28
28
Encoding ,
29
29
PublicFormat ,
30
30
)
31
+
32
+ KEYTYPES_AND_SCHEMES = {
33
+ KeyCurveName .p_256 : ("ecdsa" , "ecdsa-sha2-nistp256" ),
34
+ KeyCurveName .p_384 : ("ecdsa" , "ecdsa-sha2-nistp384" ),
35
+ KeyCurveName .p_521 : ("ecdsa" , "ecdsa-sha2-nistp521" ),
36
+ }
37
+
38
+ SIGNATURE_ALGORITHMS = {
39
+ "ecdsa-sha2-nistp256" : SignatureAlgorithm .es256 ,
40
+ "ecdsa-sha2-nistp384" : SignatureAlgorithm .es384 ,
41
+ "ecdsa-sha2-nistp521" : SignatureAlgorithm .es512 ,
42
+ }
43
+
44
+
31
45
except ImportError :
32
46
AZURE_IMPORT_ERROR = (
33
47
"Signing with Azure Key Vault requires azure-identity, "
@@ -70,19 +84,22 @@ def __init__(self, az_key_uri: str, public_key: SSlibKey):
70
84
if AZURE_IMPORT_ERROR :
71
85
raise UnsupportedLibraryError (AZURE_IMPORT_ERROR )
72
86
73
- try :
74
- cred = DefaultAzureCredential ()
75
- self .crypto_client = CryptographyClient (
76
- az_key_uri ,
77
- credential = cred ,
78
- )
79
- self .signature_algorithm = self ._get_signature_algorithm (
80
- public_key ,
87
+ if (public_key .keytype , public_key .scheme ) not in KEYTYPES_AND_SCHEMES .values ():
88
+ logger .info ("only EC keys are supported for now" )
89
+ raise UnsupportedKeyType (
90
+ "Supplied key must be an EC key on curve "
91
+ "nistp256, nistp384, or nistp521"
81
92
)
82
- self .hash_algorithm = self ._get_hash_algorithm (public_key )
83
- except UnsupportedKeyType as e :
84
- logger .info ("Key %s has unsupported key type or unsupported elliptic curve" )
85
- raise e
93
+
94
+ cred = DefaultAzureCredential ()
95
+ self .crypto_client = CryptographyClient (
96
+ az_key_uri ,
97
+ credential = cred ,
98
+ )
99
+ self .signature_algorithm = self ._get_signature_algorithm (
100
+ public_key .scheme ,
101
+ )
102
+ self .hash_algorithm = self ._get_hash_algorithm (public_key )
86
103
self ._public_key = public_key
87
104
88
105
@property
@@ -129,24 +146,9 @@ def _create_crypto_client(
129
146
raise e
130
147
131
148
@staticmethod
132
- def _get_signature_algorithm (public_key : SSlibKey ) -> SignatureAlgorithm :
149
+ def _get_signature_algorithm (scheme : str ) -> SignatureAlgorithm :
133
150
"""Return SignatureAlgorithm after parsing the public key"""
134
- if public_key .keytype != "ecdsa" :
135
- logger .info ("only EC keys are supported for now" )
136
- raise UnsupportedKeyType ("Supplied key must be an EC key" )
137
- # Format is "ecdsa-sha2-nistp256"
138
- comps = public_key .scheme .split ("-" )
139
- if len (comps ) != 3 : # noqa: PLR2004
140
- raise UnsupportedKeyType ("Invalid scheme found" )
141
-
142
- if comps [2 ] == "nistp256" :
143
- return SignatureAlgorithm .es256
144
- if comps [2 ] == "nistp384" :
145
- return SignatureAlgorithm .es384
146
- if comps [2 ] == "nistp521" :
147
- return SignatureAlgorithm .es512
148
-
149
- raise UnsupportedKeyType ("Unsupported curve supplied by key" )
151
+ return SIGNATURE_ALGORITHMS [scheme ]
150
152
151
153
@staticmethod
152
154
def _get_hash_algorithm (public_key : Key ) -> str :
@@ -167,14 +169,10 @@ def _get_hash_algorithm(public_key: Key) -> str:
167
169
168
170
@staticmethod
169
171
def _get_keytype_and_scheme (crv : str ) -> tuple [str , str ]:
170
- if crv == KeyCurveName .p_256 :
171
- return "ecdsa" , "ecdsa-sha2-nistp256"
172
- if crv == KeyCurveName .p_384 :
173
- return "ecdsa" , "ecdsa-sha2-nistp384"
174
- if crv == KeyCurveName .p_521 :
175
- return "ecdsa" , "ecdsa-sha2-nistp521"
176
-
177
- raise UnsupportedKeyType ("Unsupported curve supplied by key" )
172
+ try :
173
+ return KEYTYPES_AND_SCHEMES [crv ]
174
+ except KeyError :
175
+ raise UnsupportedKeyType ("Unsupported curve supplied by key" )
178
176
179
177
@classmethod
180
178
def from_priv_key_uri (
0 commit comments