Back to index

obnam  1.1
Public Member Functions | Public Attributes | Private Member Functions | Private Attributes | Static Private Attributes
obnamlib.plugins.encryption_plugin.EncryptionPlugin Class Reference
Inheritance diagram for obnamlib.plugins.encryption_plugin.EncryptionPlugin:
Inheritance graph
[legend]
Collaboration diagram for obnamlib.plugins.encryption_plugin.EncryptionPlugin:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def enable
def disable
def keyid
def pubkey
def devrandom
def symmetric_key_bits
def toplevel_init
def filter_read
def filter_write
def get_symmetric_key
def read_keyring
def write_keyring
def add_to_userkeys
def remove_from_userkeys
def add_client
def quit_if_unencrypted
def client_keys
def list_keys
def list_toplevels
def add_key
def remove_key
def remove_client

Public Attributes

 tag

Private Member Functions

def _write_file
def _overwrite_file
def _find_keys_and_toplevels
def _find_clientdirs

Private Attributes

 _pubkey
 _symkeys

Static Private Attributes

list _shared = ['chunklist', 'chunks', 'chunksums', 'clientlist']

Detailed Description

Definition at line 23 of file encryption_plugin.py.


Member Function Documentation

def obnamlib.plugins.encryption_plugin.EncryptionPlugin._find_clientdirs (   self,
  repo,
  client_names 
) [private]

Definition at line 221 of file encryption_plugin.py.

00221 
00222     def _find_clientdirs(self, repo, client_names):
00223         return [repo.client_dir(repo.clientlist.get_client_id(x))
00224                  for x in client_names]

Here is the caller graph for this function:

Definition at line 186 of file encryption_plugin.py.

00186 
00187     def _find_keys_and_toplevels(self, repo):
00188         toplevels = repo.fs.listdir('.')
00189         keys = dict()
00190         tops = dict()
00191         for toplevel in [d for d in toplevels if d != 'metadata']:
00192             userkeys = self.read_keyring(repo, toplevel)
00193             for keyid in userkeys.keyids():
00194                 keys[keyid] = keys.get(keyid, []) + [toplevel]
00195                 tops[toplevel] = tops.get(toplevel, []) + [keyid]
00196         return keys, tops

Here is the call graph for this function:

Here is the caller graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin._overwrite_file (   self,
  repo,
  pathname,
  contents 
) [private]

Definition at line 96 of file encryption_plugin.py.

00096 
00097     def _overwrite_file(self, repo, pathname, contents):
00098         repo.fs.fs.overwrite_file(pathname, contents)

Here is the caller graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin._write_file (   self,
  repo,
  pathname,
  contents 
) [private]

Definition at line 93 of file encryption_plugin.py.

00093 
00094     def _write_file(self, repo, pathname, contents):
00095         repo.fs.fs.write_file(pathname, contents)

Here is the caller graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin.add_client (   self,
  clientlist,
  client_name 
)

Definition at line 164 of file encryption_plugin.py.

00164 
00165     def add_client(self, clientlist, client_name):
00166         clientlist.set_client_keyid(client_name, self.keyid)

Here is the call graph for this function:

Add a key to the repository.

Definition at line 225 of file encryption_plugin.py.

00225 
00226     def add_key(self, args):
00227         '''Add a key to the repository.'''
00228         if self.quit_if_unencrypted():
00229             return
00230         self.app.settings.require('keyid')
00231         repo = self.app.open_repository()
00232         keyid = self.app.settings['keyid']
00233         key = obnamlib.get_public_key(keyid)
00234         clients = self._find_clientdirs(repo, args)
00235         for toplevel in self._shared + clients:
00236             self.add_to_userkeys(repo, toplevel, key)

Here is the call graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin.add_to_userkeys (   self,
  repo,
  toplevel,
  public_key 
)

Definition at line 149 of file encryption_plugin.py.

00149 
00150     def add_to_userkeys(self, repo, toplevel, public_key):
00151         userkeys = self.read_keyring(repo, toplevel)
00152         userkeys.add(public_key)
00153         self.write_keyring(repo, toplevel, userkeys)

Here is the call graph for this function:

Here is the caller graph for this function:

List clients and their keys in the repository.

Definition at line 174 of file encryption_plugin.py.

00174 
00175     def client_keys(self, args):
00176         '''List clients and their keys in the repository.'''
00177         if self.quit_if_unencrypted():
00178             return
00179         repo = self.app.open_repository()
00180         clients = repo.list_clients()
00181         for client in clients:
00182             keyid = repo.clientlist.get_client_keyid(client)
00183             if keyid is None:
00184                 keyid = 'no key'
00185             print client, keyid

Here is the call graph for this function:

Definition at line 83 of file encryption_plugin.py.

00083 
00084     def devrandom(self):
00085         if self.app.settings['weak-random']:
00086             return '/dev/urandom'
00087         else:
00088             return '/dev/random'

Here is the caller graph for this function:

Definition at line 69 of file encryption_plugin.py.

