MCPcopy Index your code
hub / github.com/saltstack/salt / _write_private

Function _write_private

salt/crypt.py:150–179  ·  view source on GitHub ↗
(keydir, keyname, key, passphrase=None)

Source from the content-addressed store, hash-verified

148
149
150def _write_private(keydir, keyname, key, passphrase=None):
151 base = os.path.join(keydir, keyname)
152 priv = f"{base}.pem"
153 # Do not try writing anything, if directory has no permissions.
154 if not os.access(keydir, os.W_OK):
155 raise OSError(
156 'Write access denied to "{}" for user "{}".'.format(
157 os.path.abspath(keydir), getpass.getuser()
158 )
159 )
160 if pathlib.Path(priv).exists():
161 # XXX
162 # raise RuntimeError()
163 log.error("Key should not exist")
164 with salt.utils.files.set_umask(0o277):
165 with salt.utils.files.fopen(priv, "wb+") as f:
166 if passphrase:
167 enc = serialization.BestAvailableEncryption(passphrase.encode())
168 _format = serialization.PrivateFormat.TraditionalOpenSSL
169 if fips_enabled():
170 _format = serialization.PrivateFormat.PKCS8
171 else:
172 enc = serialization.NoEncryption()
173 _format = serialization.PrivateFormat.TraditionalOpenSSL
174 pem = key.private_bytes(
175 encoding=serialization.Encoding.PEM,
176 format=_format,
177 encryption_algorithm=enc,
178 )
179 f.write(pem)
180
181
182def _write_public(keydir, keyname, key):

Callers 2

write_keysFunction · 0.85
write_privateMethod · 0.85

Calls 5

fips_enabledFunction · 0.85
formatMethod · 0.80
existsMethod · 0.45
errorMethod · 0.45
writeMethod · 0.45

Tested by

no test coverage detected