idƒiiƒ}z|~}|iƒ}WdQXn|S(sreturns contents membertrN(RR)R0topent__exit__t __enter__tread(R,t contents_datat_[1]tfobj((s ../auth.pyR/€s )cCs||_d|_dS(sassigns contents memberN(R)RR*(R,tvalue((s ../auth.pyR/Œs cCs|iS(sreturns file_path member(R*(R,((s ../auth.pyR0’scCsQ|o4tii|ƒ o ttitdƒ|ƒ‚n||_d|_ dS(sassigns file_path membersFile (%s) not foundN( R$R%R&RRR"R#R*RR)(R,R<((s ../auth.pyR0—s   cCs||_d|_dS(s¿updates the contents member, a side effect is that the file_path member is set to None. Parameter content - new contents data for the Authority container N(R)RR*(R,t new_contents((s ../auth.pytupdate_contents s cCsQ|o4tii|ƒ o ttitdƒ|ƒ‚n||_d|_ dS(s¶updates the file_path member, a side effect is that the contents member is set to None. Parameter new_path - new path for the Authority container sFile (%s) not foundN( R$R%R&RRR"R#R*RR)(R,tnew_path((s ../auth.pytupdate_file_pathªs   cCs~d}|dj o|i|ƒ}}nE|dj o |}n.|idj o |i}n|iƒ}}|||jfS(s5returns the path to use and if it is a temporary pathN(Rt _save_tempR0(R,R/R0t temp_pathR%((s ../auth.pyt correct_path¸s    cCs&|d jo,|id jottitdƒƒ‚n|itijo d}nA|iti jo d}n$|iti jo d}nd}t i d|dt ƒƒ\}}|d jo |in|}ti||ƒ}|t|ƒjottitdƒƒ‚nti|ƒ|S( sÉsave the contents temporarily Parameter contents - contents data for the Authority container, optional Raises AIServerError - if contents are not saved sNothing to savetkey_tcrt_tfw_tunknown_tprefixtdirsContents write failed.N(RR/RRR"R#R-R RRRttempfiletmkstempRR)R$twritetlent RUNTIME_ERRORtclose(R,R/RHtfdescR%tdatat write_len((s ../auth.pyRAÆs&      cCs|idjo |idjS(s/property to check if the AuthContainer is emptyN(R)RR0(R,((s ../auth.pytis_emptyæscCs d|_dS(sclear the error messageN(RR+(R,((s ../auth.pyt clear_errorëscCs ||_dS(sset the error messageN(R+(R,terror((s ../auth.pyt set_error_msgïsN(t__name__t __module__t__doc__RRR2R3tpropertyR-R.R/tsetterR0R>R@RCRARSRTRV(((s ../auth.pyR7s"      t _AuthNonecBsVeZdZd„Zed„ƒZed„ƒZed„ƒZd„Zd„Z RS(s¯Authentication None class - subclass of AuthContainer _AuthNone is a private AuthContainer. Use AUTH_NONE instead to create an AuthContainer equivalent to None. cCs)tt|ƒititƒd|_dS(sAuthNone class initializers**UNASSIGNED**N(RR\RR RRt_hash(R,((s ../auth.pyRúscCstt|ƒiS(N(RR\R0(R,((s ../auth.pyR0ÿscCstt|ƒiS(N(RR\R/(R,((s ../auth.pyR/scCs|iS(s#returns the hash of the certificate(R](R,((s ../auth.pythashscCsttdƒƒ‚dS(svprevents updates to the contents member from the parent class Parameter content - ignored s1Updating the contents of AuthNone is not allowed.N(tAttributeErrorR#(R,t _new_contents((s ../auth.pyR> scCsttdƒƒ‚dS(sxprevents updates to the file_path member from the parent class Parameter new_path - ignored s2Updating the file_path of AuthNone is not allowed.N(R_R#(R,t _new_path((s ../auth.pyR@s( RWRXRYRRZR0R/R^R>R@(((s ../auth.pyR\ôs  t CertificatecBsòeZdZdddd„Zd„Zed„ƒZdddd„Zd„Z ed„ƒZ e