def __init__(self, initializer=None, allow_prompt=None):
if isinstance(initializer, RSAPrivateKey):
initializer = initializer._value # pylint: disable=protected-access
if initializer is None:
super(RSAPrivateKey, self).__init__(None)
return
if isinstance(initializer, rsa.RSAPrivateKey):
super(RSAPrivateKey, self).__init__(initializer)
return
if isinstance(initializer, Text):
initializer = initializer.encode("ascii")
if not isinstance(initializer, bytes):
raise rdfvalue.InitializeError("Cannot initialize %s from %s." %
(self.__class__, initializer))
try:
value = serialization.load_pem_private_key(initializer,
password=None,
backend=openssl.backend)
super(RSAPrivateKey, self).__init__(value)
return
except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e:
if "private key is encrypted" not in str(e):
raise type_info.TypeValueError("Private key invalid: %s" % e)
# The private key is passphrase protected, we need to see if we are
# allowed to ask the user.
#
# In the case where allow_prompt was not set at all, we use the context
# we are in to see if it makes sense to ask.
if allow_prompt is None:
# TODO(user): dependency loop with
# core/grr_response_core/grr/config/client.py.
# pylint: disable=protected-access
if "Commandline Context" not in config_lib._CONFIG.context:
raise type_info.TypeValueError("Private key invalid: %s" %
e)
# pylint: enable=protected-access
# Otherwise, if allow_prompt is False, we are explicitly told that we are
# not supposed to ask the user.
elif not allow_prompt:
raise type_info.TypeValueError("Private key invalid: %s" % e)
try:
# The private key is encrypted and we can ask the user for the passphrase.
password = utils.PassphraseCallback()
value = serialization.load_pem_private_key(initializer,
password=password,
backend=openssl.backend)
super(RSAPrivateKey, self).__init__(value)
except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e:
raise type_info.TypeValueError("Unable to load private key: %s" %
e)
def ParseFromString(self, pem_string):
precondition.AssertType(pem_string, bytes)
try:
self._value = serialization.load_pem_private_key(
pem_string, password=None, backend=openssl.backend)
return
except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e:
if "private key is encrypted" not in str(e):
raise type_info.TypeValueError("Private key invalid: %s" % e)
# pylint: disable=g-explicit-bool-comparison, g-equals-none
# The private key is passphrase protected, we need to see if we are
# allowed to ask the user.
#
# If allow_prompt is False, we are explicitly told that we are not.
if self.allow_prompt == False:
raise type_info.TypeValueError("Private key invalid: %s" % e)
# allow_prompt was not set, we use the context we are in to see if it
# makes sense to ask.
elif self.allow_prompt == None:
# TODO(user): dependency loop with
# core/grr_response_core/grr/config/client.py.
# pylint: disable=protected-access
if "Commandline Context" not in config_lib._CONFIG.context:
raise type_info.TypeValueError("Private key invalid: %s" %
e)
# pylint: enable=protected-access
# pylint: enable=g-explicit-bool-comparison, g-equals-none
try:
# The private key is encrypted and we can ask the user for the passphrase.
password = utils.PassphraseCallback()
self._value = serialization.load_pem_private_key(
pem_string, password=password, backend=openssl.backend)
except (TypeError, ValueError, exceptions.UnsupportedAlgorithm) as e:
raise type_info.TypeValueError("Unable to load private key: %s" %
e)