def from_string(cls, key, key_id=None):
"""Construct an Signer instance from a private key in PEM format.
Args:
key (str): Private key in PEM format.
key_id (str): An optional key id used to identify the private key.
Returns:
google.auth.crypt.Signer: The constructed signer.
Raises:
ValueError: If the key cannot be parsed as PKCS#1 or PKCS#8 in
PEM format.
"""
key = _helpers.from_bytes(key) # PEM expects str in Python 3
marker_id, key_bytes = pem.readPemBlocksFromFile(
six.StringIO(key), _PKCS1_MARKER, _PKCS8_MARKER)
# Key is in pkcs1 format.
if marker_id == 0:
private_key = rsa.key.PrivateKey.load_pkcs1(key_bytes,
format="DER")
# Key is in pkcs8.
elif marker_id == 1:
key_info, remaining = decoder.decode(key_bytes,
asn1Spec=_PKCS8_SPEC)
if remaining != b"":
raise ValueError("Unused bytes", remaining)
private_key_info = key_info.getComponentByName("privateKey")
private_key = rsa.key.PrivateKey.load_pkcs1(
private_key_info.asOctets(), format="DER")
else:
raise ValueError("No key could be detected.")
return cls(private_key, key_id=key_id)
def test_from_string_pkcs8_extra_bytes(self):
key_bytes = PKCS8_KEY_BYTES
_, pem_bytes = pem.readPemBlocksFromFile(
six.StringIO(_helpers.from_bytes(key_bytes)),
_python_rsa._PKCS8_MARKER)
key_info, remaining = None, "extra"
decode_patch = mock.patch(
"pyasn1.codec.der.decoder.decode",
return_value=(key_info, remaining),
autospec=True,
)
with decode_patch as decode:
with pytest.raises(ValueError):
_python_rsa.RSASigner.from_string(key_bytes)
# Verify mock was called.
decode.assert_called_once_with(pem_bytes,
asn1Spec=_python_rsa._PKCS8_SPEC)
def test_from_string_pub_key_unicode(self):
public_key = _helpers.from_bytes(PUBLIC_KEY_BYTES)
verifier = _python_rsa.RSAVerifier.from_string(public_key)
assert isinstance(verifier, _python_rsa.RSAVerifier)
assert isinstance(verifier._pubkey, rsa.key.PublicKey)
def test_from_string_pkcs8_unicode(self):
key_bytes = _helpers.from_bytes(PKCS8_KEY_BYTES)
signer = _python_rsa.RSASigner.from_string(key_bytes)
assert isinstance(signer, _python_rsa.RSASigner)
assert isinstance(signer._key, rsa.key.PrivateKey)
def test_from_bytes_with_bytes():
value = b"string-val"
decoded_value = u"string-val"
assert _helpers.from_bytes(value) == decoded_value
def test_from_bytes_with_nonstring_type():
with pytest.raises(ValueError):
_helpers.from_bytes(object())
def test_from_bytes_with_unicode():
value = u"bytes-val"
assert _helpers.from_bytes(value) == value
def test_from_string_pkcs1_unicode(self):
key_bytes = _helpers.from_bytes(PKCS1_KEY_BYTES)
signer = _cryptography_rsa.RSASigner.from_string(key_bytes)
assert isinstance(signer, _cryptography_rsa.RSASigner)
assert isinstance(signer._key, rsa.RSAPrivateKey)
def test_from_string_pub_cert_unicode(self):
public_cert = _helpers.from_bytes(PUBLIC_CERT_BYTES)
verifier = _cryptography_rsa.RSAVerifier.from_string(public_cert)
assert isinstance(verifier, _cryptography_rsa.RSAVerifier)
assert isinstance(verifier._pubkey, rsa.RSAPublicKey)
def test_from_string_pub_key_unicode(self):
public_key = _helpers.from_bytes(PUBLIC_KEY_BYTES)
verifier = es256.ES256Verifier.from_string(public_key)
assert isinstance(verifier, es256.ES256Verifier)
assert isinstance(verifier._pubkey, ec.EllipticCurvePublicKey)
def test_from_string_pkcs1_unicode(self):
key_bytes = _helpers.from_bytes(PKCS1_KEY_BYTES)
signer = es256.ES256Signer.from_string(key_bytes)
assert isinstance(signer, es256.ES256Signer)
assert isinstance(signer._key, ec.EllipticCurvePrivateKey)