def test_rsa_loads():
_ckey = rsa_loads(open(KEY).read())
assert isinstance(_ckey, M2Crypto.RSA.RSA)
jwk = dump_jwk(_ckey)
print jwk
assert _eq(jwk.keys(), ["kty", "e", "n"])
assert jwk["n"] == '5zbNbHIYIkGGJ3RGdRKkYmF4gOorv5eDuUKTVtuu3VvxrpOWvwnFV-NY0LgqkQSMMyVzodJE3SUuwQTUHPXXY5784vnkFqzPRx6bHgPxKz7XfwQjEBTafQTMmOeYI8wFIOIHY5i0RWR-gxDbh_D5TXuUqScOOqR47vSpIbUH-nc'
assert jwk['e'] == 'AQAB'
def test_import_rsa_key():
_ckey = RSA.importKey(open(KEY, 'r').read())
assert isinstance(_ckey, _RSAobj)
jwk = dump_jwk(_ckey)
print jwk
assert _eq(jwk.keys(), ["kty", "e", "n"])
assert jwk["n"] == '5zbNbHIYIkGGJ3RGdRKkYmF4gOorv5eDuUKTVtuu3VvxrpOWvwnFV-NY0LgqkQSMMyVzodJE3SUuwQTUHPXXY5784vnkFqzPRx6bHgPxKz7XfwQjEBTafQTMmOeYI8wFIOIHY5i0RWR-gxDbh_D5TXuUqScOOqR47vSpIbUH-nc'
assert jwk['e'] == 'AQAB'
def main():
parser = argparse.ArgumentParser(description="Generate a new symmetric key and print it to stdout.")
parser.add_argument("-s", dest="wrap_keyset", action="store_true",
help="Wrap the generated key in a key set (JWKS).")
parser.add_argument("-n", dest="key_length", default=48, type=int, help="Length of the random string used as key.")
parser.add_argument("--kid", dest="kid", help="Key id.")
args = parser.parse_args()
key = dump_jwk(key=rndstr(args.key_length), kid=args.kid)
if args.wrap_keyset:
key_set = {"keys": [key]}
print(json.dumps(key_set))
else:
print(json.dumps(key))
def main():
parser = argparse.ArgumentParser(
description="Generate a new symmetric key and print it to stdout.")
parser.add_argument("-s",
dest="wrap_keyset",
action="store_true",
help="Wrap the generated key in a key set (JWKS).")
parser.add_argument("-n",
dest="key_length",
default=48,
type=int,
help="Length of the random string used as key.")
parser.add_argument("--kid", dest="kid", help="Key id.")
args = parser.parse_args()
key = dump_jwk(key=rndstr(args.key_length), kid=args.kid)
if args.wrap_keyset:
key_set = {"keys": [key]}
print(json.dumps(key_set))
else:
print(json.dumps(key))
def test_dumps():
_ckey = x509_rsa_loads(open(CERT).read())
jwk = dump_jwk(_ckey)
assert _eq(jwk.keys(), ["kty", "e", "n"])
def test_dumps():
_ckey = pem_cert2rsa(CERT)
jwk = dump_jwk(_ckey)
assert _eq(jwk.keys(), ["kty", "e", "n"])
def test_dumps():
_ckey = pem_cert2rsa(CERT)
jwk = dump_jwk(_ckey)
assert _eq(jwk.keys(), ["kty", "e", "n"])
def key_export(baseurl, local_path, vault, keyjar, fqdn="", **kwargs):
"""
:param baseurl: The base URL to which the key file names are added
:param local_path: Where on the machine the export files are kept
:param vault: Where the keys are kept
:param keyjar: Where to store the exported keys
:param fqdn: Fully qualified domain name
:return: 2-tuple: result of urlsplit and a dictionary with
parameter name as key and url and value
"""
part = urlparse.urlsplit(baseurl)
# deal with the export directory
if part.path.endswith("/"):
_path = part.path[:-1]
else:
_path = part.path[:]
local_path = proper_path("%s/%s" % (_path, local_path))
vault_path = proper_path(vault)
if not os.path.exists(vault_path):
os.makedirs(vault_path)
if not os.path.exists(local_path):
os.makedirs(local_path)
res = {}
# For each usage type
# type, usage, format (rsa, sign, jwt)
issuer_keys = {"sig": [], "ver": [], "enc": [], "dec": []}
for usage in ["sig", "enc"]:
if usage in kwargs:
if kwargs[usage] is None:
continue
_args = kwargs[usage]
if _args["alg"] == "rsa":
try:
_key = rsa_load('%s%s' % (vault_path, "pyoidc"))
except Exception:
devnull = open(os.devnull, 'w')
with RedirectStdStreams(stdout=devnull, stderr=devnull):
_key = create_and_store_rsa_key_pair(
path=vault_path)
# order is not arbitrary, make_cert messes with key
if "x509" in _args["format"]:
if usage == "sig":
_name = "x509_url"
else:
_name = "x509_encryption_url"
cert, _key = make_cert(2045, fqdn, _key)
# the local filename
_export_filename = "%s%s" % (local_path, "cert.pem")
cert.save(_export_filename)
_url = "%s://%s%s" % (part.scheme, part.netloc,
_export_filename[1:])
res[_name] = _url
rsa_key = rsa_load('%s%s' % (vault_path, "pyoidc"))
kc = KeyBundle({"rsa": rsa_key}, usage=[usage])
if usage == "sig":
kc.usage.append("ver")
elif usage == "enc":
kc.usage.append("dec")
if "jwk" in _args["format"]:
if usage == "sig":
_name = ("jwk.json", "jwk_url")
else:
_name = ("jwk_enc.json", "jwk_encryption_url")
# the local filename
_export_filename = "%s%s" % (local_path, _name[0])
f = open(_export_filename, "w")
f.write(dump_jwk([{"key":rsa_key, "use":usage}]))
f.close()
_url = "%s://%s%s" % (part.scheme, part.netloc,
_export_filename[1:])
res[_name[1]] = _url
if usage == "sig" and "enc" not in kwargs:
kc.usage.extend(["enc", "dec"])
try:
keyjar[""].append(kc)
except KeyError:
keyjar[""] = kc
return part, res