def from_string(cls, key, key_id=None): """Construct an Signer instance from a private key in PEM format. Args: key (str): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt.Signer: The constructed signer. Raises: ValueError: If the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format. """ key = _helpers.from_bytes(key) # PEM expects str in Python 3 marker_id, key_bytes = pem.readPemBlocksFromFile( six.StringIO(key), _PKCS1_MARKER, _PKCS8_MARKER) # Key is in pkcs1 format. if marker_id == 0: private_key = rsa.key.PrivateKey.load_pkcs1(key_bytes, format="DER") # Key is in pkcs8. elif marker_id == 1: key_info, remaining = decoder.decode(key_bytes, asn1Spec=_PKCS8_SPEC) if remaining != b"": raise ValueError("Unused bytes", remaining) private_key_info = key_info.getComponentByName("privateKey") private_key = rsa.key.PrivateKey.load_pkcs1( private_key_info.asOctets(), format="DER") else: raise ValueError("No key could be detected.") return cls(private_key, key_id=key_id)
def test_from_string_pkcs8_extra_bytes(self): key_bytes = PKCS8_KEY_BYTES _, pem_bytes = pem.readPemBlocksFromFile( six.StringIO(_helpers.from_bytes(key_bytes)), _python_rsa._PKCS8_MARKER) key_info, remaining = None, "extra" decode_patch = mock.patch( "pyasn1.codec.der.decoder.decode", return_value=(key_info, remaining), autospec=True, ) with decode_patch as decode: with pytest.raises(ValueError): _python_rsa.RSASigner.from_string(key_bytes) # Verify mock was called. decode.assert_called_once_with(pem_bytes, asn1Spec=_python_rsa._PKCS8_SPEC)
def test_from_string_pub_key_unicode(self): public_key = _helpers.from_bytes(PUBLIC_KEY_BYTES) verifier = _python_rsa.RSAVerifier.from_string(public_key) assert isinstance(verifier, _python_rsa.RSAVerifier) assert isinstance(verifier._pubkey, rsa.key.PublicKey)
def test_from_string_pkcs8_unicode(self): key_bytes = _helpers.from_bytes(PKCS8_KEY_BYTES) signer = _python_rsa.RSASigner.from_string(key_bytes) assert isinstance(signer, _python_rsa.RSASigner) assert isinstance(signer._key, rsa.key.PrivateKey)
def test_from_bytes_with_bytes(): value = b"string-val" decoded_value = u"string-val" assert _helpers.from_bytes(value) == decoded_value
def test_from_bytes_with_nonstring_type(): with pytest.raises(ValueError): _helpers.from_bytes(object())
def test_from_bytes_with_unicode(): value = u"bytes-val" assert _helpers.from_bytes(value) == value
def test_from_string_pkcs1_unicode(self): key_bytes = _helpers.from_bytes(PKCS1_KEY_BYTES) signer = _cryptography_rsa.RSASigner.from_string(key_bytes) assert isinstance(signer, _cryptography_rsa.RSASigner) assert isinstance(signer._key, rsa.RSAPrivateKey)
def test_from_string_pub_cert_unicode(self): public_cert = _helpers.from_bytes(PUBLIC_CERT_BYTES) verifier = _cryptography_rsa.RSAVerifier.from_string(public_cert) assert isinstance(verifier, _cryptography_rsa.RSAVerifier) assert isinstance(verifier._pubkey, rsa.RSAPublicKey)
def test_from_string_pub_key_unicode(self): public_key = _helpers.from_bytes(PUBLIC_KEY_BYTES) verifier = es256.ES256Verifier.from_string(public_key) assert isinstance(verifier, es256.ES256Verifier) assert isinstance(verifier._pubkey, ec.EllipticCurvePublicKey)
def test_from_string_pkcs1_unicode(self): key_bytes = _helpers.from_bytes(PKCS1_KEY_BYTES) signer = es256.ES256Signer.from_string(key_bytes) assert isinstance(signer, es256.ES256Signer) assert isinstance(signer._key, ec.EllipticCurvePrivateKey)