csrgen: support initialising OpenSSL adaptor with key object

As a convenience for using it with the test suite, update the csrgen OpenSSLAdaptor class to support initialisation with a python-cryptography key object, rather than reading the key from a file. Part of: https://pagure.io/freeipa/issue/7496 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-04-16 19:16:35 +10:00
parent 53f87ee5cd
commit 7633d62d85
2 changed files with 25 additions and 13 deletions
--- a/ipaclient/csrgen.py
+++ b/ipaclient/csrgen.py
@@ -402,20 +402,31 @@ class CSRLibraryAdaptor(object):


 class OpenSSLAdaptor(object):
-    def __init__(self, key_filename, password_filename):
-        self.key_filename = key_filename
-        self.password_filename = password_filename
+    def __init__(self, key=None, key_filename=None, password_filename=None):
+        """
+        Must provide either ``key_filename`` or ``key``.
+
+        """
+        if key_filename is not None:
+            with open(key_filename, 'rb') as key_file:
+                key_bytes = key_file.read()
+
+            password = None
+            if password_filename is not None:
+                with open(password_filename, 'rb') as password_file:
+                    password = password_file.read().strip()
+
+            self._key = load_pem_private_key(
+                key_bytes, password, default_backend())
+
+        elif key is not None:
+            self._key = key
+
+        else:
+            raise ValueError("Must provide 'key' or 'key_filename'")

    def key(self):
-        with open(self.key_filename, 'rb') as key_file:
-            key_bytes = key_file.read()
-        password = None
-        if self.password_filename is not None:
-            with open(self.password_filename, 'rb') as password_file:
-                password = password_file.read().strip()
-
-        key = load_pem_private_key(key_bytes, password, default_backend())
-        return key
+        return self._key

    def get_subject_public_key_info(self):
        pubkey_info = self.key().public_key().public_bytes(
--- a/ipaclient/plugins/cert.py
+++ b/ipaclient/plugins/cert.py
@@ -117,7 +117,8 @@ class cert_request(CertRetrieveOverride):
            if database:
                adaptor = csrgen.NSSAdaptor(database, password_file)
            elif private_key:
-                adaptor = csrgen.OpenSSLAdaptor(private_key, password_file)
+                adaptor = csrgen.OpenSSLAdaptor(
+                    key_filename=private_key, password_filename=password_file)
            else:
                raise errors.InvocationError(
                    message=u"One of 'database' or 'private_key' is required")