1414from .exception import UnknownKeyType
1515from .exception import UpdateFailed
1616from .jwk .ec import ECKey
17+ from .jwk .ec import import_private_key_from_file
1718from .jwk .ec import new_ec_key
1819from .jwk .hmac import SYMKey
1920from .jwk .jwk import dump_jwk
@@ -167,7 +168,7 @@ def __init__(self, keys=None, source="", cache_time=300, verify_ssl=True,
167168 :param verify_ssl: Verify the SSL cert used by the server
168169 :param fileformat: For a local file either "jwks" or "der"
169170 :param keytype: Iff local file and 'der' format what kind of key it is.
170- presently only 'rsa' is supported.
171+ presently 'rsa' and 'ec' are supported.
171172 :param keyusage: What the key loaded from file should be used for.
172173 Only applicable for DER files
173174 :param httpc: A HTTP client function
@@ -229,7 +230,7 @@ def _set_source(self, source, fileformat):
229230 def _do_local (self , kid ):
230231 if self .fileformat in ['jwks' , "jwk" ]:
231232 self .do_local_jwk (self .source )
232- elif self .fileformat == "der" : # Only valid for RSA keys
233+ elif self .fileformat == "der" :
233234 self .do_local_der (self .source , self .keytype , self .keyusage , kid )
234235
235236 def do_keys (self , keys ):
@@ -285,12 +286,16 @@ def do_local_der(self, filename, keytype, keyusage=None, kid=''):
285286 Load a DER encoded file amd create a key from it.
286287
287288 :param filename: Name of the file
288- :param keytype: Presently only 'rsa' supported
289+ :param keytype: Presently 'rsa' and 'ec ' supported
289290 :param keyusage: encryption ('enc') or signing ('sig') or both
290291 """
291- _bkey = import_private_rsa_key_from_file (filename )
292-
293- if keytype .lower () != 'rsa' :
292+ if keytype .lower () == 'rsa' :
293+ _bkey = import_private_rsa_key_from_file (filename )
294+ _key = RSAKey ().load_key (_bkey )
295+ elif keytype .lower () == 'ec' :
296+ _bkey = import_private_key_from_file (filename )
297+ _key = ECKey ().load_key (_bkey )
298+ else :
294299 raise NotImplementedError ('No support for DER decoding of that key type' )
295300
296301 if not keyusage :
@@ -299,7 +304,6 @@ def do_local_der(self, filename, keytype, keyusage=None, kid=''):
299304 keyusage = harmonize_usage (keyusage )
300305
301306 for use in keyusage :
302- _key = RSAKey ().load_key (_bkey )
303307 _key .use = use
304308 if kid :
305309 _key .kid = kid
@@ -713,8 +717,8 @@ def build_key_bundle(key_conf, kid_template=""):
713717 The type of key. Presently only 'rsa', 'ec' and 'oct' supported.
714718
715719 key
716- A name of a file where a key can be found. Only works with PEM encoded
717- RSA keys
720+ A name of a file where a key can be found. Works with PEM encoded
721+ RSA and EC private keys.
718722
719723 use
720724 What the key should be used for
@@ -752,7 +756,17 @@ def build_key_bundle(key_conf, kid_template=""):
752756 else :
753757 _bundle = rsa_init (spec )
754758 elif typ == "EC" :
755- _bundle = ec_init (spec )
759+ if "key" in spec and spec ["key" ]:
760+ error_to_catch = (OSError , IOError ,
761+ DeSerializationNotPossible )
762+ try :
763+ _bundle = KeyBundle (source = "file://%s" % spec ["key" ],
764+ fileformat = "der" ,
765+ keytype = typ , keyusage = spec ["use" ])
766+ except error_to_catch :
767+ _bundle = ec_init (spec )
768+ else :
769+ _bundle = ec_init (spec )
756770 elif typ .upper () == "OCT" :
757771 _bundle = sym_init (spec )
758772 else :
0 commit comments