moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-01 05:31:51 +01:00
Code Releases Activity

tools: encapsulate key parameter determination in tools function

Browse Source 
This is will isolate more cryptographic functions in the tools module
and allow for easier replacement of any cryptographic function should
the need ever arise
This commit is contained in:
Kishi85 2019-04-04 10:30:44 +02:00
parent 47e3312aad
commit 2046215e37
3 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
acertmgr/authority/v1.py
View File

@ -29,14 +29,10 @@ class ACMEAuthority(AbstractACMEAuthority):
# @param key the account key # @param key the account key
# @return the header for ACME # @return the header for ACME
def _prepare_header(self): def _prepare_header(self):
numbers = self.key.public_key().public_numbers() alg, jwk = tools.get_key_alg_and_jwk(self.key)
header = { header = {
"alg": "RS256", "alg": alg,
"jwk": { "jwk": jwk,
"e": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.e)),
"kty": "RSA",
"n": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.n)),
},
} }
return header return header

10
acertmgr/authority/v2.py
View File

@ -44,16 +44,10 @@ class ACMEAuthority(AbstractACMEAuthority):
print("API directory retrieval failed ({}). Guessed necessary values: {}".format(code, self.directory)) print("API directory retrieval failed ({}). Guessed necessary values: {}".format(code, self.directory))
self.nonce = None self.nonce = None
# @todo: Add support for key-types other than RSA self.algorithm, jwk = tools.get_key_alg_and_jwk(key)
numbers = key.public_key().public_numbers()
self.algorithm = "RS256"
self.account_protected = { self.account_protected = {
"alg": self.algorithm, "alg": self.algorithm,
"jwk": { "jwk": jwk
"kty": "RSA",
"e": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.e)),
"n": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.n)),
},
} }
self.account_id = None # will be updated to correct value during account registration self.account_id = None # will be updated to correct value during account registration

23
acertmgr/tools.py
View File

@ -191,12 +191,27 @@ def convert_der_bytes_to_cert(data):
return x509.load_der_x509_certificate(data, default_backend()) return x509.load_der_x509_certificate(data, default_backend())
# @brief determine key signing algorithm and jwk data
# @return key algorithm, signature algorithm, key numbers as a dict
def get_key_alg_and_jwk(key):
if isinstance(key, rsa.RSAPrivateKey):
# See https://tools.ietf.org/html/rfc7518#section-6.3
numbers = key.public_key().public_numbers()
return "RS256", {"kty": "RSA",
"e": bytes_to_base64url(number_to_byte_format(numbers.e)),
"n": bytes_to_base64url(number_to_byte_format(numbers.n))}
else:
raise ValueError("Unsupported key: {}".format(key))
# @brief sign string with key # @brief sign string with key
def signature_of_str(key, string): def signature_of_str(key, string):
# @todo check why this padding is not working alg, _ = get_key_alg_and_jwk(key)
# pad = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH) data = string.encode('utf8')
pad = padding.PKCS1v15() if alg == 'RS256':
return key.sign(string.encode('utf8'), pad, hashes.SHA256()) return key.sign(data, padding.PKCS1v15(), hashes.SHA256())
else:
raise ValueError("Unsupported signature algorithm: {}".format(alg))
# @brief hash a string # @brief hash a string