Revize 87c56935
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 55 | 55 |
|
| 56 | 56 |
# create a new self signed certificate |
| 57 | 57 |
cert_pem = self.cryptography_service.create_sscrt(subject, key.private_key, key_pass=key.password, |
| 58 |
extensions=extensions, config=config, days=days) |
|
| 58 |
extensions=extensions, config=config, days=days, sn=cert_id)
|
|
| 59 | 59 |
# specify CA usage |
| 60 | 60 |
usages[CA_ID] = True |
| 61 | 61 |
|
| ... | ... | |
| 123 | 123 |
issuer_key.private_key, |
| 124 | 124 |
subject_key_pass=subject_key.password, |
| 125 | 125 |
issuer_key_pass=issuer_key.password, extensions=extensions, |
| 126 |
days=days) |
|
| 126 |
days=days, |
|
| 127 |
sn=cert_id) |
|
| 127 | 128 |
|
| 128 | 129 |
# specify CA usage |
| 129 | 130 |
usages[CA_ID] = True |
| ... | ... | |
| 171 | 172 |
if usages is None: |
| 172 | 173 |
usages = {}
|
| 173 | 174 |
|
| 175 |
# get the next certificate ID in order to be able to specify the serial number |
|
| 176 |
cert_id = self.certificate_repository.get_next_id() |
|
| 177 |
|
|
| 174 | 178 |
# generate a new certificate |
| 175 | 179 |
cert_pem = self.cryptography_service.create_crt(subject, subject_key.private_key, issuer_cert.pem_data, |
| 176 | 180 |
issuer_key.private_key, |
| 177 | 181 |
subject_key_pass=subject_key.password, |
| 178 | 182 |
issuer_key_pass=issuer_key.password, extensions=extensions, |
| 179 |
days=days) |
|
| 183 |
days=days, |
|
| 184 |
sn=cert_id |
|
| 185 |
) |
|
| 180 | 186 |
|
| 181 | 187 |
# wrap the generated certificate using Certificate class |
| 182 | 188 |
certificate = self.__create_wrapper(cert_pem, subject_key.private_key_id, usages, |
| src/services/cryptography.py | ||
|---|---|---|
| 205 | 205 |
params = ["x509", "-req", "-in", "-", "-CA", "-", "-CAkey", "-", "-CAcreateserial", "-days", str(days), |
| 206 | 206 |
"-set_serial", str(sn)] |
| 207 | 207 |
|
| 208 |
# TODO delete created -.srl file |
|
| 209 |
|
|
| 210 | 208 |
with TemporaryFile("extensions.conf", extensions) as ext_path:
|
| 211 | 209 |
# add the passphrase even when None is passed. Otherwise when running tests with pytest some tests freeze |
| 212 | 210 |
# waiting for the passphrase to be typed in |
Také k dispozici: Unified diff
Re #8575 - Fixed an issue where serial number was not passed when creating certificates
Removed a TODO that has already been fixed