External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-15 21:37:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fix RSA credential checking in Azure.

Browse Source 
https://trello.com/c/dPU6GsGT/204-improve-supported-azure-rsa-key-format
s
This commit is contained in:
Luke Sneeringer
2014-07-30 15:13:03 -05:00
parent 6156e3c456
commit 482f1ba771
1 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
awx/main/models/credential.py
View File

@@ -209,33 +209,29 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
validation_error = ValidationError('Invalid SSH private key') validation_error = ValidationError('Invalid SSH private key')
# Set up the valid private key header and footer. # Set up the valid private key header and footer.
begin_re = r'^(-{4,})\s*BEGIN\s+([A-Z0-9]+)?\s*PRIVATE\sKEY\s*(-{4,})$' begin_re = r'(-{4,})\s*BEGIN\s+([A-Z0-9]+)?\s*PRIVATE\sKEY\s*(-{4,})'
end_re = r'^(-{4,})\s*END\s+([A-Z0-9]+)?\s*PRIVATE\sKEY\s*(-{4,})$' end_re = r'(-{4,})\s*END\s+([A-Z0-9]+)?\s*PRIVATE\sKEY\s*(-{4,})'
# Sanity check: We may potentially receive a full PEM certificate, # Sanity check: We may potentially receive a full PEM certificate,
# and we want to accept these. # and we want to accept these.
cert_re = r'^(-{4,})\s*BEGIN\s+CERTIFICATE\s*(-{4,})' cert_begin_re = r'^(-{4,})\s*BEGIN\s+CERTIFICATE\s*(-{4,})'
cert_match = re.search(cert_re, data) cert_end_re = r'^(-{4,})\s*END\s+CERTIFICATE\s*(-{4,})'
if cert_match: cert_begin_match = re.search(cert_begin_re, data)
private_key_begin = re.search(begin_re[1:-1], data) if cert_begin_match:
if not private_key_begin: cert_end_match = re.search(cert_end_re, data)
if not cert_end_match:
raise validation_error raise validation_error
boundary = private_key_begin.start() cert = data[cert_begin_match.start():cert_end_match.end()]
cert = data[:boundary].strip()
data = data[boundary:].strip()
# Split the SSH key into individual lines. # Find the private key, and also ensure that it internally matches
# If we have no content at all, then this is not a valid SSH key. # itself.
lines = data.splitlines() begin_match = re.search(begin_re, data)
if not lines: end_match = re.search(end_re, data)
raise validation_error
# Match the beginning and ending against what we expect, and also
# ensure that they match one another.
begin_match = re.match(begin_re, lines[0])
end_match = re.match(end_re, lines[-1])
if not begin_match or not end_match: if not begin_match or not end_match:
raise validation_error raise validation_error
# Ensure that everything, such as dash counts and key type, lines up,
# and raise an error if it does not.
dashes = set([begin_match.groups()[0], begin_match.groups()[2], dashes = set([begin_match.groups()[0], begin_match.groups()[2],
end_match.groups()[0], end_match.groups()[2]]) end_match.groups()[0], end_match.groups()[2]])
if len(dashes) != 1: if len(dashes) != 1:
@@ -244,6 +240,9 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
raise validation_error raise validation_error
line_continues = False line_continues = False
# The private key data begins and ends with the private key.
data = data[begin_match.start():end_match.end()]
# Establish that we are able to base64 decode the private key; # Establish that we are able to base64 decode the private key;
# if we can't, then it's not a valid key. # if we can't, then it's not a valid key.
# #