Server creates CA's private keys (instead of client).

tatu/api/models.py

@@ -13,8 +13,6 @@ class Authorities(object):
     db.createAuthority(
       self.session,
       body['auth_id'],
-      user_key=body['user_key'],
-      host_key=body['host_key'],
     )
     resp.status = falcon.HTTP_201
     resp.location = '/authorities/' + body['auth_id']

tatu/db/models.py

@@ -23,10 +23,10 @@ class Authority(Base):
 def getAuthority(session, auth_id):
   return session.query(Authority).get(auth_id)
 
-def createAuthority(session, auth_id, user_key, host_key):
+def createAuthority(session, auth_id):
   auth = Authority(auth_id=auth_id,
-                   user_key=user_key,
+                   user_key=RSA.generate(2048).exportKey('PEM'),
-                   host_key=host_key)
+                   host_key=RSA.generate(2048).exportKey('PEM'))
   session.add(auth)
   session.commit()
   return auth

tatu/tests/test_app.py

@@ -32,17 +32,11 @@ user_pub_key = user_key.publickey().exportKey('OpenSSH')
 user_fingerprint = sshpubkeys.SSHKey(user_pub_key).hash()
 
 auth_id = str(uuid.uuid4())
-auth_user_key = RSA.generate(2048)
-auth_host_key = RSA.generate(2048)
-auth_user_pub_key = auth_user_key.publickey().exportKey('OpenSSH')
-auth_host_pub_key = auth_host_key.publickey().exportKey('OpenSSH')
 
 @pytest.mark.dependency()
 def test_post_authority(client, db):
   body = {
     'auth_id': auth_id,
-    'user_key': auth_user_key.exportKey('PEM'),
-    'host_key': auth_host_key.exportKey('PEM'),
   }  
   response = client.simulate_post(
     '/authorities',
@@ -61,9 +55,7 @@ def test_get_authority(client):
   body = json.loads(response.content)
   assert 'auth_id' in body
   assert 'user_key.pub' in body
-  assert body['user_key.pub'] == auth_user_pub_key
   assert 'host_key.pub' in body
-  assert body['host_key.pub'] == auth_host_pub_key
   assert 'user_key' not in body
   assert 'host_key' not in body