Extend key error data

Clients can now more consistently tell the difference between a new key and a mismatch.
2025-04-10 09:45:16 +00:00 · 2016-02-21 14:44:31 -05:00 · 2016-02-21 14:44:31 -05:00 · 44103b31f8
commit 44103b31f8
parent 774d592eb4
3 changed files with 8 additions and 6 deletions
--- a/confluent_server/confluent/exceptions.py
+++ b/confluent_server/confluent/exceptions.py
@ -77,10 +77,12 @@ class PubkeyInvalid(ConfluentException):
    apierrorcode = 502
    apierrorstr = '502 - Invalid certificate or key on target'

-    def __init__(self, text, certificate, fingerprint, attribname):
+    def __init__(self, text, certificate, fingerprint, attribname, event):
        super(PubkeyInvalid, self).__init__(self, text)
        self.fingerprint = fingerprint
-        bodydata = {'fingerprint': fingerprint,
+        bodydata = {'message': text,
+                    'event': event,
+                    'fingerprint': fingerprint,
                    'fingerprintfield': attribname,
                    'certificate': base64.b64encode(certificate)}
        self.errorbody = json.dumps(bodydata)
--- a/confluent_server/confluent/plugins/shell/ssh.py
+++ b/confluent_server/confluent/plugins/shell/ssh.py
@ -43,7 +43,7 @@ class HostKeyHandler(paramiko.client.MissingHostKeyPolicy):
                    cfg[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
                raise cexc.PubkeyInvalid('New ssh key detected',
                                         key.asbytes(), fingerprint,
-                                         'pubkeys.ssh')
+                                         'pubkeys.ssh', 'newkey')
            auditlog = log.Logger('audit')
            auditlog.log({'node': self.node, 'event': 'sshautoadd',
                          'fingerprint': fingerprint})
@ -54,7 +54,7 @@ class HostKeyHandler(paramiko.client.MissingHostKeyPolicy):
            return True
        raise cexc.PubkeyInvalid(
            'Mismatched SSH host key detected', key.asbytes(), fingerprint,
-                'pubkeys.ssh'
+                'pubkeys.ssh', 'mismatch'
        )


--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@ -82,7 +82,7 @@ class TLSCertVerifier(object):
                # manually
                raise cexc.PubkeyInvalid('New certificate detected',
                                         certificate, fingerprint,
-                                         self.fieldname)
+                                         self.fieldname, 'newkey')
            # since the policy is not manual, go ahead and add new key
            # after logging to audit log
            auditlog = log.Logger('audit')
@ -95,4 +95,4 @@ class TLSCertVerifier(object):
            return True
        raise cexc.PubkeyInvalid(
            'Mismatched certificate detected', certificate, fingerprint,
-            self.fieldname)
+            self.fieldname, 'mismatch')