replace string literals with enums

Azure · Sep 10, 2020 · eda4d5a · eda4d5a
1 parent e4fced1
commit eda4d5a
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 72 deletions.
diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/aes_kw.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/aes_kw.py
@@ -7,6 +7,7 @@
 
 from ..algorithm import AsymmetricEncryptionAlgorithm
 from ..transform import CryptoTransform
+from ..._enums import KeyWrapAlgorithm
 
 
 class _AesKeyWrapTransform(CryptoTransform):
@@ -59,7 +60,7 @@ class AesKw192(_AesKeyWrap):
 
 class AesKw256(_AesKeyWrap):
     _key_size = 256
-    _name = "A256KW"
+    _name = KeyWrapAlgorithm.aes_256
 
 
 AesKw128.register()

diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/ecdsa.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/ecdsa.py
@@ -11,6 +11,7 @@
 
 from ..algorithm import SignatureAlgorithm
 from ..transform import SignatureTransform
+from ..._enums import SignatureAlgorithm as KeyVaultSignatureAlgorithm
 
 if sys.version_info < (3, 3):
     abstractproperty = abc.abstractproperty
@@ -19,6 +20,7 @@
 
     abstractproperty = functools.partial(property, abc.abstractmethod)
 
+
 class _EcdsaSignatureTransform(SignatureTransform):
     def __init__(self, key, hash_algorithm):
         super(_EcdsaSignatureTransform, self).__init__()
@@ -43,25 +45,25 @@ def coordinate_length(self):
 
 
 class Ecdsa256(_Ecdsa):
-    _name = "ES256K"
+    _name = KeyVaultSignatureAlgorithm.es256_k
     _default_hash_algorithm = hashes.SHA256()
     coordinate_length = 32
 
 
 class Es256(_Ecdsa):
-    _name = "ES256"
+    _name = KeyVaultSignatureAlgorithm.es256
     _default_hash_algorithm = hashes.SHA256()
     coordinate_length = 32
 
 
 class Es384(_Ecdsa):
-    _name = "ES384"
+    _name = KeyVaultSignatureAlgorithm.es384
     _default_hash_algorithm = hashes.SHA384()
     coordinate_length = 48
 
 
 class Es512(_Ecdsa):
-    _name = "ES512"
+    _name = KeyVaultSignatureAlgorithm.es512
     _default_hash_algorithm = hashes.SHA512()
     coordinate_length = 66
 

diff --git a/...ult/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_encryption.py b/...ult/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_encryption.py
@@ -7,6 +7,7 @@
 
 from ..algorithm import AsymmetricEncryptionAlgorithm
 from ..transform import CryptoTransform
+from ..._enums import EncryptionAlgorithm
 
 
 class _Rsa1_5Encryptor(CryptoTransform):
@@ -20,7 +21,7 @@ def transform(self, data):
 
 
 class Rsa1_5(AsymmetricEncryptionAlgorithm):  # pylint:disable=client-incorrect-naming-convention
-    _name = "RSA1_5"
+    _name = EncryptionAlgorithm.rsa1_5
 
     def create_encryptor(self, key):
         return _Rsa1_5Encryptor(key)
@@ -54,7 +55,7 @@ def transform(self, data):
 
 
 class RsaOaep(AsymmetricEncryptionAlgorithm):
-    _name = "RSA-OAEP"
+    _name = EncryptionAlgorithm.rsa_oaep
 
     def create_encryptor(self, key):
         return _RsaOaepEncryptor(key, hashes.SHA1)
@@ -64,7 +65,7 @@ def create_decryptor(self, key):
 
 
 class RsaOaep256(AsymmetricEncryptionAlgorithm):
-    _name = "RSA-OAEP-256"
+    _name = EncryptionAlgorithm.rsa_oaep_256
 
     def create_encryptor(self, key):
         return _RsaOaepEncryptor(key, hashes.SHA256)

diff --git a/...yvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_signing.py b/...yvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_signing.py
@@ -7,6 +7,7 @@
 
 from ..algorithm import SignatureAlgorithm
 from ..transform import SignatureTransform
+from ..._enums import SignatureAlgorithm as KeyVaultSignatureAlgorithm
 