i d„ƒZ ed„ƒZ e i d „ƒZ ddd „Z d „Zed „ƒZed „ƒZd„Zed„ƒZed„ƒZRS(sÈAuthentication Certificate class - subclass of AuthContainer Certificate can be either a CA certificate or a simple certificate. If it is a CA certificate then the uses method can be used to determine the usage of the CA certificate. If it is a simple certificate then a CA certificate can be associated with it. Parameter source - a string containing the source of the certificate data, required contents - a string containing the certificate data, optional, mutually exclusive with file_path file_path - string pointing to the certificate file, optional, mutually exclusive with contents cacert - a Certificate container for the CA certificate, optional Return Value None Raises AIServerError - if contents is not None and not a valid certificate if cacert is not None and not a Certificate container cCsÅtt|ƒiti|d|d|ƒ|dj o-t|tƒ otti t dƒƒ‚n||_ d|_ |dj p |dj o*|i ƒ otti t dƒƒ‚nd|_dS(s,Initialize a Certificate Authority ContainerR/R0s%cacert must be a Certificate or None.sInvalid certificate.N(RRbRR RRt isinstanceRRR"R#tcacertR]tverifyt_pktool_output(R,R.R/R0Rd((s ../auth.pyR:s    cCsv|io tdƒS|iƒp tdƒS|i\}}}}tdƒh|id6|d6|d6|d6|d6S(NsBlank Certificates[Identifier hash: %(hash)s Subject: %(sub)s Issuer: %(issuer)s Valid from %(from)s to %(to)sR^tsubtissuertfromtto(RSR#ReR1Rt cert_infoR^(R,tsubjectRht valid_fromtvalid_to((s ../auth.pyR2Ns     c CsÜg}|io|Stƒ}|i}|iƒ}|oCx@|dD]0}|t|ƒjo|itdƒƒqEqEWntii |i t t |t ƒ}tii|ƒo*|t|ƒjo|itdƒƒntii|iƒo—x”ti|iƒD]|}tii |i|t |t ƒ}tii|ƒoA|t|ƒjo.|itdƒdi t|dƒƒƒqqWntii|iƒo„xti|iƒD]i} tii |i| t |t ƒ} tii| ƒo.|t| ƒjo|itdƒ| ƒq²q²Wn|i} | o=tii| ƒo*|t| ƒjo|itdƒƒn|i} | o=tii| ƒo*|t| ƒjo|itd ƒƒnt|ƒo|Std ƒgS( s÷returns a list of strings describing the use(s) for this CA Certificate, based on the hash. If cert is empty, an empty list is returned. If no uses are discovered, a list containing 'Unknown' is returned. is'Note: this is the server CA certificatesClient defaultsClient t:isService s(Note: this is the signing CA certificates%Note: this is the root CA certificatetUnknown(RSRR^tget_server_cacrtRtappendR#R$R%tjointauth_client_dirRRRR&tauth_client_cid_dirtlistdirR tauth_service_dirtsigning_cacrt_pathtroot_cacrt_pathRM( R,tusestsecobjt cert_hashtserver_cacrt_patht cert_pathtdefault_client_pathtcidtcid_pathtsvctsvc_pathRxRy((s ../auth.pyRz[s^       6 #  cCs>|o#|ottitdƒƒ‚n|iƒ|djo5|idjo%|djo|itdƒƒtS|i d|d|ƒ\}}|i djo§|djošdt |f}zWy-t i |iƒdt idt iƒtSWn#tj o}|i|ƒtSXWd|o$tii|ƒoti|ƒnXn|dj o-t|tƒ ottitd ƒƒ‚n|dj oAx>|D]2}t|tƒpttitd ƒƒ‚q™q™Wn|o|n|i } t| tƒp | g} nd } x| D]} | | i7} qWtid d dtƒƒ\} } ti| | ƒti| ƒdt | |f}zkyAt i |iƒdt idt iƒ}|ii dƒdjSWn#tj o}|i|ƒtSXWd|o$tii|ƒoti|ƒntii| ƒoti| ƒnXdS(s˜verify the certificate against the CA certificate Paramater cacert - a list of Certificate containers containing the CA certificates