Merge "Add code to generate private keys"

2018-08-10 21:09:48 +00:00 · 2018-08-10 21:09:48 +00:00 · e29dfa5727
commit e29dfa5727
parent 78babd886f 55026461d2
2 changed files with 62 additions and 7 deletions
--- a/castellan/key_manager/vault_key_manager.py
+++ b/castellan/key_manager/vault_key_manager.py
@ -15,6 +15,13 @@ Key manager implementation for Vault
 """

 import binascii
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.serialization import Encoding
+from cryptography.hazmat.primitives.serialization import NoEncryption
+from cryptography.hazmat.primitives.serialization import PrivateFormat
+from cryptography.hazmat.primitives.serialization import PublicFormat
+
 import os
 import time
 import uuid
@ -95,8 +102,53 @@ class VaultKeyManager(key_manager.KeyManager):
    def create_key_pair(self, context, algorithm, length,
                        expiration=None, name=None):
        """Creates an asymmetric key pair."""
-        raise NotImplementedError(
-            "VaultKeyManager does not support asymmetric keys")
+
+        # Confirm context is provided, if not raise forbidden
+        if not context:
+            msg = _("User is not authorized to use key manager.")
+            raise exception.Forbidden(msg)
+
+        if algorithm.lower() != 'rsa':
+            raise NotImplementedError(
+                "VaultKeyManager only implements rsa keys"
+            )
+
+        priv_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=length,
+            backend=default_backend()
+        )
+
+        private_key = pri_key.PrivateKey(
+            'RSA',
+            length,
+            priv_key.private_bytes(
+                Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()
+            )
+        )
+
+        private_key_id = uuid.uuid4().hex
+        private_id = self._store_key_value(
+            private_key_id,
+            private_key
+        )
+
+        # pub_key = priv_key.public_key()
+        public_key = pub_key.PublicKey(
+            'RSA',
+            length,
+            priv_key.public_key().public_bytes(
+                Encoding.PEM, PublicFormat.SubjectPublicKeyInfo
+            )
+        )
+
+        public_key_id = uuid.uuid4().hex
+        public_id = self._store_key_value(
+            public_key_id,
+            public_key
+        )
+
+        return private_id, public_id

    def _store_key_value(self, key_id, value):

--- a/castellan/tests/functional/key_manager/test_vault_key_manager.py
+++ b/castellan/tests/functional/key_manager/test_vault_key_manager.py
@ -56,18 +56,21 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
    def tearDown(self):
        super(VaultKeyManagerTestCase, self).tearDown()

-    def test_create_key_pair(self):
-        self.assertRaises(NotImplementedError,
-                          self.key_mgr.create_key_pair, None, None, None)
-
    def test_create_null_context(self):
        self.assertRaises(exception.Forbidden,
                          self.key_mgr.create_key, None, 'AES', 256)

    def test_create_key_pair_null_context(self):
-        self.assertRaises(NotImplementedError,
+        self.assertRaises(exception.Forbidden,
                          self.key_mgr.create_key_pair, None, 'RSA', 2048)

+    def test_create_key_pair_bad_algorithm(self):
+        self.assertRaises(
+            NotImplementedError,
+            self.key_mgr.create_key_pair,
+            self.ctxt, 'DSA', 2048
+        )
+
    def test_delete_null_context(self):
        key_uuid = self._get_valid_object_uuid(
            test_key_manager._get_test_symmetric_key())