jumpserver/apps/assets/serializers/base.py

# -*- coding: utf-8 -*-
#
from io import StringIO

from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers

from common.utils import ssh_pubkey_gen, ssh_private_key_gen, validate_ssh_private_key
from common.drf.fields import EncryptedField
from .utils import validate_password_for_ansible


class AuthValidateMixin(serializers.Serializer):
    password = EncryptedField(
        label=_('Password'), required=False, allow_blank=True, allow_null=True,
        max_length=1024, validators=[validate_password_for_ansible]
    )
    private_key = EncryptedField(
        label=_('SSH private key'), required=False, allow_blank=True,
        allow_null=True, max_length=16384
    )
    passphrase = serializers.CharField(
        allow_blank=True, allow_null=True, required=False, max_length=512,
        write_only=True, label=_('Key password')
    )

    def validate_private_key(self, private_key):
        if not private_key:
            return
        passphrase = self.initial_data.get('passphrase')
        passphrase = passphrase if passphrase else None
        valid = validate_ssh_private_key(private_key, password=passphrase)
        if not valid:
            raise serializers.ValidationError(_("private key invalid or passphrase error"))

        private_key = ssh_private_key_gen(private_key, password=passphrase)
        string_io = StringIO()
        private_key.write_private_key(string_io)
        private_key = string_io.getvalue()
        return private_key

    @staticmethod
    def clean_auth_fields(validated_data):
        for field in ('password', 'private_key', 'public_key'):
            value = validated_data.get(field)
            if not value:
                validated_data.pop(field, None)
        validated_data.pop('passphrase', None)

    @staticmethod
    def _validate_gen_key(attrs):
        private_key = attrs.get('private_key')
        if not private_key:
            return attrs

        password = attrs.get('passphrase')
        username = attrs.get('username')
        public_key = ssh_pubkey_gen(private_key, password=password, username=username)
        attrs['public_key'] = public_key
        return attrs

    def validate(self, attrs):
        attrs = self._validate_gen_key(attrs)
        return super().validate(attrs)

    def create(self, validated_data):
        self.clean_auth_fields(validated_data)
        return super().create(validated_data)

    def update(self, instance, validated_data):
        self.clean_auth_fields(validated_data)
        return super().update(instance, validated_data)