Source code for insights.parsers.crypto_policies

"""
crypto-policies - files in ``/etc/crypto-policies/back-ends/``
==============================================================

This is a collection of parsers that all deal with the generated configuration
files under the ``/etc/crypto-policies/back-ends/`` folder.  Parsers included
in this module are:

CryptoPoliciesConfig - file ``/etc/crypto-policies/config``
-----------------------------------------------------------

CryptoPoliciesStateCurrent - file ``/etc/crypto-policies/state/current``
------------------------------------------------------------------------

CryptoPoliciesOpensshserver - file ``/etc/crypto-policies/back-ends/opensshserver.config``
------------------------------------------------------------------------------------------

CryptoPoliciesBind - file ``/etc/crypto-policies/back-ends/bind.config``
------------------------------------------------------------------------
"""
from insights.core import Parser
from insights.core.exceptions import SkipComponent
from insights.core.plugins import parser
from insights.parsers import get_active_lines
from insights.specs import Specs


[docs] @parser(Specs.crypto_policies_config) class CryptoPoliciesConfig(Parser): """ This parser reads the ``/etc/crypto-policies/config`` file. The contents of the file is a single-line value, available in the ``value`` property. Sample Input:: LEGACY Examples: >>> cp_c.value 'LEGACY' """
[docs] def parse_content(self, content): if not content: raise SkipComponent("/etc/crypto-policies/config is empty") self.value = get_active_lines(content)[0]
[docs] @parser(Specs.crypto_policies_state_current) class CryptoPoliciesStateCurrent(Parser): """ This parser reads the ``/etc/crypto-policies/state/current`` file. The contents of the file is a single-line value, available in the ``value`` property. Sample Input:: LEGACY Examples: >>> cp_sc.value 'LEGACY' """
[docs] def parse_content(self, content): if not content: raise SkipComponent("/etc/crypto-policies/state/current is empty") self.value = get_active_lines(content)[0]
[docs] @parser(Specs.crypto_policies_opensshserver) class CryptoPoliciesOpensshserver(Parser, dict): """ This parser reads the ``/etc/crypto-policies/back-ends/opensshserver.config`` file. Sample Input on RHEL8:: CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,3des-cbc -oMACs=umac-128-etm@openssh.com' Sample Input on RHEL9:: Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 Examples: >>> 'CRYPTO_POLICY' in cp_os True >>> cp_os.options {'Ciphers': 'aes256-gcm@openssh.com,3des-cbc', 'MACs': 'umac-128-etm@openssh.com'} """
[docs] def parse_content(self, content): if not content: raise SkipComponent("/etc/crypto-policies/back-ends/opensshserver.config is empty") result = {} for line in get_active_lines(content): if "=" in line: key, value = line.split('=', 1) result[key.strip()] = value.strip("' ") elif line[0].isupper(): key, value = line.split(' ', 1) result[key.strip()] = value.strip() self.update(result)
@property def options(self): """return the configuratios as dict format""" whole_configuration = self.get('CRYPTO_POLICY', None) if whole_configuration and whole_configuration.startswith("-o"): result = {} configurations = whole_configuration.split("-o") for item in configurations[1:]: key, value = item.split("=", 1) result[key.strip()] = value.strip() return result else: return self
[docs] @parser(Specs.crypto_policies_bind) class CryptoPoliciesBind(Parser): """ This parser reads the ``/etc/crypto-policies/back-ends/bind.config`` file. The sections ``disable-algorithms`` and ``disable-ds-digests`` are in the properties ``disable_algorithms`` and ``disable_ds_digests``. Sample Input:: disable-algorithms "." { RSAMD5; DSA; }; disable-ds-digests "." { GOST; }; Examples: >>> 'GOST' in cp_bind.disable_ds_digests True >>> cp_bind.disable_algorithms ['RSAMD5', 'DSA'] """
[docs] def parse_content(self, content): if not content: raise SkipComponent("/etc/crypto-policies/back-ends/bind.config is empty") self.value = content in_da = False in_ddd = False da = [] ddd = [] for line in self.value: if line.strip().lower().startswith("disable-algorithms"): in_da = True continue if line.strip().lower().startswith("disable-ds-digests"): in_ddd = True continue if line.strip().startswith("}"): in_da = False in_ddd = False continue algo = line.strip().strip(''';'"''') if in_da: da.append(algo) if in_ddd: ddd.append(algo) self.disable_algorithms = da self.disable_ds_digests = ddd