macaroonbakery/keys.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# Copyright 2017 Canonical Ltd.
# Licensed under the LGPLv3, see LICENCE file for details.

import nacl.public


class PrivateKey(object):
    ''' A private key used by the bakery to encrypt and decrypt
    third party caveats.
    Internally, it is a 256-bit Ed25519 private key.
    '''
    def __init__(self, key):
        self._key = key

    @property
    def key(self):
        ''' Internal nacl key representation.
        '''
        return self._key

    @property
    def public_key(self):
        '''
        :return: the PublicKey associated with the private key.
        '''
        return PublicKey(self._key.public_key)

    @classmethod
    def deserialize(cls, serialized):
        ''' Create a PrivateKey from a base64 encoded bytes.
        :return: a PrivateKey
        '''
        return PrivateKey(
            nacl.public.PrivateKey(serialized,
                                   encoder=nacl.encoding.Base64Encoder))

    def encode(self, raw=False):
        ''' Encode the key in a base64 format by default but when raw is True
        it will return a an hex encoded bytes.
        @return: bytes
        '''
        if raw:
            return self._key.encode()
        return self._key.encode(nacl.encoding.Base64Encoder)

    def __eq__(self, other):
        return self.key == other.key


class PublicKey(object):
    ''' A public key used by the bakery to encrypt third party caveats.

    Every discharger is associated with a public key which is used to
    encrypt third party caveat ids addressed to that discharger.
    Internally, it is a 256 bit Ed25519 public key.
    '''
    def __init__(self, key):
        self._key = key

    @property
    def key(self):
        ''' Internal nacl key representation.
        '''
        return self._key

    def encode(self, raw=False):
        ''' Encode the key in a base64 format by default but when raw is True
        it will return a an hex encoded bytes.
        @return: bytes
        '''
        if raw:
            return self._key.encode()
        return self._key.encode(nacl.encoding.Base64Encoder)

    @classmethod
    def deserialize(cls, serialized):
        ''' Create a PublicKey from a base64 encoded bytes.
        :return: a PublicKey
        '''
        return PublicKey(
            nacl.public.PublicKey(serialized,
                                  encoder=nacl.encoding.Base64Encoder))

    def __eq__(self, other):
        return self.key == other.key


def generate_key():
    '''GenerateKey generates a new PrivateKey.
    :return: a PrivateKey
    '''
    return PrivateKey(nacl.public.PrivateKey.generate())