Revize 4c19a9b1
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 1 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID, CA_ID |
|
| 1 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID, CA_ID, CERTIFICATE_ID
|
|
| 2 | 2 |
from src.dao.certificate_repository import CertificateRepository |
| 3 | 3 |
from src.model.certificate import Certificate |
| 4 | 4 |
from src.model.private_key import PrivateKey |
| ... | ... | |
| 26 | 26 |
# create a new self signed certificate |
| 27 | 27 |
cert_pem = self.cryptography_service.create_sscrt(subject, key.private_key, key_pass=key.password, |
| 28 | 28 |
extensions=extensions, config=config) |
| 29 |
|
|
| 30 |
# parse the generated pem for subject and notBefore/notAfter fields |
|
| 31 |
subj, not_before, not_after = self.cryptography_service.parse_cert_pem(cert_pem) |
|
| 32 |
|
|
| 33 |
# format the parsed date |
|
| 34 |
not_before_formatted = time.strftime(DATE_FORMAT, not_before) |
|
| 35 |
not_after_formatted = time.strftime(DATE_FORMAT, not_after) |
|
| 36 |
|
|
| 37 | 29 |
# specify CA usage |
| 38 | 30 |
usages[CA_ID] = True |
| 39 | 31 |
|
| 40 |
# create a certificate wrapper
|
|
| 41 |
certificate = Certificate(-1, subject.common_name, not_before_formatted, not_after_formatted, cert_pem,
|
|
| 42 |
key.private_key_id, ROOT_CA_ID, 0, usages)
|
|
| 32 |
# wrap into Certificate class
|
|
| 33 |
certificate = self.__create_wrapper(cert_pem, key.private_key_id, subject.common_name, usages, 0,
|
|
| 34 |
ROOT_CA_ID)
|
|
| 43 | 35 |
|
| 44 | 36 |
# store the wrapper into the repository |
| 45 | 37 |
created_id = self.certificate_repository.create(certificate) |
| ... | ... | |
| 49 | 41 |
|
| 50 | 42 |
return certificate |
| 51 | 43 |
|
| 44 |
def __create_wrapper(self, cert_pem, private_key_id, common_name, usages, parent_id, cert_type): |
|
| 45 |
# parse the generated pem for subject and notBefore/notAfter fields |
|
| 46 |
subj, not_before, not_after = self.cryptography_service.parse_cert_pem(cert_pem) |
|
| 47 |
# format the parsed date |
|
| 48 |
not_before_formatted = time.strftime(DATE_FORMAT, not_before) |
|
| 49 |
not_after_formatted = time.strftime(DATE_FORMAT, not_after) |
|
| 50 |
|
|
| 51 |
# create a certificate wrapper |
|
| 52 |
certificate = Certificate(-1, common_name, not_before_formatted, not_after_formatted, cert_pem, |
|
| 53 |
private_key_id, cert_type, parent_id, usages) |
|
| 54 |
|
|
| 55 |
print(f"CW: {parent_id} {certificate.parent_id}")
|
|
| 56 |
return certificate |
|
| 57 |
|
|
| 52 | 58 |
# TODO config parameter present in class diagram but not here (unused) |
| 53 | 59 |
def create_ca(self, subject_key: PrivateKey, subject: Subject, issuer_cert: Certificate, issuer_key: PrivateKey, |
| 54 | 60 |
extensions: str = "", days: int = 30, usages=None): |
| ... | ... | |
| 63 | 69 |
issuer_key_pass=issuer_key.password, extensions=extensions, |
| 64 | 70 |
days=days) |
| 65 | 71 |
|
| 72 |
# specify CA usage |
|
| 73 |
usages[CA_ID] = True |
|
| 74 |
|
|
| 75 |
# wrap into Certificate class |
|
| 76 |
self.__create_wrapper(cert_pem, subject_key.private_key_id, subject.common_name, usages, |
|
| 77 |
issuer_cert.certificate_id, INTERMEDIATE_CA_ID) |
|
| 78 |
|
|
| 66 | 79 |
# parse the generated pem for subject and notBefore/notAfter fields |
| 67 | 80 |
subj, not_before, not_after = self.cryptography_service.parse_cert_pem(cert_pem) |
| 68 | 81 |
|
| ... | ... | |
| 85 | 98 |
|
| 86 | 99 |
return certificate |
| 87 | 100 |
|
| 101 |
def create_end_cert(self, subject_key: PrivateKey, subject: Subject, issuer_cert: Certificate, |
|
| 102 |
issuer_key: PrivateKey, |
|
| 103 |
extensions: str = "", days: int = 30, usages=None): |
|
| 104 |
if usages is None: |
|
| 105 |
usages = {}
|
|
| 106 |
|
|
| 107 |
# generate a new certificate |
|
| 108 |
cert_pem = self.cryptography_service.create_crt(subject, subject_key.private_key, issuer_cert.pem_data, |
|
| 109 |
issuer_key.private_key, |
|
| 110 |
subject_key_pass=subject_key.password, |
|
| 111 |
issuer_key_pass=issuer_key.password, extensions=extensions, |
|
| 112 |
days=days) |
|
| 113 |
|
|
| 114 |
print(f"test cert {issuer_cert.certificate_id}")
|
|
| 115 |
# wrap the generated certificate using Certificate class |
|
| 116 |
certificate = self.__create_wrapper(cert_pem, subject_key.private_key_id, subject.common_name, usages, |
|
| 117 |
issuer_cert.certificate_id, CERTIFICATE_ID) |
|
| 118 |
|
|
| 119 |
print(f"parent cert {certificate.parent_id}")
|
|
| 120 |
|
|
| 121 |
created_id = self.certificate_repository.create(certificate) |
|
| 122 |
|
|
| 123 |
certificate.certificate_id = created_id |
|
| 124 |
|
|
| 125 |
print(f"parent cert {certificate.parent_id}")
|
|
| 126 |
|
|
| 127 |
return certificate |
|
| 128 |
|
|
| 88 | 129 |
def get_certificate(self, unique_id: int) -> Certificate: |
| 89 | 130 |
return self.certificate_repository.read(unique_id) |
Také k dispozici: Unified diff
Re #8472 - Implemented create_end_cert method and added an integration test validating it