Read signing keys using methods from syutil. convert keys that are in the wrong format
This commit is contained in:
parent
6876b1a25b
commit
c6a8e7d9b9
|
@ -13,10 +13,9 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import nacl.signing
|
|
||||||
import os
|
import os
|
||||||
from ._base import Config
|
from ._base import Config, ConfigError
|
||||||
from syutil.base64util import encode_base64, decode_base64
|
import syutil.crypto.signing_key
|
||||||
|
|
||||||
|
|
||||||
class ServerConfig(Config):
|
class ServerConfig(Config):
|
||||||
|
@ -70,9 +69,16 @@ class ServerConfig(Config):
|
||||||
"content repository")
|
"content repository")
|
||||||
|
|
||||||
def read_signing_key(self, signing_key_path):
|
def read_signing_key(self, signing_key_path):
|
||||||
signing_key_base64 = self.read_file(signing_key_path, "signing_key")
|
signing_keys = self.read_file(signing_key_path, "signing_key")
|
||||||
signing_key_bytes = decode_base64(signing_key_base64)
|
try:
|
||||||
return nacl.signing.SigningKey(signing_key_bytes)
|
return syutil.crypto.signing_key.read_signing_keys(
|
||||||
|
signing_keys.splitlines(True)
|
||||||
|
)
|
||||||
|
except Exception as e:
|
||||||
|
raise ConfigError(
|
||||||
|
"Error reading signing_key."
|
||||||
|
" Try running again with --generate-config"
|
||||||
|
)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def generate_config(cls, args, config_dir_path):
|
def generate_config(cls, args, config_dir_path):
|
||||||
|
@ -86,6 +92,21 @@ class ServerConfig(Config):
|
||||||
|
|
||||||
if not os.path.exists(args.signing_key_path):
|
if not os.path.exists(args.signing_key_path):
|
||||||
with open(args.signing_key_path, "w") as signing_key_file:
|
with open(args.signing_key_path, "w") as signing_key_file:
|
||||||
key = nacl.signing.SigningKey.generate()
|
syutil.crypto.signing_key.write_signing_keys(
|
||||||
signing_key_file.write(encode_base64(key.encode()))
|
signing_key_file,
|
||||||
|
(syutil.crypto.SigningKey.generate("auto"),),
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
signing_keys = cls.read_file(args.signing_key_path, "signing_key")
|
||||||
|
if len(signing_keys.split("\n")[0].split()) == 1:
|
||||||
|
# handle keys in the old format.
|
||||||
|
key = syutil.crypto.signing_key.decode_signing_key_base64(
|
||||||
|
syutil.crypto.signing_key.NACL_ED25519,
|
||||||
|
"auto",
|
||||||
|
signing_keys.split("\n")[0]
|
||||||
|
)
|
||||||
|
with open(args.signing_key_path, "w") as signing_key_file:
|
||||||
|
syutil.crypto.signing_key.write_signing_keys(
|
||||||
|
signing_key_file,
|
||||||
|
(key,),
|
||||||
|
)
|
||||||
|
|
Loading…
Reference in New Issue