|
1
|
from datetime import datetime
|
|
2
|
|
|
3
|
from injector import inject
|
|
4
|
|
|
5
|
from src.dao.certificate_repository import CertificateRepository
|
|
6
|
from src.exceptions.certificate_not_found_exception import CertificateNotFoundException
|
|
7
|
from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line
|
|
8
|
from src.services.cryptography import CryptographyService
|
|
9
|
from src.utils.temporary_file import TemporaryFile
|
|
10
|
|
|
11
|
|
|
12
|
class CrlService:
|
|
13
|
@inject
|
|
14
|
def __init__(self,
|
|
15
|
certificate_repository: CertificateRepository,
|
|
16
|
cryptography_service: CryptographyService
|
|
17
|
):
|
|
18
|
self.certificate_repository = certificate_repository
|
|
19
|
self.cryptography_service = cryptography_service
|
|
20
|
|
|
21
|
def create_revoked_index(self, ca_id) -> str:
|
|
22
|
"""
|
|
23
|
Queries the certificate repository and looks for all certificates revoked by the certificate authority given
|
|
24
|
by the passed ID. Found certificates are then put into a string representing the CA's database index file.
|
|
25
|
|
|
26
|
:param ca_id: ID of the CA whose revoked certificates should be put into the index file
|
|
27
|
:return: a str representing the content of a CA index file
|
|
28
|
"""
|
|
29
|
|
|
30
|
index_lines = []
|
|
31
|
# iterate over revoked certificates of the CA given by an ID
|
|
32
|
for certificate in self.certificate_repository.get_all_revoked_by(ca_id):
|
|
33
|
# extract the complete subject information and not_after date field
|
|
34
|
subject, _, not_after = self.cryptography_service.parse_cert_pem(certificate.pem_data)
|
|
35
|
|
|
36
|
line = create_index_file_revoked_line(certificate,
|
|
37
|
subject,
|
|
38
|
# parse revocation date from unix timestamp to struct_time
|
|
39
|
datetime.utcfromtimestamp(int(certificate.revocation_date)).timetuple(),
|
|
40
|
not_after)
|
|
41
|
|
|
42
|
# append it to the list of lines
|
|
43
|
index_lines.append(line)
|
|
44
|
|
|
45
|
# join all lines with a new line
|
|
46
|
return "\n".join(index_lines)
|
|
47
|
|
|
48
|
def generate_crl_response(self, ca_id: int) -> str:
|
|
49
|
"""
|
|
50
|
Generate a CRL for the given certificate authority
|
|
51
|
that contains all revoked certificates
|
|
52
|
|
|
53
|
:param ca_id: ID of a CA whose CRL shall be generated
|
|
54
|
:return: CRL in PEM format
|
|
55
|
"""
|
|
56
|
# check if the requested CA exists and if not throw an exception
|
|
57
|
if self.certificate_repository.read(ca_id) is None:
|
|
58
|
raise CertificateNotFoundException(ca_id)
|
|
59
|
|
|
60
|
# Create an index file and call cryptography service to generate CRL
|
|
61
|
with TemporaryFile("crl.index", self.create_revoked_index(ca_id)) as index_path:
|
|
62
|
crl_content = self.cryptography_service.generate_crl(index_path)
|
|
63
|
|
|
64
|
return crl_content
|