def public_numbers(self):
if isinstance(self.key, rsa.RSAPrivateKey):
return self.key.private_numbers().public_numbers
else:
return self.key.public_numbers()
python类RSAPrivateKey()的实例源码
def can_sign(self):
return isinstance(self.key, rsa.RSAPrivateKey)
def _decode_key(self, data):
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend()
)
except ValueError as e:
raise SSHException(str(e))
assert isinstance(key, rsa.RSAPrivateKey)
self.key = key
def gen_certificate(key: rsa.RSAPrivateKey,
common_name: str,
*,
issuer: Optional[str]=None,
sign_key: Optional[rsa.RSAPrivateKey]=None) -> x509.Certificate:
now = datetime.datetime.utcnow()
return x509.CertificateBuilder().subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
])
).issuer_name(
x509.Name([
x509.NameAttribute(
NameOID.COMMON_NAME,
issuer or common_name
)
])
).not_valid_before(
now
).not_valid_after(
now + datetime.timedelta(seconds=86400)
).serial_number(
x509.random_serial_number()
).public_key(
key.public_key()
).add_extension(
x509.BasicConstraints(ca=True, path_length=0), critical=True
).sign(
private_key=sign_key or key,
algorithm=hashes.SHA256(),
backend=BACKEND
)
def verify(self, msg, sig, key=None):
if key is None:
key = self.key
try:
if isinstance(key, rsa.RSAPrivateKey):
key = key.public_key()
key.verify(sig, msg, PKCS1v15(), self.digest)
return True
except InvalidSignature:
return False
def public_numbers(self):
if isinstance(self.key, rsa.RSAPrivateKey):
return self.key.private_numbers().public_numbers
else:
return self.key.public_numbers()
def can_sign(self):
return isinstance(self.key, rsa.RSAPrivateKey)
def _decode_key(self, data):
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend()
)
except ValueError as e:
raise SSHException(str(e))
assert isinstance(key, rsa.RSAPrivateKey)
self.key = key
def calculate_max_pss_salt_length(key, hash_algorithm):
if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)):
raise TypeError("key must be an RSA public or private key")
# bit length - 1 per RFC 3447
emlen = int(math.ceil((key.key_size - 1) / 8.0))
salt_length = emlen - hash_algorithm.digest_size - 2
assert salt_length >= 0
return salt_length
def calculate_max_pss_salt_length(key, hash_algorithm):
if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)):
raise TypeError("key must be an RSA public or private key")
# bit length - 1 per RFC 3447
emlen = int(math.ceil((key.key_size - 1) / 8.0))
salt_length = emlen - hash_algorithm.digest_size - 2
assert salt_length >= 0
return salt_length
def test_rsa_key(self):
"""
Passing ``u'rsa'`` results in an RSA private key.
"""
key1 = generate_private_key(u'rsa')
self.assertThat(key1, IsInstance(rsa.RSAPrivateKey))
key2 = generate_private_key(u'rsa')
self.assertThat(key2, IsInstance(rsa.RSAPrivateKey))
self.assertThat(
key1.public_key().public_numbers(),
Not(Equals(key2.public_key().public_numbers())))
def public_numbers(self):
if isinstance(self.key, rsa.RSAPrivateKey):
return self.key.private_numbers().public_numbers
else:
return self.key.public_numbers()
def can_sign(self):
return isinstance(self.key, rsa.RSAPrivateKey)
def _decode_key(self, data):
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend()
)
except ValueError as e:
raise SSHException(str(e))
assert isinstance(key, rsa.RSAPrivateKey)
self.key = key
def __init__(self, key):
if isinstance(key, RSAPrivateKey):
self.signer = key.sign
self.verifier = key.public_key().verify
elif isinstance(key, RSAPublicKey):
self.signer = None
self.verifier = key.verify
def serializePrivateKey(private_key):
assert(isinstance(private_key, RSAPrivateKey))
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
return pem
def key_to_pubkey(key):
if isinstance(key, bytes):
return key
elif isinstance(key, ec.EllipticCurvePrivateKey):
return key.public_key()
elif isinstance(key, rsa.RSAPrivateKey):
return key.public_key()
else:
raise ValueError('RFC 7518 non-compliant key: ' + str(type(key)))
def public_numbers(self):
if isinstance(self.key, rsa.RSAPrivateKey):
return self.key.private_numbers().public_numbers
else:
return self.key.public_numbers()
def can_sign(self):
return isinstance(self.key, rsa.RSAPrivateKey)
def _decode_key(self, data):
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend()
)
except ValueError as e:
raise SSHException(str(e))
assert isinstance(key, rsa.RSAPrivateKey)
self.key = key