to validate against, optional contents - the data for the Certificate container to be verified, optional, mutually exclusive with file_path file_path - the path of the Certificate to be verified, optional, mutually exclusive with contents Return Value True if a valid certificate is represented else False Raises AIServerError - if cacert is None or not a Certificate s.file_path and contents are mutually exclusive.sBlank certificate.R/R0s%s x509 -noout -text -in %ststdouttstderrNs Invalid list of CA certificates.sInvalid CA certificate.tRHt ca_certs_RIs%s verify -CAfile %s %stOKiÿÿÿÿ(!RRR"R#RTRR/RVtFalseRCRdtOPENSSLRt check_calltsplittDEVNULLtTrueRR$R%R&tremoveRctlistRbRJRKRRLROtSTORER„tfind(R,RdR/R0R%RBtcmd_strRUt a_ca_certtcacertst ca_contentstca_certRPtca_pathtprocess((s ../auth.pyRežsl  *           cCs}|djod|_dSt|tƒpttitdƒƒ‚n|iƒo ||_nttitdƒƒ‚dS(sUpdate the CA certificate Parameter cacert - a Certificate Authority container for the CA certificate, optional Return Value None Raises AIServerError - if cacert is not a Certificate NsNot a CA certificate.sNot a valid CA certificate.( RRdRcRbRRR"R#Re(R,Rd((s ../auth.pyt update_cacertìs      cCstt|ƒiS(s returns the certificate contents(RRbR/(R,((s ../auth.pyR/scCs«|tt|ƒijo|idjodS|dj o$|id|ƒo|i|ƒn7|djo|idƒntti t dƒƒ‚d|_ d|_ dS(s(assigns the contents for the CertificateNR/sNot a valid certificate.( RRbR/R0RReR>RRR"R#R]Rf(R,R<((s ../auth.pyR/ s    cCstt|ƒiS(s!returns the certificate file_path(RRbR0(R,((s ../auth.pyR0scCsÒ|tt|ƒijodS|o0tii|ƒ ottit dƒƒ‚n|dj o$|i d|ƒo|i |ƒn7|djo|i dƒnttit dƒƒ‚d|_ d|_dS(s)assigns the file_path for the CertificateNsInvalid certificate file path.R0sNot a valid certificate.(RRbR0R$R%R&RRR"R#RReR@R]Rf(R,R<((s ../auth.pyR0!s     cCs¹|djo|djo|iƒdS|dj o$|id|ƒo|i|ƒnJ|dj o$|id|ƒo|i|ƒnttitdƒƒ‚d|_ d|_ dS(s²Update the certificate Parameter contents - certificate data for the Certificate container, optional, mutually exclusive with file_path file_path - file path for the Certificate container, optional, mutually exclusive with contents Return Value None Raises AIServerError if openssl terminates improperly NR/R0sNot a valid certificate.( RR3ReR>R@RRR"R#R]Rf(R,R/R0((s ../auth.pyt update_cert5s     cCs|i|ijS(sReturns True if hashes equal(R^(R,tother((s ../auth.pyt__eq__Rsc Csð|idjodS|idjoÄ|iƒ\}}dt|f}z]y+ti|iƒdtidtiƒ}Wn+t j ot t i t dƒƒ‚nXWd|o$tii|ƒoti|ƒnX|iiƒ|_n|iS(s~Return the hash value of the certificate Raises AIServerError - if openssl terminates improperly s%s x509 -hash -in %s -nooutR„R…s-Unable to calculate the hash for certificate.N(R/RR]RCRŠRR‹RŒtPIPERRRRNR#R$R%R&RR„tstrip(R,R%RBR“R™((s ../auth.pyR^Vs  cCsÆ|djottitdƒƒ‚n|iƒ}t|ƒdjottitdƒƒ‚n|dig}|D]}|tjo ||qxqx~ƒjottitdƒƒ‚ndS(svalidate the certificate hash Args: cert_hash - a hexidecimal hash for a certificate Raises: AIServerError - if the hash has invalid