From 44103b31f80a7a29555ec92dea183768792cd172 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Sun, 21 Feb 2016 14:44:31 -0500
Subject: [PATCH] Extend key error data

Clients can now more consistently tell the difference between
a new key and a mismatch.
---
 confluent_server/confluent/exceptions.py        | 6 ++++--
 confluent_server/confluent/plugins/shell/ssh.py | 4 ++--
 confluent_server/confluent/util.py              | 4 ++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/confluent_server/confluent/exceptions.py b/confluent_server/confluent/exceptions.py
index 32d573ef..9bf7b623 100644
--- a/confluent_server/confluent/exceptions.py
+++ b/confluent_server/confluent/exceptions.py
@@ -77,10 +77,12 @@ class PubkeyInvalid(ConfluentException):
     apierrorcode = 502
     apierrorstr = '502 - Invalid certificate or key on target'
 
-    def __init__(self, text, certificate, fingerprint, attribname):
+    def __init__(self, text, certificate, fingerprint, attribname, event):
         super(PubkeyInvalid, self).__init__(self, text)
         self.fingerprint = fingerprint
-        bodydata = {'fingerprint': fingerprint,
+        bodydata = {'message': text,
+                    'event': event,
+                    'fingerprint': fingerprint,
                     'fingerprintfield': attribname,
                     'certificate': base64.b64encode(certificate)}
         self.errorbody = json.dumps(bodydata)
diff --git a/confluent_server/confluent/plugins/shell/ssh.py b/confluent_server/confluent/plugins/shell/ssh.py
index 4fc18116..6c336d98 100644
--- a/confluent_server/confluent/plugins/shell/ssh.py
+++ b/confluent_server/confluent/plugins/shell/ssh.py
@@ -43,7 +43,7 @@ class HostKeyHandler(paramiko.client.MissingHostKeyPolicy):
                     cfg[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
                 raise cexc.PubkeyInvalid('New ssh key detected',
                                          key.asbytes(), fingerprint,
-                                         'pubkeys.ssh')
+                                         'pubkeys.ssh', 'newkey')
             auditlog = log.Logger('audit')
             auditlog.log({'node': self.node, 'event': 'sshautoadd',
                           'fingerprint': fingerprint})
@@ -54,7 +54,7 @@ class HostKeyHandler(paramiko.client.MissingHostKeyPolicy):
             return True
         raise cexc.PubkeyInvalid(
             'Mismatched SSH host key detected', key.asbytes(), fingerprint,
-                'pubkeys.ssh'
+                'pubkeys.ssh', 'mismatch'
         )
 
 
diff --git a/confluent_server/confluent/util.py b/confluent_server/confluent/util.py
index 6c8f7422..67d1e0d0 100644
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@@ -82,7 +82,7 @@ class TLSCertVerifier(object):
                 # manually
                 raise cexc.PubkeyInvalid('New certificate detected',
                                          certificate, fingerprint,
-                                         self.fieldname)
+                                         self.fieldname, 'newkey')
             # since the policy is not manual, go ahead and add new key
             # after logging to audit log
             auditlog = log.Logger('audit')
@@ -95,4 +95,4 @@ class TLSCertVerifier(object):
             return True
         raise cexc.PubkeyInvalid(
             'Mismatched certificate detected', certificate, fingerprint,
-            self.fieldname)
+            self.fieldname, 'mismatch')