def key(self):
"""
:return: a subclass of PKey of the appropriate key type
:rtype: PKey
:raises ValidationError:
"""
# Check if the key pair exists: at least a public or private part of
# the key is required, as well as the key type.
if not self.key_type:
return None
if not self.public_key and not self.private_key:
return None
public_key = None
private_key = None
if self.public_key:
public_key = base64.b64decode(self.public_key)
if self.private_key:
private_key = StringIO(self.private_key)
if self.key_type == 'ssh-dss':
pkey = DSSKey(data=public_key, file_obj=private_key)
elif self.key_type == 'ssh-rsa':
pkey = RSAKey(data=public_key, file_obj=private_key)
elif self.key_type.startswith('ecdsa'):
pkey = ECDSAKey(data=public_key, file_obj=private_key)
elif self.key_type == '*****@*****.**':
pkey = RSAKey(data=public_key, file_obj=private_key)
pkey.load_certificate(Message(public_key))
else:
raise ValidationError('Unsupported key type: ' + self.key_type)
return pkey
def test_20_compare_ecdsa_521(self):
# verify that the private & public keys compare equal
key = ECDSAKey.from_private_key_file(_support("test_ecdsa_521.key"))
self.assertEqual(key, key)
pub = ECDSAKey(data=key.asbytes())
self.assertTrue(key.can_sign())
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
def test_16_compare_ecdsa_384(self):
# verify that the private & public keys compare equal
key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key'))
self.assertEqual(key, key)
pub = ECDSAKey(data=key.asbytes())
self.assertTrue(key.can_sign())
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
def test_12_compare_ecdsa(self):
# verify that the private & public keys compare equal
key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
self.assertEquals(key, key)
pub = ECDSAKey(data=str(key))
self.assert_(key.can_sign())
self.assert_(not pub.can_sign())
self.assertEquals(key, pub)
def test_sign_ecdsa_384(self):
# verify that the rsa private key can sign and verify
key = ECDSAKey.from_private_key_file(_support('test_ecdsa_384.key'))
msg = key.sign_ssh_data(b'ice weasels')
self.assertTrue(type(msg) is Message)
msg.rewind()
self.assertEqual('ecdsa-sha2-nistp384', msg.get_text())
# ECDSA signatures, like DSS signatures, tend to be different
# each time, so we can't compare against a "known correct" signature.
# Even the length of the signature can change.
msg.rewind()
pub = ECDSAKey(data=key.asbytes())
self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
def dehydrate(self, bundle):
if bundle.obj.key_type == "ssh-rsa":
key = RSAKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type == "ssh-dss":
key = DSSKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type.startswith("ecdsa"):
key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key))
else:
raise HydrationError("Unknown key type: %s" %
bundle.object.key_type)
bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint()))
return bundle
def test_13_sign_ecdsa(self):
# verify that the rsa private key can sign and verify
key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
msg = key.sign_ssh_data(rng, 'ice weasels')
self.assert_(type(msg) is Message)
msg.rewind()
self.assertEquals('ecdsa-sha2-nistp256', msg.get_string())
# ECDSA signatures, like DSS signatures, tend to be different
# each time, so we can't compare against a "known correct"
# signature.
# Even the length of the signature can change.
msg.rewind()
pub = ECDSAKey(data=str(key))
self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def load(self):
"""Try to load the public key
We support RSA, ECDSA and Ed25519 keys and return instances of:
* paramiko.rsakey.RSAKey
* paramiko.ecdsakey.ECDSAKey
* paramiko.ed25519key.Ed25519Key (requires paramiko >= 2.2)
"""
# I don't think there is a key type independent way of doing this
public_key_blob = b64decode(self.key_base64)
if self.key_algorithm.startswith('ssh-ed25519'):
try:
return Ed25519Key(data=public_key_blob)
except NameError:
raise ValidationError('Paramiko too old to load ed25519 keys')
elif self.key_algorithm.startswith('ecdsa-'):
return ECDSAKey(data=public_key_blob)
elif self.key_algorithm.startswith('ssh-rsa'):
return RSAKey(data=public_key_blob)
raise SSHException('Key is not RSA, ECDSA or Ed25519')
def clean(self):
data = super().clean()
key_type = data.get('key_type')
public_key = data.get('public_key')
try:
if key_type == "ssh-rsa":
k = RSAKey(data=base64.b64decode(public_key))
elif key_type == "ssh-dss":
k = DSSKey(data=base64.b64decode(public_key))
elif key_type.startswith('ecdsa'):
k = ECDSAKey(data=base64.b64decode(public_key))
else:
raise forms.ValidationError(
_("Unsupport key type: %(keytype)s"),
code='invalid keytype',
params={'key_type': key_type}
)
data['key_type'] = k.get_name()
data['public_key'] = k.get_base64()
except (TypeError, SSHException, UnicodeDecodeError) as err:
if len(public_key) > 30:
body = public_key[0:30]
else:
body = public_key
raise forms.ValidationError(
_("Body of SSH public key is invalid:\n%(body)s\n"
"Error: %(err)s"),
code='invalid key body',
params={'body': body + "...", 'err': err}
)
return data