digits or not 8 characters. returns - nothing sMust provide a hash valueisInvalid hash lengthR†sInvalid hash digitN( RRRR"R#RŸRMRst HEXDIGITS(tclsR|R:tx((s ../auth.pyt validate_hashrs    B cCsÝ|idjotSt|tƒ p|idjotS|i|ijotS|iƒ\}}dt|f}z]y+ti |i ƒdti dti ƒ}Wn+t j ot titdƒƒ‚nXWd|o$tii|ƒoti|ƒnX|iidƒ}|iƒ\}}dt|f}z]y+ti |i ƒdti dti ƒ}Wn+t j ot titdƒƒ‚nXWd|o$tii|ƒoti|ƒnX|iidƒ}||jS( s)verify that the key is the correct one for the certificate Parameter key - a Key Authority Container Return Value True if key and certificate are pairs else False Raises AIServerError - if modulus fails for key or certificate s%s x509 -noout -modulus -in %sR„R…s,Unable to determine modulus for certificate.Ns s%s rsa -noout -modulus -in %ss$Unable to determine modulus for key.(R/RR‰RctKeyR.RCRŠRR‹RŒRžRRRRNR#R$R%R&RR„RŸ(R,tkeyR%RBR“R™tcert_modtkey_mod((s ../auth.pyt matching_keyŠs> !  c Csá|id joÊ|iƒ\}}tdddd|g}zly:ti|dtidtiƒ}|iidƒ|_Wn+t j ot t i t dƒƒ‚nXWd |o$tii|ƒoti|ƒnXn|iS( sReturn the stdout from 'pktool list' on the cert. The output from pktool is presumed to not change over the lifetime of the cert, therefore the output is saved on first retrieval and then referenced on subsequent querys. Rs keystore=files keyvalue=ys infile=%sR„R…s s.Error: unable to inspect certificate contents.N(RfRRCtPKTOOLRR‹R‘R„RŸRRRRNR#R$R%R&R(R,R%RBtcmdtproc((s ../auth.pyt pktool_output¼s    c Cs"|idjodS|i}|idƒtdƒ}||idƒ|}|idƒtdƒ}||idƒ|}|idƒtdƒ}||idƒ|}|idƒtdƒ}||idƒ|} |||!} |||!} |||!} ||| !} | | | | fS(sReturns a tuple of 4 strings: (subject, issuer, valid_from, valid_to) Method parses the output from "pktool list", and presumes that the row labels in the output are not localized thus the label's are hardcoded here. sSubject:s sIssuer:s Not Before:s Not After:N(NNNN(R/RR¬R’RM(R,toutputt subject_startt subject_endt issuer_startt issuer_endtfrom_date_startt from_date_endt to_date_startt to_date_endRlRhRmRn((s ../auth.pyRkÕs      N(RWRXRYRRR2RZRzReRšR/R[R0R›RR^t classmethodR£R¨R¬Rk(((s ../auth.pyRb"s" CN   2R¤cBseZdZd d d„Zd„Zed„ƒZeid„ƒZed„ƒZ e id„ƒZ d d d„Z d„Z d d d „Z RS( sÝAuthenitcation Key class - subclass of AuthContainer Parameter source - a string containing the source of the key data, required contents - a string containing the key data, optional, mutually exclusive with file_path file_path - the path of the key, optional, mutually exclusive with contents Return Value None Raises AIServerError - if contents is not None and not a valid key cCsptt|ƒiti|d|d|ƒ|dj p |dj o*|iƒ otti t dƒƒ‚ndS(s$Initialize a Key Authority ContainerR/R0s Invalid key.N( RR¤RR RRReRRR"R#(R,R.R/R0((s ../auth.pyRs ! cCs1|iƒo tdƒS|io tdƒSdS(Ns Private Keys Blank Key(ReR#RS(R,((s ../auth.pyR2s   cCstt|ƒiS(sreturns the contents of the Key(RR¤R/(R,((s ../auth.pyR/scCs™|tt|ƒijo|idjodS|dj o$|id|ƒo|i|ƒn7|djo|idƒntti t dƒƒ‚dS(sassigns the contents of the KeyNR/sNot a valid key.