Ejemplo n.º 1
0
 def testUnwritableFile(self):
     # Owner has only read permission before write.
     os.chmod(self.cwd_path, stat.S_IRUSR)
     key_file_name = './private_key.pem'
     with self.assertRaises(exceptions.FileOutputError):
         private_key, _ = key_generation.RSAKeyGen()
         key_generation.ExportPrivateKey(key_file_name, private_key)
Ejemplo n.º 2
0
    def testFileExport(self):
        key_file_name = './private_key2.pem'
        private_key, _ = key_generation.RSAKeyGen()
        key_generation.ExportPrivateKey(key_file_name, private_key)
        self.AssertFileExists(key_file_name)
        self.AssertFileMatches(RSA_PRIVATE_RE, key_file_name)
        self.AssertLogContains(
            'A private key was exported to {}'.format(key_file_name))

        # Check that file is 0o400 after export
        st = os.stat(key_file_name)
        oct_perm = oct(st.st_mode)
        self.assertEqual(oct_perm, oct(0o100400))
Ejemplo n.º 3
0
    def _GenerateCertificateConfig(self, request, args, location):
        private_key, public_key = key_generation.RSAKeyGen(2048)
        key_generation.ExportPrivateKey(args.key_output_file, private_key)

        config = self.messages.CertificateConfig()
        config.publicKey = self.messages.PublicKey()
        config.publicKey.key = public_key
        config.publicKey.type = self.messages.PublicKey.TypeValueValuesEnum.PEM_RSA_KEY
        config.reusableConfig = flags.ParseReusableConfig(
            args, location, is_ca_command=args.is_ca_cert)
        config.subjectConfig = flags.ParseSubjectFlags(args,
                                                       is_ca=args.is_ca_cert)

        return config
Ejemplo n.º 4
0
  def _GenerateCertificateConfig(self, request, args):
    messages = privateca_base.GetMessagesModule()
    private_key, public_key = key_generation.RSAKeyGen(2048)
    key_generation.ExportPrivateKey(args.key_output_file, private_key)

    config = messages.CertificateConfig()
    config.publicKey = messages.PublicKey()
    config.publicKey.key = public_key
    config.publicKey.type = messages.PublicKey.TypeValueValuesEnum.PEM_RSA_KEY
    config.reusableConfig = flags.ParseReusableConfig(args)

    config.subjectConfig = flags.ParseSubjectFlags(args, is_ca=False)

    return config
Ejemplo n.º 5
0
    def testRsa2048KeyGen(self):
        private_key, public_key = key_generation.RSAKeyGen()
        rsa_pub_compile = re.compile(RSA_PUBLIC_RE)
        rsa_priv_compile = re.compile(RSA_PRIVATE_RE)
        self.assertTrue(re.match(rsa_pub_compile, public_key.decode('utf-8')))
        self.assertTrue(re.match(rsa_priv_compile,
                                 private_key.decode('utf-8')))

        # pylint: disable=g-import-not-at-top
        from cryptography.hazmat.backends.openssl.backend import backend
        from cryptography.hazmat.primitives import serialization

        # Serialize keys bytes into key objects to ensure correctness of the data.
        private_key = serialization.load_pem_private_key(private_key,
                                                         password=None,
                                                         backend=backend)
        private_key = serialization.load_pem_public_key(public_key,
                                                        backend=backend)
Ejemplo n.º 6
0
 def _GetPublicKey(self, args):
     """Fetches the public key associated with a non-CSR certificate request, as UTF-8 encoded bytes."""
     kms_key_version = args.CONCEPTS.kms_key_version.Parse()
     if args.generate_key:
         private_key, public_key = key_generation.RSAKeyGen(2048)
         key_generation.ExportPrivateKey(args.key_output_file, private_key)
         return public_key
     elif kms_key_version:
         public_key_response = cryptokeyversions.GetPublicKey(
             kms_key_version)
         # bytes(..) requires an explicit encoding in PY3.
         return (bytes(public_key_response.pem) if six.PY2 else bytes(
             public_key_response.pem, 'utf-8'))
     else:
         # This should not happen because of the required arg group, but protects
         # in case of future additions.
         raise exceptions.OneOfArgumentsRequiredException([
             '--csr', '--generate-key', '--kms-key-version'
         ], ('To create a certificate, please specify either a CSR, the '
             '--generate-key flag to create a new key, or the --kms-key-version '
             'flag to use an existing KMS key.'))