def is_type(cls, container_bytes, password=None):
cert = None
try:
if password is None:
cert = k.parse_private(container_bytes)
else:
cert = k.parse_private(container_bytes, password=password)
cert.native
except Exception:
return False
try:
if cert.native["private_key"]["modulus"] is not None:
return True
except:
pass
try:
if cert.native["private_key"]["public_key"] is not None:
return True
except:
pass
return False
def is_type(cls, container_bytes, password=None):
cert = None
try:
if password is None:
cert = k.parse_private(container_bytes)
else:
cert = k.parse_private(container_bytes, password=password)
cert.native
except Exception:
return False
try:
if cert.native["private_key"]["modulus"] is not None:
return True
except:
pass
try:
if cert.native["private_key"]["public_key"] is not None:
return True
except:
pass
return False
def parse(self):
assert self.type == ContainerTypes.PKCS8
if self.password is None:
self.asn1 = k.parse_private(self.bytes)
else:
self.asn1 = k.parse_private(self.bytes, password=self.password)
self.asn1.native
self._raise_if_wrong_algorithm()
self._is_parsed = True
def parse(self):
assert self.type == ContainerTypes.Private
if self.password is None:
self.asn1 = k.parse_private(self.bytes)
else:
self.asn1 = k.parse_private(self.bytes, password=self.password)
self.asn1.native
self._raise_if_wrong_algorithm()
self._is_parsed = True
def is_type(cls, container_bytes, password=None):
if PKCS8Reader.is_type(bytes, password=password):
return False
try:
if password is None:
cert = k.parse_private(container_bytes)
else:
cert = k.parse_private(container_bytes, password=password)
cert.native
return True
except Exception:
return False
def is_type(cls, container_bytes, password=None):
if PKCS8Reader.is_type(bytes, password=password):
return False
try:
if password is None:
cert = k.parse_private(container_bytes)
else:
cert = k.parse_private(container_bytes, password=password)
cert.native
return True
except Exception:
return False
def load_private_key(self, key_bytes: bytes, password: Optional[str]) \
-> Tuple[keys.PrivateKeyInfo, keys.PublicKeyInfo]:
from cryptography.hazmat.primitives import serialization
from oscrypto import keys as oskeys
# use oscrypto parser here to parse the key to a PrivateKeyInfo object
# (It handles unarmoring/decryption/... without worrying about the
# key type, while load_der/pem_private_key would fail to process
# PSS-exclusive keys)
priv_key_info = oskeys.parse_private(key_bytes, password)
assert isinstance(priv_key_info, keys.PrivateKeyInfo)
if priv_key_info.algorithm == 'rsassa_pss':
# these keys can't be loaded directly in pyca/cryptography,
# so we have to give it a nudge
priv_key_copy = priv_key_info.copy()
priv_key_copy['private_key_algorithm'] = {'algorithm': 'rsa'}
key_bytes = priv_key_copy.dump()
else:
key_bytes = priv_key_info.dump()
priv_key = serialization.load_der_private_key(key_bytes, password=None)
pub_key_bytes = priv_key.public_key().public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
pub_key_info = keys.PublicKeyInfo.load(pub_key_bytes)
if priv_key_info.algorithm == 'rsassa_pss':
# if the private key was a PSS-exclusive one, copy the parameters
# back from the original (since we stripped them going in)
# We use .native to get around asn1crypto's type checking
pub_key_info['algorithm'] = \
priv_key_info['private_key_algorithm'].native
return priv_key_info, pub_key_info
def parse_private(self, input_filename, password, algo):
with open(os.path.join(fixtures_dir, input_filename), 'rb') as f:
private_object = keys.parse_private(f.read(), password)
self.assertEqual(algo, private_object['private_key_algorithm']['algorithm'].native)
# Make sure we can parse the whole structure
private_object.native
def parse_private(self, input_filename, password, algo):
with open(os.path.join(fixtures_dir, input_filename), 'rb') as f:
private_object = keys.parse_private(f.read(), password)
self.assertEqual(algo, private_object['private_key_algorithm']['algorithm'].native)
# Make sure we can parse the whole structure
private_object.native
def load_private_key(self, key_bytes: bytes, password: Optional[str]) \
-> Tuple[keys.PrivateKeyInfo, keys.PublicKeyInfo]:
from oscrypto import asymmetric, keys as oskeys
private = oskeys.parse_private(key_bytes, password=password)
if private.algorithm == 'rsassa_pss':
loaded, public = _oscrypto_hacky_load_pss_exclusive_key(private)
else:
loaded = asymmetric.load_private_key(private)
public = loaded.public_key.asn1
return private, public
def __init__(self, der_string=None, password=None, private_key=None):
if private_key is None:
self._private_key = keys.parse_private(der_string,
password=password)
else:
self._private_key = private_key
self._oscrypto_private_key = asymmetric.load_private_key(
source=self._private_key)
self._crypto_private_key = serialization.load_der_private_key(
data=self.to_der(), backend=default_backend(), password=None)
def from_pem_data(certdata: str | bytes,
keydata: str | bytes,
dhparams: DirtyDH = None,
username: str = None,
domain: str = None) -> KerberosCredential:
if isinstance(certdata, str):
certdata = base64.b64decode(
certdata.replace(' ',
'').replace('\r',
'').replace('\n',
'').replace('\t', ''))
if isinstance(keydata, str):
keydata = base64.b64decode(
keydata.replace(' ',
'').replace('\r',
'').replace('\n',
'').replace('\t', ''))
k = KerberosCredential()
k.certificate = parse_certificate(certdata)
k.private_key = parse_private(keydata)
k.set_user_and_domain_from_cert(username=username, domain=domain)
k.set_dhparams(dhparams)
return k
def test_parse_private_pem_leading_whitespace(self):
with open(os.path.join(fixtures_dir, 'keys/test.key'), 'rb') as f:
private_object = keys.parse_private(b' \n' + f.read(), None)
# Make sure we can parse the whole structure
private_object.native