( RR¤R/R0RReR>RRR"R#(R,R<((s ../auth.pyR/s   cCstt|ƒiS(s)returns the contents of the Key file_path(RR¤R0(R,((s ../auth.pyR0(scCsÀ|tt|ƒijodS|o0tii|ƒ ottit dƒƒ‚n|dj o$|i d|ƒo|i |ƒn7|djo|i dƒnttit dƒƒ‚dS(s!assigns the file_path for the KeyNsInvalid Key file path.R0sNot a valid Key.( RR¤R0R$R%R&RRR"R#RReR@(R,R<((s ../auth.pyR0-s    c CsB|o#|ottitdƒƒ‚n|iƒ|d jo5|id jo%|d jo|itdƒƒtS|i d|d|ƒ\}}dt |f}zkyAt i |i ƒdt idt iƒ}|iidƒd jSWn#tj o}|i|ƒtSXWd |o$tii|ƒoti|ƒnXd S( s/verify that the source is a proper key Parameter contents - the data for the Key container to be verified, optional, mutually exclusive with file_path file_path - the path of the Key to be verified, optional, mutually exclusive with contents Return Value True if a valid key is represented else False Raises AIServerError - if the contents length does not match what was written out, from super class s.file_path and contents are mutually exclusive.s Blank key.R/R0s%s rsa -check -noout -in %sR„R…tokiÿÿÿÿN(RRR"R#RTRR/RVR‰RCRŠRR‹RŒR‘R„R’RR$R%R&R(R,R/R0R%RBR“R™RU((s ../auth.pyRe?s(  *   cCsý|idjo|idjotSt|tƒ p |idjo|idjotS|i|ijotS|iƒ\}}dt|f}z]y+t i |i ƒdt i dt i ƒ}Wn+t j ottitdƒƒ‚nXWd|o$tii|ƒoti|ƒnX|iidƒ}|iƒ\}}dt|f}z]y+t i |i ƒdt i dt i ƒ}Wn+t j ottitdƒƒ‚nXWd|o$tii|ƒoti|ƒnX|iidƒ}||jS( s2verify that the certificate is the correct one for the key Parameter cert - a Certificate Authority Container Return Value True if key and certificate are pairs else False Raises AIServerError - if modulus fails for key or certificate s%s rsa -noout -modulus -in %sR„R…s$Unable to determine modulus for key.Ns s%s x509 -noout -modulus -in %ss,Unable to determine modulus for certificate.(R/RR0R‰RcRbR.RCRŠRR‹RŒRžRRRRNR#R$R%R&RR„RŸ(R,tcertR%RBR“R™R§R¦((s ../auth.pyt matching_cerths@ !  cCs§|djo|djo|iƒdS|dj o$|id|ƒo|i|ƒnJ|dj o$|id|ƒo|i|ƒnttitdƒƒ‚dS(s”Update the key Parameter contents - key data for the Key container, optional, mutually exclusive with file_path file_path - file path for the Key container, optional, mutually exclusive with contents Return Value None Raises AIServerError - if openssl terminates improperly NR/R0sNot a valid key.( RR3ReR>R@RRR"R#(R,R/R0((s ../auth.pyt update_key›s    N( RWRXRYRRR2RZR/R[R0ReR¹Rº(((s ../auth.pyR¤ôs ) 3cBs†eZdZd d d„Zd„Zed„ƒZeid„ƒZed„ƒZ e id„ƒZ d d d„Z d d d„Z RS( söAuthentication Firmware class - subclass of AuthContainer Parameter source - a string containing the source of the FW data, required contents - a string containing the key data, optional, mutually exclusive with file_path file_path - the path of the FW Key to be verified, optional, mutually exclusive with contents Return Value None Raises AIServerError - if contents is not None and not a valid FW Key cCsptt|ƒiti|d|d|ƒ|dj p |dj o*|iƒ ottit dƒƒ‚ndS(s2Initialize a FW (Firmware) Key Authority ContainerR/R0sInvalid FW key.N( RRRR