You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Unfortunately this regex identifies the "-" in the "Proc-Type" keyword as the start of the last line of the PEM file and the - in DEK-Info as the end of the file. This means that it parses the key to be:
This is now an invalid key and it throws an error:
ValueError('Could not deserialize key data. The data may be in an incorrect format, the provided password may be incorrect, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [<OpenSSLError(code=503841036, lib=60, reason=524556, reason_text=unsupported)>])
If I patch line 226 to be:
composed_private_key = private_key
Then it loads and decrypts the key correctly, just without protection of malformed pem files.
The process needs to be adjusted to reassemble the pem file correctly.
A bit more info around this issue, there's a bit of subtlety to ensure the pem is in the right format.
In credentials.py
This alternative pattern works as intended to split the PEM correctly:
^(-+[^-]+-+)([\s\S]+?)(--+[^-]+-+)
However this still breaks because the _compose_pem then regex splits on "\s+" which strips whitespace and reforming with new lines. However this breaks up this part of the pem key due to the space after the colon:
It's possible to adjust the regex to ignore the space after the colon, however this removes the new line between DEK-Info and the key. This also breaks the pem format.
I'm presuming the malformed pem comes from the Block storing new lines incorrectly (?) perhaps the code should not manipulate the pem if it's being directly read from a file?
Uh oh!
There was an error while loading. Please reload this page.
Bug summary
Snowflake-Credentials can be set up using private-public keypair. Ideally the key would be encrypted with a private key passphrase.
An encrypted private key pem file is structured (this is not a real key!):
Unlike unencrypted keys, it contains the keywords Proc-Type and DEK-Info.
prefect/src/integrations/prefect-snowflake/prefect-snowflake/credentials.py
Line 226:
_compose_pem does a regex on the PEM file using the following pattern to split the key into parts:
Unfortunately this regex identifies the "-" in the "Proc-Type" keyword as the start of the last line of the PEM file and the - in DEK-Info as the end of the file. This means that it parses the key to be:
This is now an invalid key and it throws an error:
If I patch line 226 to be:
Then it loads and decrypts the key correctly, just without protection of malformed pem files.
The process needs to be adjusted to reassemble the pem file correctly.
Version info
Additional context
No response
The text was updated successfully, but these errors were encountered: