Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 1fa20e93

Přidáno uživatelem Stanislav Král před téměř 4 roky(ů)

Re #8708 - Implemented a new method in the CertificateService that does generate a PKCS12 identity by using the CryptographyService

Covered the new method with few integration tests
Fixed minor typos in the CertificateService

Zobrazit rozdíly:

src/services/certificate_service.py
434 434 
        # Read the selected certificate from the repository
435 435 
        certificate = self.certificate_repository.read(id)
436 436 
        if certificate is None:
437 
            Logger.error("Certificate whose details were requested does not exists.")
437 
            Logger.error("Certificate whose details were requested does not exist.")
438 438 
            raise CertificateNotFoundException(id)
439 439 

  		




  440
  440
  
    
        # check the expiration date using OpenSSL


  		




  ......




  477
  477
  
    

  		




  478
  478
  
    
        return self.configuration.base_server_url + "/api/ocsp/" + str(ca_identifier)


  		




  479
  479
  
    

  		




  
  480
  
    
    def generate_pkcs_identity(self, cert_id: int, cert_key: PrivateKey, identity_name: str, identity_passphrase: str):


  		




  
  481
  
    
        """


  		




  
  482
  
    
        Generates a PKCS identity of the certificate given by the specified ID while using the private key passed.


  		




  
  483
  
    
        A name of the identity to be used and certificate's passphrase have to be specified as well as the passphrase


  		




  
  484
  
    
        of certificate's private key (if encrypted).


  		




  
  485
  
    
        :param cert_id: ID of the certificate to be put into the PKCS identity store


  		




  
  486
  
    
        :param cert_key: key used to sign the given certificate


  		




  
  487
  
    
        :param identity_name: name to be given to the identity to be created


  		




  
  488
  
    
        :param identity_passphrase: passphrase to be used to encrypt the identity


  		




  
  489
  
    
        :return: byte array containing the generated identity (PKCS12 store)


  		




  
  490
  
    
        """


  		




  
  491
  
    
        Logger.debug("Function launched.")


  		




  
  492
  
    

  		




  
  493
  
    
        # Read the selected certificate from the repository


  		




  
  494
  
    
        certificate = self.certificate_repository.read(cert_id)


  		




  
  495
  
    
        if certificate is None:


  		




  
  496
  
    
            Logger.error("Certificate whose identity should be generated does not exist.")


  		




  
  497
  
    
            raise CertificateNotFoundException(cert_id)


  		




  
  498
  
    

  		




  
  499
  
    
        # get the chain of trust of the certificate whose identity should be generated and exclude the certificate


  		




  
  500
  
    
        # whose chain of trust we are querying


  		




  
  501
  
    
        cot_pem_list = [cert.pem_data for cert in self.get_chain_of_trust(cert_id, exclude_root=False)[1:]]


  		




  
  502
  
    

  		




  
  503
  
    
        return self.cryptography_service.generate_pkcs_identity(certificate.pem_data, cert_key.private_key,


  		




  
  504
  
    
                                                                identity_name,


  		




  
  505
  
    
                                                                identity_passphrase, cot_pem_list, cert_key.password)


  		




  
  506
  
    

  		




  480
  507
  
    

  		




  481
  508
  
    
class RevocationReasonInvalidException(Exception):


  		




  482
  509
  
    
    """


  		












Také k dispozici:  Unified diff