|
2 | 2 | import logging |
3 | 3 | import os |
4 | 4 | import requests |
5 | | -import sys |
6 | 5 | import time |
7 | 6 |
|
8 | | -from cryptography.hazmat.backends import default_backend |
9 | | -from cryptography.hazmat.primitives import serialization |
10 | | -from cryptography.hazmat.primitives.asymmetric import ec |
11 | | -from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key |
12 | | - |
13 | 7 | from .exception import JWKException |
14 | 8 | from .exception import UnknownKeyType |
15 | 9 | from .exception import UpdateFailed |
16 | 10 | from .jwk.hmac import SYMKey |
17 | 11 | from .jwk.ec import ECKey |
18 | | -from .jwk.ec import NIST2SEC |
| 12 | +from .jwk.ec import new_ec_key |
| 13 | +from .jwk.rsa import new_rsa_key |
19 | 14 | from .jwk.rsa import RSAKey |
20 | 15 | from .jwk.rsa import import_private_rsa_key_from_file |
21 | 16 | from .utils import as_unicode |
@@ -56,104 +51,57 @@ def harmonize_usage(use): |
56 | 51 | return list(set([MAP[u] for u in use if u in ul])) |
57 | 52 |
|
58 | 53 |
|
59 | | -def create_and_store_rsa_key_pair(name="oidcmsg", path=".", size=2048, use=''): |
60 | | - """ |
61 | | - Mints a new RSA key pair and stores it in a file. |
62 | | - |
63 | | - :param name: Name of the key file. 2 files will be created one with |
64 | | - the private key the name without extension and the other containing |
65 | | - the public key with '.pub' as extension. |
66 | | - :param path: Path to where the key files are stored |
67 | | - :param size: RSA key size |
68 | | - :return: RSA key |
69 | | - """ |
70 | | - |
71 | | - key = generate_private_key(public_exponent=65537, key_size=size, |
72 | | - backend=default_backend()) |
73 | | - |
74 | | - os.makedirs(path, exist_ok=True) |
75 | | - |
76 | | - if name: |
77 | | - if use: |
78 | | - name = '{}_{}'.format(name, use) |
79 | | - |
80 | | - pem = key.private_bytes( |
81 | | - encoding = serialization.Encoding.PEM, |
82 | | - format = serialization.PrivateFormat.PKCS8, |
83 | | - encryption_algorithm = serialization.NoEncryption()) |
84 | | - |
85 | | - with open(os.path.join(path, name), 'wb') as f: |
86 | | - f.write(pem) |
87 | | - |
88 | | - public_key = key.public_key() |
89 | | - pub_pem = public_key.public_bytes( |
90 | | - encoding = serialization.Encoding.PEM, |
91 | | - format = serialization.PublicFormat.SubjectPublicKeyInfo) |
92 | | - |
93 | | - with open(os.path.join(path, '{}.pub'.format(name)), 'wb') as f: |
94 | | - f.write(pub_pem) |
95 | | - |
96 | | - return key |
97 | | - |
98 | | - |
99 | 54 | def rsa_init(spec): |
100 | 55 | """ |
101 | 56 | Initiates a :py:class:`oidcmsg.keybundle.KeyBundle` instance |
102 | 57 | containing newly minted RSA keys according to a spec. |
103 | 58 | |
104 | 59 | Example of specification:: |
105 | | - {'name': 'myrsakey', 'path': 'keystore', 'size':2048, |
106 | | - 'use': ['enc', 'sig'] } |
| 60 | + {'size':2048, 'use': ['enc', 'sig'] } |
107 | 61 | |
108 | 62 | Using the spec above 2 RSA keys would be minted, one for |
109 | 63 | encryption and one for signing. |
110 | 64 | |
111 | 65 | :param spec: |
112 | 66 | :return: KeyBundle |
113 | 67 | """ |
114 | | - if 'name' not in spec: |
115 | | - try: |
116 | | - _key_name = spec['key'] |
117 | | - except KeyError: |
118 | | - pass |
119 | | - else: |
120 | | - if '/' in _key_name: |
121 | | - (head, tail) = os.path.split(spec['key']) |
122 | | - spec['path'] = head |
123 | | - spec['name'] = tail |
124 | | - else: |
125 | | - spec['name'] = _key_name |
126 | 68 |
|
127 | | - arg = {} |
128 | | - for param in ["name", "path", "size"]: |
129 | | - try: |
130 | | - arg[param] = spec[param] |
131 | | - except KeyError: |
132 | | - pass |
| 69 | + try: |
| 70 | + size = spec['size'] |
| 71 | + except KeyError: |
| 72 | + size = 2048 |
133 | 73 |
|
134 | 74 | kb = KeyBundle(keytype="RSA") |
135 | | - for use in harmonize_usage(spec["use"]): |
136 | | - _key = create_and_store_rsa_key_pair(use=use, **arg) |
137 | | - kb.append(RSAKey(use=use, priv_key=_key)) |
| 75 | + if 'use' in spec: |
| 76 | + for use in harmonize_usage(spec["use"]): |
| 77 | + _key = new_rsa_key(use=use, key_size=size) |
| 78 | + kb.append(_key) |
| 79 | + else: |
| 80 | + _key = new_rsa_key(key_size=size) |
| 81 | + kb.append(_key) |
| 82 | + |
138 | 83 | return kb |
139 | 84 |
|
140 | 85 |
|
141 | 86 | def ec_init(spec): |
142 | 87 | """ |
143 | | - Initiate a keybundle with an elliptic curve key. |
| 88 | + Initiate a key bundle with an elliptic curve key. |
144 | 89 |
|
145 | 90 | :param spec: Key specifics of the form:: |
146 | 91 | {"type": "EC", "crv": "P-256", "use": ["sig"]} |
147 | 92 |
|
148 | 93 | :return: A KeyBundle instance |
149 | 94 | """ |
150 | 95 |
|
151 | | - _key = ec.generate_private_key(NIST2SEC[spec['crv']], default_backend()) |
152 | | - |
153 | | - kb = KeyBundle(keytype="EC", keyusage=spec["use"]) |
154 | | - for use in spec["use"]: |
155 | | - eck = ECKey(use=use).load_key(_key) |
| 96 | + kb = KeyBundle(keytype="EC") |
| 97 | + if 'use' in spec: |
| 98 | + for use in spec["use"]: |
| 99 | + eck = new_ec_key(crv=spec['crv'], use=use) |
| 100 | + kb.append(eck) |
| 101 | + else: |
| 102 | + eck = new_ec_key(crv=spec['crv']) |
156 | 103 | kb.append(eck) |
| 104 | + |
157 | 105 | return kb |
158 | 106 |
|
159 | 107 |
|
|
0 commit comments