Fix to_pem for private keys to support both PKCS#1 and PKCS#8.

Gasper Zejn · Gasper Zejn · commit 90443549f6e1 · 2018-01-15T14:10:37.000+01:00
diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py
@@ -282,16 +282,23 @@ def public_key(self):
             return self
         return self.__class__(self.prepared_key.public_key(), self._algorithm)
 
-    def to_pem(self):
+    def to_pem(self, pem_format='PKCS8'):
         if self.is_public():
             return self.prepared_key.public_bytes(
                 encoding=serialization.Encoding.PEM,
                 format=serialization.PublicFormat.SubjectPublicKeyInfo
             )
 
+        if pem_format == 'PKCS8':
+            fmt = serialization.PrivateFormat.PKCS8
+        elif pem_format == 'PKCS1':
+            fmt = serialization.PrivateFormat.TraditionalOpenSSL
+        else:
+            raise ValueError("Invalid format specified: %r" % pem_format)
+
         return self.prepared_key.private_bytes(
             encoding=serialization.Encoding.PEM,
-            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            format=fmt,
             encryption_algorithm=serialization.NoEncryption()
         )
 
diff --git a/jose/backends/pycrypto_backend.py b/jose/backends/pycrypto_backend.py
@@ -140,16 +140,15 @@ def public_key(self):
             return self
         return self.__class__(self.prepared_key.publickey(), self._algorithm)
 
-    def to_pem(self):
-        pem = self.prepared_key.exportKey('PEM', pkcs=1)
-
-        # pycryptodome fix
-        begin = b'-----BEGIN RSA PUBLIC KEY-----'
-        end = b'-----END RSA PUBLIC KEY-----'
-        if pem.startswith(begin) and pem.strip().endswith(end):
-            pem = b'-----BEGIN PUBLIC KEY-----' + pem.strip()[len(begin):-len(end)] + b'-----END PUBLIC KEY-----'
-        if not pem.endswith(b'\n'):
-            pem = pem + b'\n'
+    def to_pem(self, pem_format='PKCS8'):
+        if pem_format == 'PKCS8':
+            pkcs = 8
+        elif pem_format == 'PKCS1':
+            pkcs = 1
+        else:
+            raise ValueError("Invalid pem format specified: %r" % (pem_format,))
+
+        pem = self.prepared_key.exportKey('PEM', pkcs=pkcs)
         return pem
 
     def to_dict(self):
diff --git a/jose/backends/rsa_backend.py b/jose/backends/rsa_backend.py
@@ -1,4 +1,5 @@
 import rsa as pyrsa
+import rsa.pem as pyrsa_pem
 import six
 
 from jose.backends.base import Key
@@ -7,6 +8,7 @@
 from jose.utils import base64_to_long, long_to_base64
 
 
+PKCS8_RSA_HEADER = b'0\x82\x04\xbd\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00'
 # Functions gcd and rsa_recover_prime_factors were copied from cryptography 1.9
 # to enable pure python rsa module to be in compliance with section 6.3.1 of RFC7518
 # which requires only private exponent (d) for private key.
@@ -103,9 +105,20 @@ def __init__(self, key, algorithm):
                 self._prepared_key = pyrsa.PublicKey.load_pkcs1(key)
             except ValueError:
                 try:
-                    self._prepared_key = pyrsa.PrivateKey.load_pkcs1(key)
-                except ValueError as e:
-                    raise JWKError(e)
+                    self._prepared_key = pyrsa.PublicKey.load_pkcs1_openssl_pem(key)
+                except ValueError:
+                    try:
+                        self._prepared_key = pyrsa.PrivateKey.load_pkcs1(key)
+                    except ValueError:
+                        try:
+                            # python-rsa does not support PKCS8 yet so we have to manually remove OID
+                            der = pyrsa_pem.load_pem(key, b'PRIVATE KEY')
+                            header, der = der[:22], der[22:]
+                            if header != PKCS8_RSA_HEADER:
+                                raise ValueError("Invalid PKCS8 header")
+                            self._prepared_key = pyrsa.PrivateKey._load_pkcs1_der(der)
+                        except ValueError as e:
+                            raise JWKError(e)
             return
         raise JWKError('Unable to parse an RSA_JWK from key: %s' % key)
 
@@ -157,11 +170,17 @@ def public_key(self):
             return self
         return self.__class__(pyrsa.PublicKey(n=self._prepared_key.n, e=self._prepared_key.e), self._algorithm)
 
-    def to_pem(self):
+    def to_pem(self, pem_format='PKCS8'):
         import rsa.pem
 
         if isinstance(self._prepared_key, pyrsa.PrivateKey):
-            pem = self._prepared_key.save_pkcs1()
+            der = self._prepared_key.save_pkcs1(format='DER')
+            if pem_format == 'PKCS8':
+                pem = rsa.pem.save_pem(PKCS8_RSA_HEADER + der, pem_marker='PRIVATE KEY')
+            elif pem_format == 'PKCS1':
+                pem = rsa.pem.save_pem(der, pem_marker='RSA PRIVATE KEY')
+            else:
+                raise ValueError("Invalid pem format specified: %r" % (pem_format,))
         else:
             # this is a PKCS#8 DER header to identify rsaEncryption
             header = b'0\x82\x04\xbd\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00'
diff --git a/tests/algorithms/test_RSA.py b/tests/algorithms/test_RSA.py
@@ -176,7 +176,13 @@ def test_get_public_key(self, Backend):
     @pytest.mark.parametrize("Backend", [RSAKey, CryptographyRSAKey, PurePythonRSAKey])
     def test_to_pem(self, Backend):
         key = Backend(private_key, ALGORITHMS.RS256)
-        assert key.to_pem().strip() == private_key.strip()
+        assert key.to_pem(pem_format='PKCS1').strip() == private_key.strip()
+
+        pkcs8 = key.to_pem(pem_format='PKCS8').strip()
+        assert pkcs8 != private_key.strip()
+
+        newkey = Backend(pkcs8, ALGORITHMS.RS256)
+        assert newkey.to_pem(pem_format='PKCS1').strip() == private_key.strip()
 
     def assert_parameters(self, as_dict, private):
         assert isinstance(as_dict, dict)
