def attach_free_keypair_to_uuid(self, *, keychain_uid: uuid.UUID,
key_type: str):
self._check_keypair_does_not_exist(keychain_uid=keychain_uid,
key_type=key_type)
target_public_key_filename = self._keys_dir.joinpath(
self._get_filename(keychain_uid, key_type=key_type,
is_public=True))
target_private_key_filename = self._keys_dir.joinpath(
self._get_filename(keychain_uid,
key_type=key_type,
is_public=False))
subdir = self._free_keys_dir.joinpath(key_type)
globber = subdir.glob("*" + self._private_key_suffix)
try:
free_private_key = next(globber)
except StopIteration:
raise KeyDoesNotExist(
"No free keypair of type %s available in filesystem storage" %
key_type)
_free_public_key_name = free_private_key.name.replace(
self._private_key_suffix, self._public_key_suffix)
free_public_key = subdir.joinpath(_free_public_key_name)
# First move the private key, so that it's not shown anymore as "free"
free_private_key.replace(target_private_key_filename)
free_public_key.replace(target_public_key_filename)
def _get_keypair_or_raise(self, *, keychain_uid, key_type):
keypair = self._get_keypair_or_none(keychain_uid=keychain_uid,
key_type=key_type)
if keypair:
return keypair
raise KeyDoesNotExist("Dummy keypair %s/%s not found" %
(keychain_uid, key_type))
def _fetch_key_object_or_raise(keychain_uid: uuid.UUID,
key_algo: str) -> TrusteeKeypair:
keypair_obj = _fetch_key_object_or_none(keychain_uid=keychain_uid,
key_algo=key_algo)
if not keypair_obj:
raise KeyDoesNotExist("Keypair %s/%s not found in database" %
(keychain_uid, key_algo))
return keypair_obj
def get_private_key(self, *, keychain_uid: uuid.UUID,
key_type: str) -> bytes:
filename_private_key = self._get_filename(keychain_uid,
key_type=key_type,
is_public=False)
try:
return self._read_from_storage_file(basename=filename_private_key)
except FileNotFoundError:
raise KeyDoesNotExist("Private filesystem key %s/%s not found" %
(keychain_uid, key_type))
def _attach_free_keypair_to_uuid(self, *, keychain_uid, key_algo):
# Beware, SPECIAL LOOKUP for the first available free key, here
keypair_obj_or_none = TrusteeKeypair.objects.filter(
keychain_uid=None, key_algo=key_algo).first()
if not keypair_obj_or_none:
raise KeyDoesNotExist(
"No free keypair of type %s available in sql storage" %
key_algo)
keypair_obj_or_none.keychain_uid = keychain_uid
keypair_obj_or_none.attached_at = timezone.now()
keypair_obj_or_none.save()
def attach_free_keypair_to_uuid(self, *, keychain_uid: uuid.UUID,
key_type: str):
self._check_keypair_does_not_exist(keychain_uid=keychain_uid,
key_type=key_type)
try:
sublist = self._free_keypairs[key_type]
keypair = sublist.pop()
except LookupError:
raise KeyDoesNotExist(
"No free keypair of type %s available in dummy storage" %
key_type)
else:
self._set_keypair(keychain_uid=keychain_uid,
key_type=key_type,
keypair=keypair)
def _ensure_keypair_exists(self, keychain_uid: uuid.UUID, key_type: str):
try:
self._key_storage.get_public_key(keychain_uid=keychain_uid, key_type=key_type)
except KeyDoesNotExist:
# Just tweak the error message here
raise KeyDoesNotExist("Keypair %s/%s not found in escrow api" % (keychain_uid, key_type))