8000 Making it possible for KMS GetPublicKey to get ENCRYPT_DECRYPT keys. … · localstack/localstack@1ba1a8a · GitHub
[go: up one dir, main page]
Skip to content

Commit 1ba1a8a

Browse files
author
taras-kobernyk-localstack
authored
Making it possible for KMS GetPublicKey to get ENCRYPT_DECRYPT keys. (#6675)
1 parent 70268a7 commit 1ba1a8a

File tree

2 files changed

+9
-3
lines changed

2 files changed

+9
-3
lines changed

localstack/services/kms/provider.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -141,8 +141,9 @@ def create_key(
141141
result = call_moto(context)
142142

143143
# generate keypair for signing, if this is a SIGN_VERIFY key
144-
key_usage = create_key_request.get("KeyUsage")
145-
if key_usage == "SIGN_VERIFY":
144+
key_usage = create_key_request.get("KeyUsage", "ENCRYPT_DECRYPT")
145+
key_spec = create_key_request.get("KeySpec", "SYMMETRIC_DEFAULT")
146+
if not (key_usage == "ENCRYPT_DECRYPT" and key_spec == "SYMMETRIC_DEFAULT"):
146147
create_key_request["KeyId"] = result["KeyMetadata"]["KeyId"]
147148
_generate_data_key_pair(create_key_request, create_cipher=False)
148149

@@ -268,6 +269,7 @@ def list_retirable_grants(
268269

269270
return ListGrantsResponse(Grants=in_limit, Truncated=True, NextMarker=marker_id)
270271

272+
@handler("GetPublicKey")
271273
def get_public_key(
272274
self, context: RequestContext, key_id: KeyIdType, grant_tokens: GrantTokenList = None
273275
) -> GetPublicKeyResponse:
@@ -567,7 +569,7 @@ def _generate_data_key_pair(data, create_cipher=True, add_to_keys=True):
567569
"KeyId": key_id,
568570
"KeyPairSpec": key_spec,
569571
"KeySpec": key_spec,
570-
"KeyUsage": "SIGN_VERIFY",
572+
"KeyUsage": data.get("KeyUsage", "ENCRYPT_DECRYPT"),
571573
"Policy": data.get("Policy"),
572574
"Region": region,
573575
"Description": data.get("Description"),

tests/integration/test_kms.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,10 @@ def _verify(signature):
153153
with pytest.raises(InvalidSignature):
154154
_verify(result["Signature"] + b"foobar")
155155

156+
def test_get_public_key(self, kms_client, kms_create_key):
157+
key_id = kms_create_key(KeyUsage="ENCRYPT_DECRYPT", KeySpec="RSA_2048")["KeyId"]
158+
kms_client.get_public_key(KeyId=key_id)
159+
156160
@pytest.mark.aws_validated
157161
def test_get_and_list_sign_key(self, kms_client, kms_create_key):
158162
response = kms_create_key(KeyUsage="SIGN_VERIFY", CustomerMasterKeySpec="ECC_NIST_P256")

0 commit comments

Comments
 (0)
0