 
 class RsaSignatureTransform(SignatureTransform):
@@ -37,32 +38,32 @@ def _get_padding(self, digest):
 
 
 class Ps256(RsaSsaPss):
-    _name = "PS256"
+    _name = KeyVaultSignatureAlgorithm.ps256
     _default_hash_algorithm = hashes.SHA256()
 
 
 class Ps384(RsaSsaPss):
-    _name = "PS384"
+    _name = KeyVaultSignatureAlgorithm.ps384
     _default_hash_algorithm = hashes.SHA384()
 
 
 class Ps512(RsaSsaPss):
-    _name = "PS512"
+    _name = KeyVaultSignatureAlgorithm.ps512
     _default_hash_algorithm = hashes.SHA512()
 
 
 class Rs256(RsaSsaPkcs1v15):
-    _name = "RS256"
+    _name = KeyVaultSignatureAlgorithm.rs256
     _default_hash_algorithm = hashes.SHA256()
 
 
 class Rs384(RsaSsaPkcs1v15):
-    _name = "RS384"
+    _name = KeyVaultSignatureAlgorithm.rs384
     _default_hash_algorithm = hashes.SHA384()
 
 
 class Rs512(RsaSsaPkcs1v15):
-    _name = "RS512"
+    _name = KeyVaultSignatureAlgorithm.rs512
     _default_hash_algorithm = hashes.SHA512()
 
 

diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/ec_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/ec_key.py
@@ -19,26 +19,32 @@
 from ._internal import _bytes_to_int, asn1_der_to_ecdsa, ecdsa_to_asn1_der
 from .key import Key
 from .algorithms.ecdsa import Es256, Es512, Es384, Ecdsa256
+from ... import KeyCurveName
 
-_crypto_crv_to_kv_crv = {"secp256r1": "P-256", "secp384r1": "P-384", "secp521r1": "P-521", "secp256k1": "P-256K"}
+_crypto_crv_to_kv_crv = {
+    "secp256r1": KeyCurveName.p_256,
+    "secp384r1": KeyCurveName.p_384,
+    "secp521r1": KeyCurveName.p_521,
+    "secp256k1": KeyCurveName.p_256_k,
+}
 _kv_crv_to_crypto_cls = {
-    "P-256": SECP256R1,
-    "P-256K": SECP256K1,
-    "P-384": SECP384R1,
-    "P-521": SECP521R1,
-    "SECP256K1": SECP256K1,
+    KeyCurveName.p_256: SECP256R1,
+    KeyCurveName.p_256_k: SECP256K1,
+    KeyCurveName.p_384: SECP384R1,
+    KeyCurveName.p_521: SECP521R1,
+    "SECP256K1": SECP256K1,  # "SECP256K1" is from Key Vault 2016-10-01
 }
 _curve_to_default_algo = {
-    "P-256": Es256.name(),
-    "P-256K": Ecdsa256.name(),
-    "P-384": Es384.name(),
-    "P-521": Es512.name(),
-    "SECP256K1": Ecdsa256.name(),
+    KeyCurveName.p_256: Es256.name(),
+    KeyCurveName.p_256_k: Ecdsa256.name(),
+    KeyCurveName.p_384: Es384.name(),
+    KeyCurveName.p_521: Es512.name(),
+    "SECP256K1": Ecdsa256.name(),  # "SECP256K1" is from Key Vault 2016-10-01
 }
 
 
 class EllipticCurveKey(Key):
-    _supported_signature_algorithms = _curve_to_default_algo.values()
+    _supported_signature_algorithms = frozenset(_curve_to_default_algo.values())
 
     def __init__(self, x, y, d=None, kid=None, curve=None):
         super(EllipticCurveKey, self).__init__()

diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py
@@ -16,27 +16,26 @@
     rsa_crt_iqmp,
 )
 
