def parse_or_generate_private_key(cls, pkey_str, pkey_generate_args,
key_size):
"""
Check a private key (pkey_str) and verify that it has the appopriate security
parameters. If pkey_str is in pkey_generate_args (that is, pkey_str is a directive to generate a key pair),
then generate a public/private key pair.
Return the key pair.
"""
if pkey_str in pkey_generate_args:
# generate one
pubkey_str, pkey_str = api.generate_key_pair(key_size)
return pubkey_str, pkey_str
else:
# validate a given one
try:
pkey = CryptoKey.importKey(pkey_str)
except Exception, e:
log.exception(e)
raise Exception("Failed to parse private key")
# is it the right size?
if pkey.size() != key_size - 1:
raise Exception("Private key has %s bits; expected %s bits" %
(pkey.size() + 1, key_size))
return pkey.publickey().exportKey(), pkey_str
def parse_or_generate_private_key( cls, pkey_str, pkey_generate_args, key_size ):
"""
Check a private key (pkey_str) and verify that it has the appopriate security
parameters. If pkey_str is in pkey_generate_args (that is, pkey_str is a directive to generate a key pair),
then generate a public/private key pair.
Return the key pair.
"""
if pkey_str in pkey_generate_args:
# generate one
pubkey_str, pkey_str = api.generate_key_pair( key_size )
return pubkey_str, pkey_str
else:
# validate a given one
try:
pkey = CryptoKey.importKey( pkey_str )
except Exception, e:
log.exception(e)
raise Exception("Failed to parse private key")
# is it the right size?
if pkey.size() != key_size - 1:
raise Exception("Private key has %s bits; expected %s bits" % (pkey.size() + 1, key_size))
return pkey.publickey().exportKey(), pkey_str
def parse_or_generate_signing_public_key(cls,
signing_public_key,
lib=None):
"""
Check a signing public key and verify that it has the appropriate security
parameters. Interpret MAKE_SIGNING_KEY as a command to generate and return one.
Return pubkey, extras
"""
extra = {}
pubkey_pem = None
if signing_public_key == "MAKE_SIGNING_KEY":
pubkey_pem, privkey_pem = api.generate_key_pair(OBJECT_KEY_SIZE)
extra['signing_public_key'] = pubkey_pem
extra['signing_private_key'] = privkey_pem
signing_public_key = pubkey_pem
elif signing_public_key == "unset":
return None, extra
else:
# is this a key literal?
try:
pubkey = CryptoKey.importKey(signing_public_key)
assert not pubkey.has_private()
return signing_public_key, extra
except:
# not a key literal
pass
# is this a path? Try to load it from disk
try:
storagelib = lib.storage
except:
raise Exception("Missing runtime storage library")
try:
pubkey = storagelib.read_public_key(signing_public_key)
except:
raise Exception("Failed to load %s" % signing_public_key)
pubkey_pem = pubkey.exportKey()
return pubkey_pem, extra
def parse_or_generate_signing_public_key( cls, signing_public_key, lib=None ):
"""
Check a signing public key and verify that it has the appropriate security
parameters. Interpret MAKE_SIGNING_KEY as a command to generate and return one.
Return pubkey, extras
"""
extra = {}
pubkey_pem = None
if signing_public_key == "MAKE_SIGNING_KEY":
pubkey_pem, privkey_pem = api.generate_key_pair( OBJECT_KEY_SIZE )
extra['signing_public_key'] = pubkey_pem
extra['signing_private_key'] = privkey_pem
signing_public_key = pubkey_pem
elif signing_public_key == "unset":
return None, extra
else:
# is this a key literal?
try:
pubkey = CryptoKey.importKey( signing_public_key )
assert not pubkey.has_private()
return signing_public_key, extra
except:
# not a key literal
pass
# is this a path? Try to load it from disk
try:
storagelib = lib.storage
except:
raise Exception("Missing runtime storage library")
try:
pubkey = storagelib.read_public_key( signing_public_key )
except:
raise Exception("Failed to load %s" % signing_public_key )
pubkey_pem = pubkey.exportKey()
return pubkey_pem, extra