RReRRR"R#(R,R.R/R0((s ../auth.pyRÇs ! c Csþ|io tdƒS|iƒ\}}dt|f}z]y+ti|iƒdtidtiƒ}Wn+tj ot t i tdƒƒ‚nXWd|o$t i i|ƒot i|ƒnX|iidƒidƒ}t|ƒdjo |dSdS( Ns Empty FW Keys6%s list keystore=file objtype=key keyvalue=y infile=%sR„R…sInvalid FW contents.s Roi(RSR#RCR©RR‹RŒR‘RRRR"R$R%R&RR„RŸRM(R,R%RBR“R™tkeyout((s ../auth.pyR2Ðs"    cCstt|ƒiS(s"returns the contents of the FW key(RRR/(R,((s ../auth.pyR/æscCs™|tt|ƒijo|idjodS|dj o$|id|ƒo|i|ƒn7|djo|idƒntti t dƒƒ‚dS(s"assigns the contents of the FW keyNR/sNot a valid FW key.( RRR/R0RReR>RRR"R#(R,R<((s ../auth.pyR/ës   cCstt|ƒiS(s"returns the contents of the FW key(RRR0(R,((s ../auth.pyR0úscCsö|tt|ƒijodS|o0tii|ƒ ottit dƒƒ‚n|o/tii |ƒottit dƒƒ‚n|dj o$|i d|ƒo|i |ƒn7|djo|i dƒnttit dƒƒ‚dS(s$assigns the file_path for the FW keyNsInvalid FW key file path.R0sNot a valid FW key.(RRR0R$R%R&RRR"R#tisdirRReR@(R,R<((s ../auth.pyR0ÿs     c Cs6|iƒ|djo5|idjo%|djo|itdƒƒtS|o/tii|ƒo|itdƒ|ƒtS|i d|d|ƒ\}}dt |f}zSy)t i |i ƒdt idt iƒWn#tj o}|i|ƒtSXWd|o$tii|ƒoti|ƒnXtS( sªverify that the contents are a proper key Parameter contents - data for the FW Authority Container, optional, mutually exclusive with file_path file_path - the path of the FW Key to be verified, optional, mutually exclusive with contents Return Value True if key is valid else False Raises None s Blank FW.sInvalid FW file_path (%s).R/R0s6%s list keystore=file objtype=key keyvalue=y infile=%sR„R…N(RTRR/RVR#R‰R$R%R¼RCR©RR‹RŒR‘RR&RRŽ(R,R/R0R%RBR“RU((s ../auth.pyRes* *   cCs§|djo|djo|iƒdS|dj o$|id|ƒo|i|ƒnJ|dj o$|id|ƒo|i|ƒnttitdƒƒ‚dS(s›Update the key Parameter contents - key data for the FW Key container, optional, mutually exclusive with file_path file_path - file path for the FW Key container, optional, mutually exclusive with contents Return Value None Raises AIServerError - if openssl terminates improperly NR/R0sNot a valid key.( RR3ReR>R@RRR"R#(R,R/R0((s ../auth.pyRº>s    N( RWRXRYRRR2RZR/R[R0ReRº(((s ../auth.pyR·s )cCs|tttfjottitdƒƒ‚ny¢|djo||ƒ}n‚tii |ƒo||d|ƒ}nYtii |ƒptii |ƒo ttitdƒ|ƒ‚n||d|ƒ}Wn't j o}tti|ƒ‚nX|S(sLcreates a credential of type the_class from the source and contents Parameters the_class - the class for the credential -- Certificate, Key or FW source - the source of the credential -- server, service, ca, cid, client_default contents - a string of the contents for the credential Return Value An instance of the_class - Certificate, Key or FW Raises AIServerError - if the_class raises a ValueError Or if the_class is not a Certificate, Key or FW class sInvalid class type.tgenerateR0sInvalid credential file (%s)R/( RbR¤RRRR"R#R$R%tisfiletislinkR¼t ValueError(t the_classR.R/tcredterr((s ../auth.pytmake_credential[s & (*RYR$RJt collectionsRtsolaris_installRRRtsolaris_install.ai.serverRRRRRR R R t+solaris_install.ai.server.internal.securityR R RRRRRRRRR©RŠR tsetR RRR\t AUTH_NONERbR¤RRÄ(((s ../auth.pyts.  :F  ½+ ÿÓä