-from azure.keyvault.keys._models import JsonWebKey
 from ._internal import _bytes_to_int, _int_to_bytes
 from .key import Key
 from .algorithms import Ps256, Ps384, Ps512, Rsa1_5, RsaOaep, RsaOaep256, Rs256, Rs384, Rs512
+from ... import JsonWebKey, KeyOperation
 
 
 class RsaKey(Key):  # pylint:disable=too-many-public-methods
-    PUBLIC_KEY_DEFAULT_OPS = ["encrypt", "wrapKey", "verify"]
-    PRIVATE_KEY_DEFAULT_OPS = ["encrypt", "decrypt", "wrapKey", "unwrapKey", "verify", "sign"]
-
-    _supported_encryption_algorithms = [Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name()]
-    _supported_key_wrap_algorithms = [Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name()]
-    _supported_signature_algorithms = [
-        Ps256.name(),
-        Ps384.name(),
-        Ps512.name(),
-        Rs256.name(),
-        Rs384.name(),
-        Rs512.name(),
+    PUBLIC_KEY_DEFAULT_OPS = [KeyOperation.encrypt, KeyOperation.wrap_key, KeyOperation.verify]
+    PRIVATE_KEY_DEFAULT_OPS = PUBLIC_KEY_DEFAULT_OPS + [
+        KeyOperation.decrypt,
+        KeyOperation.unwrap_key,
+        KeyOperation.sign,
     ]
 
+    _supported_encryption_algorithms = frozenset((Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name()))
+    _supported_key_wrap_algorithms = frozenset((Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name()))
+    _supported_signature_algorithms = frozenset(
+        (Ps256.name(), Ps384.name(), Ps512.name(), Rs256.name(), Rs384.name(), Rs512.name(),)
+    )
+
     def __init__(self, kid=None):
         super(RsaKey, self).__init__()
         self._kid = kid

diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/symmetric_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/symmetric_key.py
@@ -55,6 +55,26 @@ def __init__(self, kid=None, key_bytes=None, key_size=None):
 
         self._key = key_bytes
 
+        supported_encryption_algorithms = []
+        supported_key_wrap_algorithms = []
+        key_size = len(self._key)
+        if key_size >= key_size_128:
+            supported_encryption_algorithms.append(Aes128Cbc.name())
+            supported_key_wrap_algorithms.append(AesKw128.name())
+        if key_size >= key_size_192:
+            supported_encryption_algorithms.append(Aes192Cbc.name())
+            supported_key_wrap_algorithms.append(AesKw192.name())
+        if key_size >= key_size_256:
+            supported_encryption_algorithms.append(Aes256Cbc.name())
+            supported_encryption_algorithms.append(Aes128CbcHmacSha256.name())
+            supported_key_wrap_algorithms.append(AesKw256.name())
+        if key_size >= key_size_384:
+            supported_encryption_algorithms.append(Aes192CbcHmacSha384.name())
+        if key_size >= key_size_512:
+            supported_encryption_algorithms.append(Aes256CbcHmacSha512.name())
+        self._supported_encryption_algorithms = frozenset(supported_encryption_algorithms)
+        self._supported_key_wrap_algorithms = frozenset(supported_key_wrap_algorithms)
+
     def is_private_key(self):
         return True
 
@@ -74,39 +94,6 @@ def default_encryption_algorithm(self):
     def default_key_wrap_algorithm(self):
         return _default_kw_alg_by_size[len(self._key)]
 
-    @property
-    def supported_encryption_algorithms(self):
-        supported = []
-        key_size = len(self._key)
-
-        if key_size >= key_size_128:
-            supported.append(Aes128Cbc.name())
-        if key_size >= key_size_192:
-            supported.append(Aes192Cbc.name())
-        if key_size >= key_size_256:
-            supported.append(Aes256Cbc.name())
-            supported.append(Aes128CbcHmacSha256.name())
-        if key_size >= key_size_384:
-            supported.append(Aes192CbcHmacSha384.name())
-        if key_size >= key_size_512:
-            supported.append(Aes256CbcHmacSha512.name())
-
-        return supported
-
-    @property
-    def supported_key_wrap_algorithms(self):
-        supported = []
-        key_size = len(self._key)
-
-        if key_size >= key_size_128:
-            supported.append(AesKw128.name())
-        if key_size >= key_size_192:
-            supported.append(AesKw192.name())
-        if key_size >= key_size_256:
-            supported.append(AesKw256.name())
-
-        return supported
-
     def encrypt(self, plain_text, iv, **kwargs):  # pylint:disable=arguments-differ
         algorithm = self._get_algorithm("encrypt", **kwargs)
         encryptor = algorithm.create_encryptor(key=self._key, iv=iv)