36 lines
1.2 KiB
Python
36 lines
1.2 KiB
Python
"""Private keys for the security serializer."""
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives import serialization
|
|
from cryptography.hazmat.primitives.asymmetric import padding, rsa
|
|
from kombu.utils.encoding import ensure_bytes
|
|
|
|
from .utils import reraise_errors
|
|
|
|
__all__ = ('PrivateKey',)
|
|
|
|
|
|
class PrivateKey:
|
|
"""Represents a private key."""
|
|
|
|
def __init__(self, key, password=None):
|
|
with reraise_errors(
|
|
'Invalid private key: {0!r}', errors=(ValueError,)
|
|
):
|
|
self._key = serialization.load_pem_private_key(
|
|
ensure_bytes(key),
|
|
password=ensure_bytes(password),
|
|
backend=default_backend())
|
|
|
|
if not isinstance(self._key, rsa.RSAPrivateKey):
|
|
raise ValueError("Non-RSA keys are not supported.")
|
|
|
|
def sign(self, data, digest):
|
|
"""Sign string containing data."""
|
|
with reraise_errors('Unable to sign data: {0!r}'):
|
|
|
|
pad = padding.PSS(
|
|
mgf=padding.MGF1(digest),
|
|
salt_length=padding.PSS.MAX_LENGTH)
|
|
|
|
return self._key.sign(ensure_bytes(data), pad, digest)
|