00069 
00070     def disable(self):
00071         self._symkeys.clear()

Definition at line 25 of file encryption_plugin.py.

00025 
00026     def enable(self):
00027         encryption_group = obnamlib.option_group['encryption'] = 'Encryption'
00028 
00029         self.app.settings.string(['encrypt-with'],
00030                                    'PGP key with which to encrypt data '
00031                                         'in the backup repository',
00032                                  group=encryption_group)
00033         self.app.settings.string(['keyid'],
00034                                    'PGP key id to add to/remove from '
00035                                         'the backup repository',
00036                                  group=encryption_group)
00037         self.app.settings.boolean(['weak-random'],
00038                                     'use /dev/urandom instead of /dev/random '
00039                                         'to generate symmetric keys',
00040                                  group=encryption_group)
00041         self.app.settings.string(['symmetric-key-bits'],
00042                                    'size of symmetric key, in bits',
00043                                  group=encryption_group)
00044         
00045         self.tag = "encrypt1"
00046 
00047         hooks = [
00048             ('repository-toplevel-init', self.toplevel_init,
00049              obnamlib.Hook.DEFAULT_PRIORITY),
00050             ('repository-data', self,
00051              obnamlib.Hook.LATE_PRIORITY),
00052             ('repository-add-client', self.add_client,
00053              obnamlib.Hook.DEFAULT_PRIORITY),
00054         ]
00055         for name, callback, rev in hooks:
00056             self.app.hooks.add_callback(name, callback, rev)
00057             
00058         self._pubkey = None
00059         
00060         self.app.add_subcommand('client-keys', self.client_keys)
00061         self.app.add_subcommand('list-keys', self.list_keys)
00062         self.app.add_subcommand('list-toplevels', self.list_toplevels)
00063         self.app.add_subcommand('add-key', self.add_key)
00064         self.app.add_subcommand('remove-key', self.remove_key)
00065         self.app.add_subcommand('remove-client', self.remove_client,
00066                                 arg_synopsis='[CLIENT-NAME]...')
00067         
00068         self._symkeys = obnamlib.SymmetricKeyCache()
        
def obnamlib.plugins.encryption_plugin.EncryptionPlugin.filter_read (   self,
  encrypted,
  repo,
  toplevel 
)

Definition at line 118 of file encryption_plugin.py.

00118 
00119     def filter_read(self, encrypted, repo, toplevel):
00120         if not self.keyid:
00121             return encrypted
00122         symmetric_key = self.get_symmetric_key(repo, toplevel)
00123         return obnamlib.decrypt_symmetric(encrypted, symmetric_key)

Here is the call graph for this function:

Here is the caller graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin.filter_write (   self,
  cleartext,
  repo,
  toplevel 
)

Definition at line 124 of file encryption_plugin.py.

00124 
00125     def filter_write(self, cleartext, repo, toplevel):
00126         if not self.keyid:
00127             return cleartext
00128         symmetric_key = self.get_symmetric_key(repo, toplevel)
00129         return obnamlib.encrypt_symmetric(cleartext, symmetric_key)

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 130 of file encryption_plugin.py.

00130 
00131     def get_symmetric_key(self, repo, toplevel):
00132         key = self._symkeys.get(repo, toplevel)
00133         if key is None:
00134             encoded = repo.fs.fs.cat(os.path.join(toplevel, 'key'))
00135             key = obnamlib.decrypt_with_secret_keys(encoded)
00136             self._symkeys.put(repo, toplevel, key)
00137         return key

Here is the caller graph for this function:

Definition at line 73 of file encryption_plugin.py.

00073 
00074     def keyid(self):
00075         return self.app.settings['encrypt-with']
        

Here is the caller graph for this function:

List keys and the repository toplevels they're used in.

Definition at line 197 of file encryption_plugin.py.

00197 
00198     def list_keys(self, args):
00199         '''List keys and the repository toplevels they're used in.'''
00200         if self.quit_if_unencrypted():
00201             return
00202         repo = self.app.open_repository()
00203         keys, tops = self._find_keys_and_toplevels(repo)
00204         for keyid in keys:
00205             print 'key: %s' % keyid
00206             for toplevel in keys[keyid]:
00207                 print '  %s' % toplevel

Here is the call graph for this function:

List repository toplevel directories and their keys.

Definition at line 208 of file encryption_plugin.py.

00208 
00209     def list_toplevels(self, args):
00210         '''List repository toplevel directories and their keys.'''
00211         if self.quit_if_unencrypted():
00212             return
00213         repo = self.app.open_repository()
00214         keys, tops = self._find_keys_and_toplevels(repo)
00215         for toplevel in tops:
00216             print 'toplevel: %s' % toplevel
00217             for keyid in tops[toplevel]:
00218                 print '  %s' % keyid

Here is the call graph for this function:

Definition at line 77 of file encryption_plugin.py.

