keyserver: add generate key function

The superuser API, initdb, and tests will all need this functionality.
2016-04-06 20:03:04 -04:00 · 2016-04-06 20:03:04 -04:00 · d19eb16b45
commit d19eb16b45
parent 23a8a29654
4 changed files with 35 additions and 24 deletions
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -1,17 +1,13 @@
 """ Superuser API. """

-import json
 import logging
 import os
 import string

 from datetime import datetime
-from hashlib import sha256
 from random import SystemRandom

-from Crypto.PublicKey import RSA
 from flask import request, make_response, jsonify
-from jwkest.jwk import RSAKey

 import features

@ -26,7 +22,6 @@ from endpoints.api import (ApiResource, nickname, resource, validate_json_reques
 from endpoints.api.logs import get_logs, get_aggregate_logs
 from data import model
 from data.database import ServiceKeyApprovalType
-from util import canonicalize
 from util.useremails import send_confirmation_email, send_recovery_email


@ -576,22 +571,17 @@ class SuperUserServiceKeyManagement(ApiResource):
        'ip': request.remote_addr,
      })

-      # Generate the private key but *do not save it on the server anywhere*.
-      private_key = RSA.generate(2048)
-      jwk = RSAKey(key=private_key.publickey()).serialize()
-      kid = sha256(json.dumps(canonicalize(jwk), separators=(',', ':'))).hexdigest()
-
-      # Create the service key.
-      model.service_keys.create_service_key(body.get('name', ''), kid, body['service'], jwk,
-                                            metadata, expiration_date)
-
+      # Generate a key with a private key that we *never save*.
+      (private_key, key) = model.service_keys.generate_service_key(body['service'], metadata,
+                                                                   expiration_date,
+                                                                   name=body.get('name', ''))
      # Auto-approve the service key.
-      model.service_keys.approve_service_key(kid, user, ServiceKeyApprovalType.SUPERUSER,
+      model.service_keys.approve_service_key(key.kid, user, ServiceKeyApprovalType.SUPERUSER,
                                             notes=body.get('notes', ''))

      # Log the creation and auto-approval of the service key.
      key_log_metadata = {
-        'kid': kid,
+        'kid': key.kid,
        'preshared': True,
        'service': body['service'],
        'name': body.get('name', ''),
@ -603,7 +593,7 @@ class SuperUserServiceKeyManagement(ApiResource):
      log_action('service_key_approve', None, key_log_metadata)

      return jsonify({
-        'kid': kid,
+        'kid': key.kid,
        'name': body.get('name', ''),
        'public_key': private_key.publickey().exportKey('PEM'),
        'private_key': private_key.exportKey('PEM'),