- # 1. key must not be blacklisted
-
- # Remove leading and trailing spaces
- key = key.strip()
- # Make sure key is not blank
- if not len(key) > 0:
- raise PLCInvalidArgument, "Invalid key"
-
- rows = self.api.db.selectall("SELECT is_blacklisted from keys" \
- " WHERE key = '%s'" % key)
- if rows:
- raise PLCInvalidArgument, "Key is blacklisted"
- return key
-
- def add_person(self, person, commit = True):
- """
- Associate key with person
- """
-
- assert 'key_id' in self
- assert isinstance(person, PLC.Persons.Person)
- assert 'person_id' in person
-
- person_id = person['person_id']
- key_id = self['key_id']
-
- if not 'person_id' in self:
- assert key_id not in person['key_ids']
-
- self.api.db.do("INSERT INTO person_key (person_id, key_id)" \
- " VALUES (%d, %d)" % (person_id, key_id) )
- if commit:
- self.api.db.commit()
-
- self['person_id'] = person_id
- person['key_id'] = key_id
-
- def set_primary_key(self, person, commit = True):
- """
- Set the primary key for a person
- """
-
- assert 'key_id' in self
- assert isinstance(person, PLC.Persons.Person)
- assert 'person_id' in person
-
- person_id = person['person_id']
- key_id = self['key_id']
- assert person_id in [self['person_id']]
-
- self.api.db.do("UPDATE person_key SET is_primary = False" \
- " WHERE person_id = %d " % person_id)
- self.api.db.do("UPDATE person_key SET is_primary = True" \
- " WHERE person_id = %d AND key_id = %d" \
- % (person_id, key_id) )
-
- if commit:
- self.api.db.commit()
-
- self['is_primary'] = True
-
- def delete(self, commit = True):
+ # Key must not be blacklisted
+ rows = self.api.db.selectall("SELECT 1 from keys" \
+ " WHERE key = %(key)s" \
+ " AND is_blacklisted IS True",
+ locals())
+ if rows:
+ raise PLCInvalidArgument, "Key is blacklisted and cannot be used"
+
+ return key
+
+ def validate(self):
+ # Basic validation
+ Row.validate(self)
+
+ assert 'key' in self
+ key = self['key']
+
+ if self['key_type'] == 'ssh':
+ # Accept only SSH version 2 keys without options. From
+ # sshd(8):
+ #
+ # Each protocol version 2 public key consists of: options,
+ # keytype, base64 encoded key, comment. The options field
+ # is optional...The comment field is not used for anything
+ # (but may be convenient for the user to identify the
+ # key). For protocol version 2 the keytype is ``ssh-dss''
+ # or ``ssh-rsa''.
+
+ good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
+ if not re.match(good_ssh_key, key, re.IGNORECASE):
+ raise PLCInvalidArgument, "Invalid SSH version 2 public key"
+
+ def blacklist(self, commit = True):