def parse_or_generate_private_key(cls, pkey_str, pkey_generate_args, key_size): """ Check a private key (pkey_str) and verify that it has the appopriate security parameters. If pkey_str is in pkey_generate_args (that is, pkey_str is a directive to generate a key pair), then generate a public/private key pair. Return the key pair. """ if pkey_str in pkey_generate_args: # generate one pubkey_str, pkey_str = api.generate_key_pair(key_size) return pubkey_str, pkey_str else: # validate a given one try: pkey = CryptoKey.importKey(pkey_str) except Exception, e: log.exception(e) raise Exception("Failed to parse private key") # is it the right size? if pkey.size() != key_size - 1: raise Exception("Private key has %s bits; expected %s bits" % (pkey.size() + 1, key_size)) return pkey.publickey().exportKey(), pkey_str
def parse_or_generate_private_key( cls, pkey_str, pkey_generate_args, key_size ): """ Check a private key (pkey_str) and verify that it has the appopriate security parameters. If pkey_str is in pkey_generate_args (that is, pkey_str is a directive to generate a key pair), then generate a public/private key pair. Return the key pair. """ if pkey_str in pkey_generate_args: # generate one pubkey_str, pkey_str = api.generate_key_pair( key_size ) return pubkey_str, pkey_str else: # validate a given one try: pkey = CryptoKey.importKey( pkey_str ) except Exception, e: log.exception(e) raise Exception("Failed to parse private key") # is it the right size? if pkey.size() != key_size - 1: raise Exception("Private key has %s bits; expected %s bits" % (pkey.size() + 1, key_size)) return pkey.publickey().exportKey(), pkey_str
def parse_or_generate_signing_public_key(cls, signing_public_key, lib=None): """ Check a signing public key and verify that it has the appropriate security parameters. Interpret MAKE_SIGNING_KEY as a command to generate and return one. Return pubkey, extras """ extra = {} pubkey_pem = None if signing_public_key == "MAKE_SIGNING_KEY": pubkey_pem, privkey_pem = api.generate_key_pair(OBJECT_KEY_SIZE) extra['signing_public_key'] = pubkey_pem extra['signing_private_key'] = privkey_pem signing_public_key = pubkey_pem elif signing_public_key == "unset": return None, extra else: # is this a key literal? try: pubkey = CryptoKey.importKey(signing_public_key) assert not pubkey.has_private() return signing_public_key, extra except: # not a key literal pass # is this a path? Try to load it from disk try: storagelib = lib.storage except: raise Exception("Missing runtime storage library") try: pubkey = storagelib.read_public_key(signing_public_key) except: raise Exception("Failed to load %s" % signing_public_key) pubkey_pem = pubkey.exportKey() return pubkey_pem, extra
def parse_or_generate_signing_public_key( cls, signing_public_key, lib=None ): """ Check a signing public key and verify that it has the appropriate security parameters. Interpret MAKE_SIGNING_KEY as a command to generate and return one. Return pubkey, extras """ extra = {} pubkey_pem = None if signing_public_key == "MAKE_SIGNING_KEY": pubkey_pem, privkey_pem = api.generate_key_pair( OBJECT_KEY_SIZE ) extra['signing_public_key'] = pubkey_pem extra['signing_private_key'] = privkey_pem signing_public_key = pubkey_pem elif signing_public_key == "unset": return None, extra else: # is this a key literal? try: pubkey = CryptoKey.importKey( signing_public_key ) assert not pubkey.has_private() return signing_public_key, extra except: # not a key literal pass # is this a path? Try to load it from disk try: storagelib = lib.storage except: raise Exception("Missing runtime storage library") try: pubkey = storagelib.read_public_key( signing_public_key ) except: raise Exception("Failed to load %s" % signing_public_key ) pubkey_pem = pubkey.exportKey() return pubkey_pem, extra