NPc @s:dZddlZddlZddlZddlZddlZddlZddlZddlZddl Z dej ddfdej ddfdej ddfdej ddfdej ddfdej ddfgZ dZd efd YZd efd YZed ZedZedZedZedZedZedZied 6ed6ed6ed6ed6ed6ed6ZdZdefdYZedZedZedZedZedZ edZ!edZ"edZ#edZ$i ed6ed6ed6ed6e d6e!d6e"d6e#d6e$d6Z%d Z&dd!Z'ddd"Z(d#Z)d$Z*d%Z+d&Z,d'Z-d(Z.d)Z/dd*d+Z0d,Z1dd-Z2dd.Z3d/Z4e5d0kr6ej6e4ej7d1ndS(2su Keyczart(ool) is a utility for creating and managing Keyczar keysets. @author: arkajit.dey@gmail.com (Arkajit Dey) iNtaess aes-cryptedthmactrsasrsa-signtdsat_NamecBseZdZdZRS(cCs ||_dS(N(tname(tselfR((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyt__init__,scCs|jS(N(R(R((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyt__str__/s(t__name__t __module__RR(((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyR*s tCommandcBseZdZRS(s$Enum representing keyczart commands.(R R t__doc__(((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyR 2stcreatetaddkeytpubkeytpromotetdemotetrevoketgenkeycCs3y t|SWn tk r.tjdnXdS(NsIllegal command(tcommandstKeyErrorterrorst KeyczarError(tcmd((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyt GetCommand@s  tFlagcBseZdZRS(s!Enum representing keyczart flags.(R R R (((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyRFstlocationRtsizetstatustpurposet destinationtversiont asymmetrictcryptercCs3y t|SWn tk r.tjdnXdS(Ns Unknown flag(tflagsRRR(tflag((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pytGetFlagVs  cCs^tdkr*|dkr*tjdnd}|tjkr|dkrftj||tj}q|j dkrtj||tj }qtj||tj }n`|tj kr|dkrtj||tj }qtj||tj }ntjdtdk r&|t_n4tj|}z|j|dtWd|jXdS(NsLocation missingRsMissing or unsupported purposet overwrite(tmocktNoneRRtkeyinfotSIGN_AND_VERIFYtkeydatat KeyMetadatat HMAC_SHA1tlowertRSA_PRIVtDSA_PRIVtDECRYPT_AND_ENCRYPTtAEStkmdtwriterst CreateWritert WriteMetadatatFalsetClose(tlocRRR!R3twriter((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pytCreate\s(    cCsHt||}|dkr$d}n|j||t|||dS(Ni(tCreateGenericKeyczarR(t AddVersiontUpdateGenericKeyczar(R9RR"Rtczar((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pytAddKeyys   cCsJtdkr*|dkr*tjdnt|}|j|tdS(NsMust define destination(R'R(RRR<tPublicKeyExport(R9tdestR?((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pytPubKeys cCsHt|}|dkr*tjdn|j|t||dS(NisMissing version(R<RRtPromoteR>(R9tnumR?((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyRDs    cCsHt|}|dkr*tjdn|j|t||dS(NisMissing version(R<RRtDemoteR>(R9RER?((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyRFs    cCst|}|dkr*tjdn|j|t||tdk r`tj|n.tj |}z|j |Wd|j XdS(NisMissing version( R<RRtRevokeR>R'R(t RemoveKeyR4R5tRemoveR8(R9RER?R:((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyRGs     cCstjj|S(s,Helper to create a Crypter for the location.(tkeyczartCryptertRead(R((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyt_CreateCrypterscCsFdGHxtD]\}}}}dGHtjj||}|r\ttjj||}nt|t|d||t|tj |t ||tjj|d|t|tj |t ||tjj|d|q WdGHxNd D]F}dGHtjj||}tjj||d }t ||qWd GHdS( NsGenerating private key sets...t.tTests1.outs2.outsExporting public key sets...Rsrsa-signs.publicsDone!(Rsrsa-sign( tKEYSETStostpathtjoinRMtCleanR;R@R)tPRIMARYtUseKeyRC(R9RRR!R"tdir_pathRB((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyt GenKeySets& "& cCsUxNtj|D]=}tjj||}tjj|stj|qqWdS(N(RQtlistdirRRRStisdirtremove(t directorytfilenameRR((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyRTssThis is some test datacCstj|}zd}|r3tj||}n|tjkr]tj|j|}n*|tjkrtj |j |}nt j ||Wd|j XdS(Nt(treaderst CreateReadertEncryptedReaderR)R1RJRKtEncryptR*tSignertSigntutilt WriteFileR8(RR9RBR"tmsgtreadertanswer((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyRVscCs dGHdS(NsUsage: "Keyczart command flags" Commands: create addkey pubkey promote demote revoke Flags: location name size status purpose destination version asymmetric crypter Command Usage: create --location=/path/to/keys --purpose=(crypt|sign) [--name="A name"] [--asymmetric=(dsa|rsa)] Creates a new, empty key set in the given location. This key set must have a purpose of either "crypt" or "sign" and may optionally be given a name. The optional asymmetric flag will generate a public key set of the given algorithm. The "dsa" asymmetric value is valid only for sets with "sign" purpose. with the given purpose. addkey --location=/path/to/keys [--status=(active|primary)] [--size=size] [--crypter=crypterLocation] Adds a new key to an existing key set. Optionally specify a purpose, which is active by default. Optionally specify a key size in bits. Also optionally specify the location of a set of crypting keys, which will be used to encrypt this key set. pubkey --location=/path/to/keys --destination=/destination Extracts public keys from a given key set and writes them to the destination. The "pubkey" command Only works for key sets that were created with the "--asymmetric" flag. promote --location=/path/to/keys --version=versionNumber Promotes the status of the given key version in the given location. Active keys are promoted to primary (which demotes any existing primary key to active). Keys scheduled for revocation are promoted to be active. demote --location=/path/to/keys --version=versionNumber Demotes the status of the given key version in the given location. Primary keys are demoted to active. Active keys are scheduled for revocation. revoke --location=/path/to/keys --version=versionNumber Revokes the key of the given version number. This key must have been scheduled for revocation by the promote command. WARNING: The key will be destroyed. Optional flags are in [brackets]. The notation (a|b|c) means "a", "b", and "c" are the valid choices((((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pytUsages%cCstdk rtjtS|dkr7tjdnUd}tj|}z.|rjtj||}ntj|}Wd|j X|SdS(Ns Need location( R'R(RJtGenericKeyczarRRR_R`RaR8(R9R"tgenericRh((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyR<s    cCstdk rK|jt_xa|jD]"}tj|j|j|q"Wn1tj |}z|j ||Wd|j XdS(N( R'R(tmetadataR3tversionstSetKeytversion_numbertGetKeyR4R5tWriteR8(R?R9t encryptertvR:((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pyR>s  #c Csst|dkrtnSt|d}i}xs|D]k}|jdr9|d}y)|jd\}}||t|RR texitR(((s4/usr/lib/python2.7/site-packages/keyczar/keyczart.pytsv                                     '  2