def __init__(self, initializer=None, allow_prompt=None): if isinstance(initializer, RSAPrivateKey): initializer = initializer._value # pylint: disable=protected-access if initializer is None: super(RSAPrivateKey, self).__init__(None) return if isinstance(initializer, rsa.RSAPrivateKey): super(RSAPrivateKey, self).__init__(initializer) return if isinstance(initializer, Text): initializer = initializer.encode("ascii") if not isinstance(initializer, bytes): raise rdfvalue.InitializeError("Cannot initialize %s from %s." % (self.__class__, initializer)) try: value = serialization.load_pem_private_key(initializer, password=None, backend=openssl.backend) super(RSAPrivateKey, self).__init__(value) return except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: if "private key is encrypted" not in str(e): raise type_info.TypeValueError("Private key invalid: %s" % e) # The private key is passphrase protected, we need to see if we are # allowed to ask the user. # # In the case where allow_prompt was not set at all, we use the context # we are in to see if it makes sense to ask. if allow_prompt is None: # TODO(user): dependency loop with # core/grr_response_core/grr/config/client.py. # pylint: disable=protected-access if "Commandline Context" not in config_lib._CONFIG.context: raise type_info.TypeValueError("Private key invalid: %s" % e) # pylint: enable=protected-access # Otherwise, if allow_prompt is False, we are explicitly told that we are # not supposed to ask the user. elif not allow_prompt: raise type_info.TypeValueError("Private key invalid: %s" % e) try: # The private key is encrypted and we can ask the user for the passphrase. password = utils.PassphraseCallback() value = serialization.load_pem_private_key(initializer, password=password, backend=openssl.backend) super(RSAPrivateKey, self).__init__(value) except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: raise type_info.TypeValueError("Unable to load private key: %s" % e)
def ParseFromString(self, pem_string): precondition.AssertType(pem_string, bytes) try: self._value = serialization.load_pem_private_key( pem_string, password=None, backend=openssl.backend) return except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: if "private key is encrypted" not in str(e): raise type_info.TypeValueError("Private key invalid: %s" % e) # pylint: disable=g-explicit-bool-comparison, g-equals-none # The private key is passphrase protected, we need to see if we are # allowed to ask the user. # # If allow_prompt is False, we are explicitly told that we are not. if self.allow_prompt == False: raise type_info.TypeValueError("Private key invalid: %s" % e) # allow_prompt was not set, we use the context we are in to see if it # makes sense to ask. elif self.allow_prompt == None: # TODO(user): dependency loop with # core/grr_response_core/grr/config/client.py. # pylint: disable=protected-access if "Commandline Context" not in config_lib._CONFIG.context: raise type_info.TypeValueError("Private key invalid: %s" % e) # pylint: enable=protected-access # pylint: enable=g-explicit-bool-comparison, g-equals-none try: # The private key is encrypted and we can ask the user for the passphrase. password = utils.PassphraseCallback() self._value = serialization.load_pem_private_key( pem_string, password=password, backend=openssl.backend) except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e: raise type_info.TypeValueError("Unable to load private key: %s" % e)