Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_valid_key_valid_password():
ca = get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY, RSA_CA_PRIVATE_KEY_PASSWORD)
assert isinstance(ca, RSACertificateAuthority)
assert SSHPublicKeyType.RSA == ca.public_key_type
assert 65537 == ca.e
assert ca.get_signature_key() == RSA_CA_SSH_PUBLIC_KEY
def __init__(self, ssh_public_key):
"""
Extracts the useful RSA Public Key information from an SSH Public Key file.
:param ssh_public_key: SSH Public Key file contents. (i.e. 'ssh-rsa AAAAB3NzaC1yc2E..').
"""
super(RSAPublicKey, self).__init__()
self.type = SSHPublicKeyType.RSA
split_ssh_public_key = ssh_public_key.split(' ')
split_key_len = len(split_ssh_public_key)
# is there a key comment at the end?
if split_key_len > 2:
self.key_comment = ' '.join(split_ssh_public_key[2:])
else:
self.key_comment = ''
public_key = serialization.load_ssh_public_key(ssh_public_key.encode('ascii'), default_backend())
ca_pub_numbers = public_key.public_numbers()
if not isinstance(ca_pub_numbers, RSAPublicNumbers):
raise TypeError("Public Key is not the correct type or format")
self.key_size = public_key.key_size
def get_ssh_public_key(ssh_public_key):
"""
Returns the proper SSHPublicKey instance based off of the SSH Public Key file.
:param ssh_public_key: SSH Public Key file contents. (i.e. 'ssh-XXX AAAA....').
:return: An SSHPublicKey instance.
"""
if ssh_public_key.startswith(SSHPublicKeyType.RSA):
rsa_public_key = RSAPublicKey(ssh_public_key)
rsa_public_key.validate_for_signing()
return rsa_public_key
elif ssh_public_key.startswith(SSHPublicKeyType.ED25519):
ed25519_public_key = ED25519PublicKey(ssh_public_key)
return ed25519_public_key
else:
raise TypeError("Unsupported Public Key Type")
def __init__(self, pem_private_key, private_key_password=None):
"""
RSA Certificate Authority used to sign certificates.
:param pem_private_key: PEM formatted RSA Private Key. It should be encrypted with a
password, but that is not required.
:param private_key_password: Password to decrypt the PEM RSA Private Key, if it is
encrypted. Which it should be.
"""
super(SSHCertificateAuthority, self).__init__()
self.public_key_type = SSHPublicKeyType.RSA
self.private_key = load_pem_private_key(pem_private_key,
private_key_password,
default_backend())
ca_pub_numbers = self.private_key.public_key().public_numbers()
self.e = ca_pub_numbers.e
self.n = ca_pub_numbers.n
def get_ssh_certificate_builder(ca, cert_type, public_key_to_sign):
"""
Returns the proper SSHCertificateBuilder instance for the type of public key to be signed.
:param ca: The SSHCertificateAuthority that will sign the certificate. The
SSHCertificateAuthority type does not need to be the same type as the SSHCertificateBuilder.
:param cert_type: The SSHCertificateType. Is this a User or Host certificate?
:param public_key_to_sign: The SSHPublicKey to issue a certificate for.
:return: An SSHCertificateBuilder instance.
"""
# Determine the type of public key we have, to decide the right cert type
ssh_public_key = get_ssh_public_key(public_key_to_sign)
if ssh_public_key.type is SSHPublicKeyType.RSA:
return RSACertificateBuilder(ca, cert_type, ssh_public_key)
elif ssh_public_key.type is SSHPublicKeyType.ED25519:
return ED25519CertificateBuilder(ca, cert_type, ssh_public_key)
else:
raise TypeError("Unsupported Public Key Type")