oso.framework.plugin.addons.signing_server package

Subpackages

• oso.framework.plugin.addons.signing_server.generated namespace
  • Submodules
  • oso.framework.plugin.addons.signing_server.generated.server_pb2 module
  • oso.framework.plugin.addons.signing_server.generated.server_pb2_grpc module
    • Crypto
    • CryptoServicer
      • CryptoServicer.Decrypt()
      • CryptoServicer.DecryptFinal()
      • CryptoServicer.DecryptInit()
      • CryptoServicer.DecryptSingle()
      • CryptoServicer.DecryptUpdate()
      • CryptoServicer.DeriveKey()
      • CryptoServicer.Digest()
      • CryptoServicer.DigestFinal()
      • CryptoServicer.DigestInit()
      • CryptoServicer.DigestKey()
      • CryptoServicer.DigestSingle()
      • CryptoServicer.DigestUpdate()
      • CryptoServicer.Encrypt()
      • CryptoServicer.EncryptFinal()
      • CryptoServicer.EncryptInit()
      • CryptoServicer.EncryptSingle()
      • CryptoServicer.EncryptUpdate()
      • CryptoServicer.GenerateKey()
      • CryptoServicer.GenerateKeyPair()
      • CryptoServicer.GenerateRandom()
      • CryptoServicer.GetAttributeValue()
      • CryptoServicer.GetMechanismInfo()
      • CryptoServicer.GetMechanismList()
      • CryptoServicer.Login()
      • CryptoServicer.Logout()
      • CryptoServicer.ReencryptSingle()
      • CryptoServicer.RewrapKeyBlob()
      • CryptoServicer.SetAttributeValue()
      • CryptoServicer.Sign()
      • CryptoServicer.SignFinal()
      • CryptoServicer.SignInit()
      • CryptoServicer.SignSingle()
      • CryptoServicer.SignUpdate()
      • CryptoServicer.UnwrapKey()
      • CryptoServicer.Verify()
      • CryptoServicer.VerifyFinal()
      • CryptoServicer.VerifyInit()
      • CryptoServicer.VerifySingle()
      • CryptoServicer.VerifyUpdate()
      • CryptoServicer.WrapKey()
    • CryptoStub

Module contents

Signing Server Addon.

class oso.framework.plugin.addons.signing_server.SigningServerAddon(framework_config: Any, addon_config: SigningServerConfig)

Bases: AddonProtocol

Signing Server.

Parameters:

• framework_config – Whole application configuration.

• plugin_config – Configuration specific to this addon.

config

configure(addon_config: SigningServerConfig) → SigningServerAddon

Return the addon instance.

generate_key_pair(key_type: KeyType) → tuple[str, bytes]

Generate a new key pair.

Parameters:

key_type (KeyType) – The type of key to generate.

Returns:

• key_idstr

  The unique identifier for the generated key.

• pub_key_pembytes

  The public key in PEM format.

Return type:

tuple[str, bytes]

get_key_pem(key_id: str) → bytes | None

Get the public key PEM for a given key ID.

Parameters:

key_id (str) – The unique identifier of the key for which the public PEM is requested.

Returns:

The PEM-encoded public key as bytes if the key is found and conversion succeeds, otherwise None.

Return type:

bytes | None

health_check() → ComponentStatus

Check the GREP11 server health status.

Returns:

OSO component status.

Return type:

oso.framework.data.types.ComponentStatus

list_keys(key_type: KeyType) → list[str]

Find the existing keys of the specified type in the keystore.

Parameters:

key_type (KeyType) – The type of keys to find.

Returns:

List of key ids of the given key type.

Return type:

list[str]

sign(key_id: str, data: bytes) → str

Sign data using GREP11 server.

Parameters:

• key_id (str) – Key ID used to find stored key, prefixed with key type OID

• data (bytes) – Data to be signed.

Returns:

Signature as a string.

Return type:

str

class oso.framework.plugin.addons.signing_server.SigningServerConfig(*, type: ImportString, ca_cert: str, client_cert: str, client_key: str, grep11_endpoint: str = 'localhost', keystore_path: str)

Bases: BaseAddonConfig

Signing Server Addon Specific Configuration.

ca_cert

PEM-encoded root certificates as a byte string for gRPC channel

Type:

str

client_cert

PEM-encoded certificate chain as a byte string for gRPC channel

Type:

str

client_key

PEM-encoded certificate chain as a byte string for gRPC channel

Type:

str

grep11_endpoint

Endpoint used to connect to the GREP11 server

Type:

str

keystore_path

Path of the attached persistent data volume used to store generated keys between iterations

Type:

str

oso.framework.plugin.addons.signing_server.configure(framework_config: Any, addon_config: SigningServerConfig) → SigningServerAddon

Return the addon instance.