Add code to generate private keys

Change-Id: I05d0cb71406769ebf8ccbd63644ae27a4da6d405
This commit is contained in:
Ade Lee 2018-06-15 13:16:50 -04:00
parent 6336a59b9b
commit 55026461d2
2 changed files with 62 additions and 7 deletions

View File

@ -15,6 +15,13 @@ Key manager implementation for Vault
"""
import binascii
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import Encoding
from cryptography.hazmat.primitives.serialization import NoEncryption
from cryptography.hazmat.primitives.serialization import PrivateFormat
from cryptography.hazmat.primitives.serialization import PublicFormat
import os
import time
import uuid
@ -95,8 +102,53 @@ class VaultKeyManager(key_manager.KeyManager):
def create_key_pair(self, context, algorithm, length,
expiration=None, name=None):
"""Creates an asymmetric key pair."""
raise NotImplementedError(
"VaultKeyManager does not support asymmetric keys")
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
if algorithm.lower() != 'rsa':
raise NotImplementedError(
"VaultKeyManager only implements rsa keys"
)
priv_key = rsa.generate_private_key(
public_exponent=65537,
key_size=length,
backend=default_backend()
)
private_key = pri_key.PrivateKey(
'RSA',
length,
priv_key.private_bytes(
Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()
)
)
private_key_id = uuid.uuid4().hex
private_id = self._store_key_value(
private_key_id,
private_key
)
# pub_key = priv_key.public_key()
public_key = pub_key.PublicKey(
'RSA',
length,
priv_key.public_key().public_bytes(
Encoding.PEM, PublicFormat.SubjectPublicKeyInfo
)
)
public_key_id = uuid.uuid4().hex
public_id = self._store_key_value(
public_key_id,
public_key
)
return private_id, public_id
def _store_key_value(self, key_id, value):

View File

@ -56,18 +56,21 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def tearDown(self):
super(VaultKeyManagerTestCase, self).tearDown()
def test_create_key_pair(self):
self.assertRaises(NotImplementedError,
self.key_mgr.create_key_pair, None, None, None)
def test_create_null_context(self):
self.assertRaises(exception.Forbidden,
self.key_mgr.create_key, None, 'AES', 256)
def test_create_key_pair_null_context(self):
self.assertRaises(NotImplementedError,
self.assertRaises(exception.Forbidden,
self.key_mgr.create_key_pair, None, 'RSA', 2048)
def test_create_key_pair_bad_algorithm(self):
self.assertRaises(
NotImplementedError,
self.key_mgr.create_key_pair,
self.ctxt, 'DSA', 2048
)
def test_delete_null_context(self):
key_uuid = self._get_valid_object_uuid(
test_key_manager._get_test_symmetric_key())