1abe8a2ec0
Thw JSON Web Token provider implementation is going to need keys in order to issue and validate tokens, very similar to how the fernet provider operates, but using asymmetric signing instead of symmetric encryption. This commit addes a new subcommand to the keystone-manage binary that creates a ECDSA key pair for creating and validating JWS tokens. bp json-web-tokens Change-Id: I9cf5c168bae2a90aba3d696e3f6ce3028998121a
44 lines
1.6 KiB
Python
44 lines
1.6 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives.asymmetric import ec
|
|
from cryptography.hazmat.primitives import serialization
|
|
|
|
|
|
def create_jws_keypair(private_key_path, public_key_path):
|
|
"""Create an ECDSA key pair using an secp256r1, or NIST P-256, curve.
|
|
|
|
:param private_key_path: location to save the private key
|
|
:param public_key_path: location to save the public key
|
|
|
|
"""
|
|
private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
|
|
|
|
with open(private_key_path, 'wb') as f:
|
|
f.write(
|
|
private_key.private_bytes(
|
|
encoding=serialization.Encoding.PEM,
|
|
format=serialization.PrivateFormat.PKCS8,
|
|
encryption_algorithm=serialization.NoEncryption()
|
|
)
|
|
)
|
|
|
|
public_key = private_key.public_key()
|
|
with open(public_key_path, 'wb') as f:
|
|
f.write(
|
|
public_key.public_bytes(
|
|
encoding=serialization.Encoding.PEM,
|
|
format=serialization.PublicFormat.SubjectPublicKeyInfo
|
|
)
|
|
)
|