Revize 75ebc6fc
Přidáno uživatelem Jan Pašek před téměř 4 roky(ů)
| src/services/crl/ca_index_file_line_generator.py | ||
|---|---|---|
| 38 | 38 |
] |
| 39 | 39 |
|
| 40 | 40 |
return TAB_CHAR.join(items) |
| 41 |
|
|
| 42 |
def create_index_file_valid_line(certificate: Certificate, subject: Subject, valid_to: struct_time) -> str: |
|
| 43 |
# converts the given certificate as well as the subject and revocation / valid_to dates to a line of openssl CA |
|
| 44 |
# index file format |
|
| 45 |
items = [ |
|
| 46 |
# certificate status flag (R stands for revoked) |
|
| 47 |
"V", |
|
| 48 |
# followed by the expiration date field |
|
| 49 |
f"{get_index_file_time_entry(valid_to)}",
|
|
| 50 |
# followed by the revocation date field |
|
| 51 |
f"", |
|
| 52 |
# followed by the serial number of the certificate in hex format |
|
| 53 |
hex(certificate.certificate_id).replace("x", "").upper(),
|
|
| 54 |
# certificate filename ("unknown" literal used for unknown file names)
|
|
| 55 |
"unknown", |
|
| 56 |
# certificate distinguished name |
|
| 57 |
get_distinguished_name(subject) |
|
| 58 |
] |
|
| 59 |
|
|
| 60 |
return TAB_CHAR.join(items) |
|
| src/services/crl/crl_service.py | ||
|---|---|---|
| 6 | 6 |
from src.dao.private_key_repository import PrivateKeyRepository |
| 7 | 7 |
from src.exceptions.certificate_not_found_exception import CertificateNotFoundException |
| 8 | 8 |
from src.exceptions.private_key_not_found_exception import PrivateKeyNotFoundException |
| 9 |
from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line |
|
| 9 |
from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line, create_index_file_valid_line
|
|
| 10 | 10 |
from src.services.cryptography import CryptographyService |
| 11 | 11 |
from src.utils.temporary_file import TemporaryFile |
| 12 | 12 |
|
| ... | ... | |
| 30 | 30 |
:param ca_id: ID of the CA whose revoked certificates should be put into the index file |
| 31 | 31 |
:return: a str representing the content of a CA index file |
| 32 | 32 |
""" |
| 33 |
# get issuing certificate |
|
| 34 |
certificate = self.certificate_repository.read(ca_id) |
|
| 35 |
if certificate is None: |
|
| 36 |
raise CertificateNotFoundException(ca_id) |
|
| 37 |
|
|
| 38 |
# get subject and notAfter of the issuer |
|
| 39 |
subject, _, not_after = self.cryptography_service.parse_cert_pem(certificate.pem_data) |
|
| 33 | 40 |
|
| 34 |
index_lines = [] |
|
| 41 |
index_lines = [create_index_file_valid_line(certificate, subject, not_after)]
|
|
| 35 | 42 |
# iterate over revoked certificates of the CA given by an ID |
| 36 | 43 |
for certificate in self.certificate_repository.get_all_revoked_by(ca_id): |
| 37 | 44 |
# extract the complete subject information and not_after date field |
| tests/integration_tests/services/crl_service_test.py | ||
|---|---|---|
| 83 | 83 |
|
| 84 | 84 |
# convert valid_to date fields (expiration date fields change with each test run) |
| 85 | 85 |
valid_to_dates = [ |
| 86 |
convert_valid_to_date_to_ca_index_format(root_ca_cert.valid_to), |
|
| 86 | 87 |
convert_valid_to_date_to_ca_index_format(foo_ca.valid_to), |
| 87 | 88 |
convert_valid_to_date_to_ca_index_format(bar_ca.valid_to), |
| 88 | 89 |
convert_valid_to_date_to_ca_index_format(baz_cert.valid_to), |
| ... | ... | |
| 90 | 91 |
|
| 91 | 92 |
# arrange expected lines |
| 92 | 93 |
expected_lines = [ |
| 93 |
f"R {valid_to_dates[0]} {revoked_dates[0]},unspecified 02 unknown /CN=Foo CA/L=Brno",
|
|
| 94 |
f"R {valid_to_dates[1]} {revoked_dates[1]},keyCompromise 03 unknown /CN=Bar CA/C=CZ/L=Pilsen",
|
|
| 95 |
f"R {valid_to_dates[2]} {revoked_dates[2]},CACompromise 05 unknown /CN=Baz CA/ST=ST"
|
|
| 94 |
f"V\t{valid_to_dates[0]}\t\t01\tunknown\t/CN=RootFoo/OU=Department of Foo",
|
|
| 95 |
f"R {valid_to_dates[1]} {revoked_dates[0]},unspecified 02 unknown /CN=Foo CA/L=Brno",
|
|
| 96 |
f"R {valid_to_dates[2]} {revoked_dates[1]},keyCompromise 03 unknown /CN=Bar CA/C=CZ/L=Pilsen",
|
|
| 97 |
f"R {valid_to_dates[3]} {revoked_dates[2]},CACompromise 05 unknown /CN=Baz CA/ST=ST"
|
|
| 96 | 98 |
] |
| 97 | 99 |
|
| 98 | 100 |
assert out == "\n".join(expected_lines) |
| tests/unit_tests/services/crl/ca_index_file_line_generator_test.py | ||
|---|---|---|
| 2 | 2 |
|
| 3 | 3 |
from src.model.certificate import Certificate |
| 4 | 4 |
from src.model.subject import Subject |
| 5 |
from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line |
|
| 5 |
from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line, create_index_file_valid_line
|
|
| 6 | 6 |
|
| 7 | 7 |
|
| 8 | 8 |
def test_get_index_file_time_entry_valid(): |
| ... | ... | |
| 64 | 64 |
"Widgits Pty Ltd " |
| 65 | 65 |
|
| 66 | 66 |
assert expected == index_line |
| 67 |
|
|
| 68 |
def test_get_index_file_valid_line(): |
|
| 69 |
cert = Certificate( |
|
| 70 |
1, "IA CA", "", "01.04.2023 15:01:11", "", -1, -1, -1, {}, "", ""
|
|
| 71 |
) |
|
| 72 |
|
|
| 73 |
date_format = "%d.%m.%Y %H:%M:%S" |
|
| 74 |
|
|
| 75 |
expiration_date = time.strptime(cert.valid_to, date_format) |
|
| 76 |
|
|
| 77 |
index_line = create_index_file_valid_line(cert, Subject( |
|
| 78 |
common_name=cert.common_name, |
|
| 79 |
state="Some-State", |
|
| 80 |
country="AU", |
|
| 81 |
organization="Internet Widgits Pty Ltd " |
|
| 82 |
), expiration_date) |
|
| 83 |
|
|
| 84 |
expected = "V\t230401150111Z\t\t01\tunknown\t/CN=IA CA/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd " |
|
| 85 |
|
|
| 86 |
assert expected == index_line |
|
Také k dispozici: Unified diff
Re #8576 - Fixed generating index file for generating empty CRL