mirror of
https://github.com/moepman/acertmgr.git
synced 2025-01-04 01:25:24 +01:00
tools: encapsulate key parameter determination in tools function
This is will isolate more cryptographic functions in the tools module and allow for easier replacement of any cryptographic function should the need ever arise
This commit is contained in:
parent
47e3312aad
commit
2046215e37
@ -29,14 +29,10 @@ class ACMEAuthority(AbstractACMEAuthority):
|
|||||||
# @param key the account key
|
# @param key the account key
|
||||||
# @return the header for ACME
|
# @return the header for ACME
|
||||||
def _prepare_header(self):
|
def _prepare_header(self):
|
||||||
numbers = self.key.public_key().public_numbers()
|
alg, jwk = tools.get_key_alg_and_jwk(self.key)
|
||||||
header = {
|
header = {
|
||||||
"alg": "RS256",
|
"alg": alg,
|
||||||
"jwk": {
|
"jwk": jwk,
|
||||||
"e": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.e)),
|
|
||||||
"kty": "RSA",
|
|
||||||
"n": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.n)),
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
return header
|
return header
|
||||||
|
|
||||||
|
@ -44,16 +44,10 @@ class ACMEAuthority(AbstractACMEAuthority):
|
|||||||
print("API directory retrieval failed ({}). Guessed necessary values: {}".format(code, self.directory))
|
print("API directory retrieval failed ({}). Guessed necessary values: {}".format(code, self.directory))
|
||||||
self.nonce = None
|
self.nonce = None
|
||||||
|
|
||||||
# @todo: Add support for key-types other than RSA
|
self.algorithm, jwk = tools.get_key_alg_and_jwk(key)
|
||||||
numbers = key.public_key().public_numbers()
|
|
||||||
self.algorithm = "RS256"
|
|
||||||
self.account_protected = {
|
self.account_protected = {
|
||||||
"alg": self.algorithm,
|
"alg": self.algorithm,
|
||||||
"jwk": {
|
"jwk": jwk
|
||||||
"kty": "RSA",
|
|
||||||
"e": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.e)),
|
|
||||||
"n": tools.bytes_to_base64url(tools.number_to_byte_format(numbers.n)),
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
self.account_id = None # will be updated to correct value during account registration
|
self.account_id = None # will be updated to correct value during account registration
|
||||||
|
|
||||||
|
@ -191,12 +191,27 @@ def convert_der_bytes_to_cert(data):
|
|||||||
return x509.load_der_x509_certificate(data, default_backend())
|
return x509.load_der_x509_certificate(data, default_backend())
|
||||||
|
|
||||||
|
|
||||||
|
# @brief determine key signing algorithm and jwk data
|
||||||
|
# @return key algorithm, signature algorithm, key numbers as a dict
|
||||||
|
def get_key_alg_and_jwk(key):
|
||||||
|
if isinstance(key, rsa.RSAPrivateKey):
|
||||||
|
# See https://tools.ietf.org/html/rfc7518#section-6.3
|
||||||
|
numbers = key.public_key().public_numbers()
|
||||||
|
return "RS256", {"kty": "RSA",
|
||||||
|
"e": bytes_to_base64url(number_to_byte_format(numbers.e)),
|
||||||
|
"n": bytes_to_base64url(number_to_byte_format(numbers.n))}
|
||||||
|
else:
|
||||||
|
raise ValueError("Unsupported key: {}".format(key))
|
||||||
|
|
||||||
|
|
||||||
# @brief sign string with key
|
# @brief sign string with key
|
||||||
def signature_of_str(key, string):
|
def signature_of_str(key, string):
|
||||||
# @todo check why this padding is not working
|
alg, _ = get_key_alg_and_jwk(key)
|
||||||
# pad = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH)
|
data = string.encode('utf8')
|
||||||
pad = padding.PKCS1v15()
|
if alg == 'RS256':
|
||||||
return key.sign(string.encode('utf8'), pad, hashes.SHA256())
|
return key.sign(data, padding.PKCS1v15(), hashes.SHA256())
|
||||||
|
else:
|
||||||
|
raise ValueError("Unsupported signature algorithm: {}".format(alg))
|
||||||
|
|
||||||
|
|
||||||
# @brief hash a string
|
# @brief hash a string
|
||||||
|
Loading…
Reference in New Issue
Block a user