(keydir, keyname, key, passphrase=None)
| 148 | |
| 149 | |
| 150 | def _write_private(keydir, keyname, key, passphrase=None): |
| 151 | base = os.path.join(keydir, keyname) |
| 152 | priv = f"{base}.pem" |
| 153 | # Do not try writing anything, if directory has no permissions. |
| 154 | if not os.access(keydir, os.W_OK): |
| 155 | raise OSError( |
| 156 | 'Write access denied to "{}" for user "{}".'.format( |
| 157 | os.path.abspath(keydir), getpass.getuser() |
| 158 | ) |
| 159 | ) |
| 160 | if pathlib.Path(priv).exists(): |
| 161 | # XXX |
| 162 | # raise RuntimeError() |
| 163 | log.error("Key should not exist") |
| 164 | with salt.utils.files.set_umask(0o277): |
| 165 | with salt.utils.files.fopen(priv, "wb+") as f: |
| 166 | if passphrase: |
| 167 | enc = serialization.BestAvailableEncryption(passphrase.encode()) |
| 168 | _format = serialization.PrivateFormat.TraditionalOpenSSL |
| 169 | if fips_enabled(): |
| 170 | _format = serialization.PrivateFormat.PKCS8 |
| 171 | else: |
| 172 | enc = serialization.NoEncryption() |
| 173 | _format = serialization.PrivateFormat.TraditionalOpenSSL |
| 174 | pem = key.private_bytes( |
| 175 | encoding=serialization.Encoding.PEM, |
| 176 | format=_format, |
| 177 | encryption_algorithm=enc, |
| 178 | ) |
| 179 | f.write(pem) |
| 180 | |
| 181 | |
| 182 | def _write_public(keydir, keyname, key): |
no test coverage detected