def testUnwritableFile(self): # Owner has only read permission before write. os.chmod(self.cwd_path, stat.S_IRUSR) key_file_name = './private_key.pem' with self.assertRaises(exceptions.FileOutputError): private_key, _ = key_generation.RSAKeyGen() key_generation.ExportPrivateKey(key_file_name, private_key)
def testFileExport(self): key_file_name = './private_key2.pem' private_key, _ = key_generation.RSAKeyGen() key_generation.ExportPrivateKey(key_file_name, private_key) self.AssertFileExists(key_file_name) self.AssertFileMatches(RSA_PRIVATE_RE, key_file_name) self.AssertLogContains( 'A private key was exported to {}'.format(key_file_name)) # Check that file is 0o400 after export st = os.stat(key_file_name) oct_perm = oct(st.st_mode) self.assertEqual(oct_perm, oct(0o100400))
def _GenerateCertificateConfig(self, request, args, location): private_key, public_key = key_generation.RSAKeyGen(2048) key_generation.ExportPrivateKey(args.key_output_file, private_key) config = self.messages.CertificateConfig() config.publicKey = self.messages.PublicKey() config.publicKey.key = public_key config.publicKey.type = self.messages.PublicKey.TypeValueValuesEnum.PEM_RSA_KEY config.reusableConfig = flags.ParseReusableConfig( args, location, is_ca_command=args.is_ca_cert) config.subjectConfig = flags.ParseSubjectFlags(args, is_ca=args.is_ca_cert) return config
def _GenerateCertificateConfig(self, request, args): messages = privateca_base.GetMessagesModule() private_key, public_key = key_generation.RSAKeyGen(2048) key_generation.ExportPrivateKey(args.key_output_file, private_key) config = messages.CertificateConfig() config.publicKey = messages.PublicKey() config.publicKey.key = public_key config.publicKey.type = messages.PublicKey.TypeValueValuesEnum.PEM_RSA_KEY config.reusableConfig = flags.ParseReusableConfig(args) config.subjectConfig = flags.ParseSubjectFlags(args, is_ca=False) return config
def testRsa2048KeyGen(self): private_key, public_key = key_generation.RSAKeyGen() rsa_pub_compile = re.compile(RSA_PUBLIC_RE) rsa_priv_compile = re.compile(RSA_PRIVATE_RE) self.assertTrue(re.match(rsa_pub_compile, public_key.decode('utf-8'))) self.assertTrue(re.match(rsa_priv_compile, private_key.decode('utf-8'))) # pylint: disable=g-import-not-at-top from cryptography.hazmat.backends.openssl.backend import backend from cryptography.hazmat.primitives import serialization # Serialize keys bytes into key objects to ensure correctness of the data. private_key = serialization.load_pem_private_key(private_key, password=None, backend=backend) private_key = serialization.load_pem_public_key(public_key, backend=backend)
def _GetPublicKey(self, args): """Fetches the public key associated with a non-CSR certificate request, as UTF-8 encoded bytes.""" kms_key_version = args.CONCEPTS.kms_key_version.Parse() if args.generate_key: private_key, public_key = key_generation.RSAKeyGen(2048) key_generation.ExportPrivateKey(args.key_output_file, private_key) return public_key elif kms_key_version: public_key_response = cryptokeyversions.GetPublicKey( kms_key_version) # bytes(..) requires an explicit encoding in PY3. return (bytes(public_key_response.pem) if six.PY2 else bytes( public_key_response.pem, 'utf-8')) else: # This should not happen because of the required arg group, but protects # in case of future additions. raise exceptions.OneOfArgumentsRequiredException([ '--csr', '--generate-key', '--kms-key-version' ], ('To create a certificate, please specify either a CSR, the ' '--generate-key flag to create a new key, or the --kms-key-version ' 'flag to use an existing KMS key.'))