14 | 14 |
"""
|
15 | 15 |
|
16 | 16 |
import binascii
|
|
17 |
from cryptography.hazmat.backends import default_backend
|
|
18 |
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
19 |
from cryptography.hazmat.primitives.serialization import Encoding
|
|
20 |
from cryptography.hazmat.primitives.serialization import NoEncryption
|
|
21 |
from cryptography.hazmat.primitives.serialization import PrivateFormat
|
|
22 |
from cryptography.hazmat.primitives.serialization import PublicFormat
|
|
23 |
|
17 | 24 |
import os
|
18 | 25 |
import time
|
19 | 26 |
import uuid
|
|
94 | 101 |
def create_key_pair(self, context, algorithm, length,
|
95 | 102 |
expiration=None, name=None):
|
96 | 103 |
"""Creates an asymmetric key pair."""
|
97 | |
raise NotImplementedError(
|
98 | |
"VaultKeyManager does not support asymmetric keys")
|
|
104 |
|
|
105 |
# Confirm context is provided, if not raise forbidden
|
|
106 |
if not context:
|
|
107 |
msg = _("User is not authorized to use key manager.")
|
|
108 |
raise exception.Forbidden(msg)
|
|
109 |
|
|
110 |
if algorithm.lower() != 'rsa':
|
|
111 |
raise NotImplementedError(
|
|
112 |
"VaultKeyManager only implements rsa keys"
|
|
113 |
)
|
|
114 |
|
|
115 |
priv_key = rsa.generate_private_key(
|
|
116 |
public_exponent=65537,
|
|
117 |
key_size=length,
|
|
118 |
backend=default_backend()
|
|
119 |
)
|
|
120 |
|
|
121 |
private_key = pri_key.PrivateKey(
|
|
122 |
'RSA',
|
|
123 |
length,
|
|
124 |
priv_key.private_bytes(
|
|
125 |
Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()
|
|
126 |
)
|
|
127 |
)
|
|
128 |
|
|
129 |
private_key_id = uuid.uuid4().hex
|
|
130 |
private_id = self._store_key_value(
|
|
131 |
private_key_id,
|
|
132 |
private_key
|
|
133 |
)
|
|
134 |
|
|
135 |
# pub_key = priv_key.public_key()
|
|
136 |
public_key = pub_key.PublicKey(
|
|
137 |
'RSA',
|
|
138 |
length,
|
|
139 |
priv_key.public_key().public_bytes(
|
|
140 |
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo
|
|
141 |
)
|
|
142 |
)
|
|
143 |
|
|
144 |
public_key_id = uuid.uuid4().hex
|
|
145 |
public_id = self._store_key_value(
|
|
146 |
public_key_id,
|
|
147 |
public_key
|
|
148 |
)
|
|
149 |
|
|
150 |
return private_id, public_id
|
99 | 151 |
|
100 | 152 |
def _store_key_value(self, key_id, value):
|
101 | 153 |
|