From 648fdec983c942e4c9c4d6956f25fb3cfb3b316c Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Tue, 17 Dec 2024 09:00:15 +0100 Subject: [PATCH] Check private key type on load --- nodeman/internal_ca.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nodeman/internal_ca.py b/nodeman/internal_ca.py index 347cc72..766f7b9 100644 --- a/nodeman/internal_ca.py +++ b/nodeman/internal_ca.py @@ -6,6 +6,10 @@ from cryptography import x509 from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey +from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey +from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey +from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey from cryptography.hazmat.primitives.serialization import load_pem_private_key from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID @@ -72,6 +76,10 @@ def load( with open(issuer_ca_private_key_file, "rb") as fp: issuer_ca_private_key = load_pem_private_key(fp.read(), password=None) + if not isinstance( + issuer_ca_private_key, (RSAPrivateKey, EllipticCurvePrivateKey, Ed25519PrivateKey, Ed448PrivateKey) + ): + raise ValueError("Unsupported private key type") if root_ca_certificate_file: with open(root_ca_certificate_file, "rb") as fp: