Read signing keys using methods from syutil. convert keys that are in the wrong format

This commit is contained in:
Mark Haines 2014-09-23 16:18:21 +01:00
parent 6876b1a25b
commit c6a8e7d9b9

View file

@ -13,10 +13,9 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import nacl.signing
import os import os
from ._base import Config from ._base import Config, ConfigError
from syutil.base64util import encode_base64, decode_base64 import syutil.crypto.signing_key
class ServerConfig(Config): class ServerConfig(Config):
@ -70,9 +69,16 @@ class ServerConfig(Config):
"content repository") "content repository")
def read_signing_key(self, signing_key_path): def read_signing_key(self, signing_key_path):
signing_key_base64 = self.read_file(signing_key_path, "signing_key") signing_keys = self.read_file(signing_key_path, "signing_key")
signing_key_bytes = decode_base64(signing_key_base64) try:
return nacl.signing.SigningKey(signing_key_bytes) return syutil.crypto.signing_key.read_signing_keys(
signing_keys.splitlines(True)
)
except Exception as e:
raise ConfigError(
"Error reading signing_key."
" Try running again with --generate-config"
)
@classmethod @classmethod
def generate_config(cls, args, config_dir_path): def generate_config(cls, args, config_dir_path):
@ -86,6 +92,21 @@ class ServerConfig(Config):
if not os.path.exists(args.signing_key_path): if not os.path.exists(args.signing_key_path):
with open(args.signing_key_path, "w") as signing_key_file: with open(args.signing_key_path, "w") as signing_key_file:
key = nacl.signing.SigningKey.generate() syutil.crypto.signing_key.write_signing_keys(
signing_key_file.write(encode_base64(key.encode())) signing_key_file,
(syutil.crypto.SigningKey.generate("auto"),),
)
else:
signing_keys = cls.read_file(args.signing_key_path, "signing_key")
if len(signing_keys.split("\n")[0].split()) == 1:
# handle keys in the old format.
key = syutil.crypto.signing_key.decode_signing_key_base64(
syutil.crypto.signing_key.NACL_ED25519,
"auto",
signing_keys.split("\n")[0]
)
with open(args.signing_key_path, "w") as signing_key_file:
syutil.crypto.signing_key.write_signing_keys(
signing_key_file,
(key,),
)