Revize 04805a41
Přidáno uživatelem Stanislav Král před téměř 4 roky(ů)
| src/controllers/certificates_controller.py | ||
|---|---|---|
| 649 | 649 |
return E_NO_CERTIFICATES_FOUND, C_INTERNAL_SERVER_ERROR |
| 650 | 650 |
else: |
| 651 | 651 |
# generate PKCS12 identity |
| 652 |
identity_byte_array = self.certificate_service.generate_pkcs_identity(cert.certificate_id, key,
|
|
| 652 |
identity_byte_array = self.certificate_service.generate_pkcs_identity(cert, key, |
|
| 653 | 653 |
identity_name, |
| 654 | 654 |
identity_password) |
| 655 | 655 |
return Response(identity_byte_array, mimetype='application/x-pkcs12') |
| src/services/certificate_service.py | ||
|---|---|---|
| 477 | 477 |
|
| 478 | 478 |
return self.configuration.base_server_url + "/api/ocsp/" + str(ca_identifier) |
| 479 | 479 |
|
| 480 |
def generate_pkcs_identity(self, cert_id: int, cert_key: PrivateKey, identity_name: str, identity_passphrase: str):
|
|
| 480 |
def generate_pkcs_identity(self, certificate: Certificate, cert_key: PrivateKey, identity_name: str, identity_passphrase: str):
|
|
| 481 | 481 |
""" |
| 482 | 482 |
Generates a PKCS identity of the certificate given by the specified ID while using the private key passed. |
| 483 | 483 |
A name of the identity to be used and certificate's passphrase have to be specified as well as the passphrase |
| 484 | 484 |
of certificate's private key (if encrypted). |
| 485 |
:param cert_id: ID of the certificate to be put into the PKCS identity store
|
|
| 485 |
:param certificate: certificate to be put into the PKCS identity store
|
|
| 486 | 486 |
:param cert_key: key used to sign the given certificate |
| 487 | 487 |
:param identity_name: name to be given to the identity to be created |
| 488 | 488 |
:param identity_passphrase: passphrase to be used to encrypt the identity |
| ... | ... | |
| 490 | 490 |
""" |
| 491 | 491 |
Logger.debug("Function launched.")
|
| 492 | 492 |
|
| 493 |
# Read the selected certificate from the repository |
|
| 494 |
certificate = self.certificate_repository.read(cert_id) |
|
| 495 |
if certificate is None: |
|
| 496 |
Logger.error("Certificate whose identity should be generated does not exist.")
|
|
| 497 |
raise CertificateNotFoundException(cert_id) |
|
| 498 |
|
|
| 499 | 493 |
# get the chain of trust of the certificate whose identity should be generated and exclude the certificate |
| 500 | 494 |
# whose chain of trust we are querying |
| 501 |
cot_pem_list = [cert.pem_data for cert in self.get_chain_of_trust(cert_id, exclude_root=False)[1:]] |
|
| 495 |
cot_pem_list = [cert.pem_data for cert in self.get_chain_of_trust(certificate.certificate_id, exclude_root=False)[1:]]
|
|
| 502 | 496 |
|
| 503 | 497 |
return self.cryptography_service.generate_pkcs_identity(certificate.pem_data, cert_key.private_key, |
| 504 | 498 |
identity_name, |
| tests/integration_tests/rest_api/certificates_test.py | ||
|---|---|---|
| 985 | 985 |
assert identity_ret.status_code == 400 |
| 986 | 986 |
assert identity_ret.json == E_IDENTITY_NAME_NOT_SPECIFIED |
| 987 | 987 |
|
| 988 |
# certificate not existing |
|
| 989 |
identity_ret = server.post(f"/api/certificates/0/identity", content_type="application/json",
|
|
| 988 |
# certificate not existing (incorrect ID)
|
|
| 989 |
identity_ret = server.post(f"/api/certificates/999/identity", content_type="application/json",
|
|
| 990 | 990 |
json={"password": "foopass", "name": "Foo"})
|
| 991 | 991 |
assert identity_ret.status_code == 404 |
| 992 | 992 |
assert identity_ret.json == E_NO_CERTIFICATES_FOUND |
| tests/integration_tests/services/certificate_service_test.py | ||
|---|---|---|
| 418 | 418 |
intermediate_ca_key, usages={SSL_ID: True})
|
| 419 | 419 |
|
| 420 | 420 |
# generate the identity |
| 421 |
pkcs = certificate_service_unique.generate_pkcs_identity(child_cert.certificate_id, child_key, "Foo Child's Identity", "pass")
|
|
| 421 |
pkcs = certificate_service_unique.generate_pkcs_identity(child_cert, child_key, "Foo Child's Identity", "pass") |
|
| 422 | 422 |
|
| 423 | 423 |
# print out the pkcs store in order to be able to check it |
| 424 | 424 |
pkcs_info = subprocess.check_output( |
| ... | ... | |
| 440 | 440 |
organization_unit="Department of Foo")) |
| 441 | 441 |
|
| 442 | 442 |
# generate the identity |
| 443 |
pkcs = certificate_service_unique.generate_pkcs_identity(root_ca_cert.certificate_id, root_ca_private_key, "Foo Child's Identity", "pass")
|
|
| 443 |
pkcs = certificate_service_unique.generate_pkcs_identity(root_ca_cert, root_ca_private_key, "Foo Child's Identity", "pass") |
|
| 444 | 444 |
|
| 445 | 445 |
# print out the pkcs store in order to be able to check it |
| 446 | 446 |
pkcs_info = subprocess.check_output( |
| ... | ... | |
| 452 | 452 |
assert root_ca_cert.pem_data in pkcs_info |
| 453 | 453 |
assert len(re.findall("BEGIN CERTIFICATE", pkcs_info)) == 1
|
| 454 | 454 |
assert len(re.findall("END CERTIFICATE", pkcs_info)) == 1
|
| 455 |
|
|
| 456 |
|
|
| 457 |
def test_create_pkcs_identity_incorrect_id(certificate_service_unique): |
|
| 458 |
with pytest.raises(CertificateNotFoundException): |
|
| 459 |
certificate_service_unique.generate_pkcs_identity(999, None, None, None) |
|
Také k dispozici: Unified diff
Re #8708 - Changed the generate_pkcs_identity method of the CertificateService in such way that the Certificate class instance is now passed instead of a certificate ID resulting in a decrease of SQL queries.