def _load_cryptography_key(cls, data, password=None, backend=None):
backend = default_backend() if backend is None else backend
exceptions = {}
# private key?
for loader in (serialization.load_pem_private_key,
serialization.load_der_private_key):
try:
return loader(data, password, backend)
except (ValueError, TypeError,
cryptography.exceptions.UnsupportedAlgorithm) as error:
exceptions[loader] = error
# public key?
for loader in (serialization.load_pem_public_key,
serialization.load_der_public_key):
try:
return loader(data, backend)
except (ValueError,
cryptography.exceptions.UnsupportedAlgorithm) as error:
exceptions[loader] = error
# no luck
raise errors.Error('Unable to deserialize key: {0}'.format(exceptions))
python类load_der_public_key()的实例源码
def from_key_bytes(cls, algorithm, key_bytes):
"""Creates a `Verifier` object based on the supplied algorithm and raw verification key.
:param algorithm: Algorithm on which to base verifier
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param bytes encoded_point: Raw verification key
:returns: Instance of Verifier generated from encoded point
:rtype: aws_encryption_sdk.internal.crypto.Verifier
"""
return cls(
algorithm=algorithm,
key=serialization.load_der_public_key(
data=key_bytes,
backend=default_backend()
)
)
def encrypt(self, public_key, clear_text):
public_key = serialization.load_der_public_key(
self.key_pair.public_key, backend=default_backend())
return public_key.encrypt(
clear_text,
self._padding
)
def _load_cryptography_key(cls, data, password=None, backend=None):
backend = default_backend() if backend is None else backend
exceptions = {}
# private key?
for loader in (serialization.load_pem_private_key,
serialization.load_der_private_key):
try:
return loader(data, password, backend)
except (ValueError, TypeError,
cryptography.exceptions.UnsupportedAlgorithm) as error:
exceptions[loader] = error
# public key?
for loader in (serialization.load_pem_public_key,
serialization.load_der_public_key):
try:
return loader(data, backend)
except (ValueError,
cryptography.exceptions.UnsupportedAlgorithm) as error:
exceptions[loader] = error
# no luck
raise errors.Error('Unable to deserialize key: {0}'.format(exceptions))
def __init__(self, public):
""" set public key
:param public: der or public Object
"""
if isinstance(public, bytes):
self.__public_key = serialization.load_der_public_key(
public,
backend=default_backend()
)
elif isinstance(public, EllipticCurvePublicKey):
self.__public_key = public
else:
raise ValueError("public must bytes or public_key Object")
def import_public_key(data):
return serialization.load_der_public_key(
data=data,
backend=default_backend())
def deserialize_public_key(b64_encoded_public_key):
"""
loads a :class:`~rsa.RSAPublicKey` object from a serialized public key.
:param str b64_encoded_public_key: the key as base64 encoded string
:return: the public key object
:rtype: :class:`~rsa.RSAPublicKey`
"""
return serialization.load_der_public_key(
data=base64.b64decode(b64_encoded_public_key.encode('utf-8')),
backend=default_backend())
def __call__(self, parser, namespace, values, option_string):
if namespace.key_type == 'raw':
setattr(namespace, self.dest, raw_loader(values))
elif namespace.key_type == 'pem':
setattr(namespace,
self.dest,
serialization.load_pem_public_key(raw_loader(values),
backend))
elif namespace.key_type == 'der':
setattr(namespace,
self.dest,
serialization.load_der_public_key(raw_loader(values),
backend))
def load_private_key(secret, pass_phrase):
"""Loads a private key that may use a pass_phrase.
Tries to correct or diagnose common errors:
- provided pass_phrase but didn't need one
- provided a public key
"""
if isinstance(secret, six.text_type):
secret = secret.encode("ascii")
if isinstance(pass_phrase, six.text_type):
pass_phrase = pass_phrase.encode("ascii")
backend = default_backend()
try:
# 0) Try with pass_phrase
return serialization.load_pem_private_key(secret, pass_phrase, backend=backend)
except TypeError:
# 1) Either:
# - key has pass_phrase and one wasn't provided
# - key doesn't have pass_phrase and one was provided.
#
# Can't fix the first, but we *can* fix the second.
# This can happen if the DEFAULT profile has a pass_phrase but
# another profile uses a key file without a pass_phrase.
if pass_phrase is None:
# 1.1) private key needed a pass_phrase and we don't have one
raise MissingPrivateKeyPassphrase("The provided key requires a passphrase.")
else:
# 1.2) try again without pass_phrase; could be an artifact from DEFAULT
return serialization.load_pem_private_key(secret, None, backend=backend)
except ValueError:
# 2) Try to determine what kind of failure this is.
# Most likely, this is either a bad password or a public key.
# If loading it as a public key fails, it's almost certainly a bad password.
for loader in [
serialization.load_der_public_key,
serialization.load_pem_public_key,
serialization.load_ssh_public_key
]:
try:
loader(secret, backend=backend)
except (ValueError, UnsupportedAlgorithm):
# 2.1) Not a public key; try the next format
pass
else:
# 2.2) This is a public key
raise InvalidPrivateKey("Authentication requires a private key, but a public key was provided.")
# 2.3) Password is probably wrong.
raise InvalidPrivateKey("The provided key is not a private key, or the provided passphrase is incorrect.")