00077 
00078     def pubkey(self):
00079         if self._pubkey is None:
00080             self._pubkey = obnamlib.get_public_key(self.keyid)
00081         return self._pubkey
        

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 167 of file encryption_plugin.py.

00167 
00168     def quit_if_unencrypted(self):
00169         if self.app.settings['encrypt-with']:
00170             return False
00171         self.app.output.write('Warning: Encryption not in use.\n')
00172         self.app.output.write('(Use --encrypt-with to set key.)\n')
00173         return True

Here is the caller graph for this function:

Definition at line 138 of file encryption_plugin.py.

00138 
00139     def read_keyring(self, repo, toplevel):
00140         encrypted = repo.fs.fs.cat(os.path.join(toplevel, 'userkeys'))
00141         encoded = self.filter_read(encrypted, repo, toplevel)
00142         return obnamlib.Keyring(encoded=encoded)

Here is the call graph for this function:

Here is the caller graph for this function:

Remove client and its key from repository.

Definition at line 248 of file encryption_plugin.py.

00248 
00249     def remove_client(self, args):
00250         '''Remove client and its key from repository.'''
00251         if self.quit_if_unencrypted():
00252             return
00253         repo = self.app.open_repository()
00254         repo.lock_root()
00255         for client_name in args:
00256             logging.info('removing client %s' % client_name)
00257             repo.remove_client(client_name)
00258         repo.commit_root()
00259 

Here is the call graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin.remove_from_userkeys (   self,
  repo,
  toplevel,
  keyid 
)

Definition at line 154 of file encryption_plugin.py.

00154 
00155     def remove_from_userkeys(self, repo, toplevel, keyid):
00156         userkeys = self.read_keyring(repo, toplevel)
00157         if keyid in userkeys:
00158             logging.debug('removing key %s from %s' % (keyid, toplevel))
00159             userkeys.remove(keyid)
00160             self.write_keyring(repo, toplevel, userkeys)
00161         else:
00162             logging.debug('unable to remove key %s from %s (not there)' %
00163                           (keyid, toplevel))

Here is the call graph for this function:

Here is the caller graph for this function:

Remove a key from the repository.

Definition at line 237 of file encryption_plugin.py.

00237 
00238     def remove_key(self, args):
00239         '''Remove a key from the repository.'''
00240         if self.quit_if_unencrypted():
00241             return
00242         self.app.settings.require('keyid')
00243         repo = self.app.open_repository()
00244         keyid = self.app.settings['keyid']
00245         clients = self._find_clientdirs(repo, args)
00246         for toplevel in self._shared + clients:
00247             self.remove_from_userkeys(repo, toplevel, keyid)

Here is the call graph for this function:

Definition at line 90 of file encryption_plugin.py.

00090 
00091     def symmetric_key_bits(self):
00092         return int(self.app.settings['symmetric-key-bits'] or '256')

Here is the caller graph for this function:

Initialize a new toplevel for encryption.

Definition at line 99 of file encryption_plugin.py.

00099 
00100     def toplevel_init(self, repo, toplevel):
00101         '''Initialize a new toplevel for encryption.'''
00102         
00103         if not self.keyid:
00104             return
00105         
00106         pubkeys = obnamlib.Keyring()
00107         pubkeys.add(self.pubkey)
00108 
00109         symmetric_key = obnamlib.generate_symmetric_key(
00110                                 self.symmetric_key_bits,
00111                                 filename=self.devrandom)
00112         encrypted = obnamlib.encrypt_with_keyring(symmetric_key, pubkeys)
00113         self._write_file(repo, os.path.join(toplevel, 'key'), encrypted)
00114 
00115         encoded = str(pubkeys)
00116         encrypted = obnamlib.encrypt_symmetric(encoded, symmetric_key)
00117         self._write_file(repo, os.path.join(toplevel, 'userkeys'), encrypted)

Here is the call graph for this function:

def obnamlib.plugins.encryption_plugin.EncryptionPlugin.write_keyring (   self,
  repo,
  toplevel,
  keyring 
)

Definition at line 143 of file encryption_plugin.py.

00143 
00144     def write_keyring(self, repo, toplevel, keyring):
00145         encoded = str(keyring)
00146         encrypted = self.filter_write(encoded, repo, toplevel)
00147         pathname = os.path.join(toplevel, 'userkeys')
00148         self._overwrite_file(repo, pathname, encrypted)

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

Definition at line 57 of file encryption_plugin.py.

list obnamlib.plugins.encryption_plugin.EncryptionPlugin._shared = ['chunklist', 'chunks', 'chunksums', 'clientlist'] [static, private]

Definition at line 219 of file encryption_plugin.py.

Definition at line 67 of file encryption_plugin.py.

Definition at line 44 of file encryption_plugin.py.


The documentation for this class was generated from the following file: