|
1
|
import time
|
|
2
|
|
|
3
|
from injector import inject
|
|
4
|
|
|
5
|
from src.dao.certificate_repository import CertificateRepository
|
|
6
|
from src.services.certificate_service import VALID_FROM_TO_DATE_FORMAT
|
|
7
|
from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line
|
|
8
|
from src.services.cryptography import CryptographyService
|
|
9
|
|
|
10
|
|
|
11
|
class CrlService:
|
|
12
|
@inject
|
|
13
|
def __init__(self,
|
|
14
|
certificate_repository: CertificateRepository,
|
|
15
|
cryptography_service: CryptographyService
|
|
16
|
):
|
|
17
|
self.certificate_repository = certificate_repository
|
|
18
|
self.cryptography_service = cryptography_service
|
|
19
|
|
|
20
|
def create_revoked_index(self, ca_id) -> str:
|
|
21
|
"""
|
|
22
|
Queries the certificate repository and looks for all certificates revoked by the certificate authority given
|
|
23
|
by the passed ID. Found certificates are then put into a string representing the CA's database index file.
|
|
24
|
|
|
25
|
:param ca_id: ID of the CA whose revoked certificates should be put into the index file
|
|
26
|
:return: a str representing the content of a CA index file
|
|
27
|
"""
|
|
28
|
|
|
29
|
index_lines = []
|
|
30
|
# iterate over revoked certificates of the CA given by an ID
|
|
31
|
for certificate in self.certificate_repository.get_all_revoked_by(ca_id):
|
|
32
|
# extract the complete subject information and not_after date field
|
|
33
|
subject, _, not_after = self.cryptography_service.parse_cert_pem(certificate.pem_data)
|
|
34
|
line = create_index_file_revoked_line(certificate,
|
|
35
|
subject,
|
|
36
|
# parse valid_to date to a date struct
|
|
37
|
time.strptime(certificate.valid_to, VALID_FROM_TO_DATE_FORMAT),
|
|
38
|
not_after)
|
|
39
|
|
|
40
|
# append it to the list of lines
|
|
41
|
index_lines.append(line)
|
|
42
|
|
|
43
|
# join all lines with a new line
|
|
44
|
return "\n".join(index_lines)
|