| 1 |
151e7604
|
Jan Pašek
|
from injector import inject
|
| 2 |
|
|
|
| 3 |
f62119d4
|
Stanislav Král
|
from src.dao.private_key_repository import PrivateKeyRepository
|
| 4 |
|
|
from src.model.private_key import PrivateKey
|
| 5 |
|
|
from src.services.cryptography import CryptographyService
|
| 6 |
b3c80ccb
|
David Friesecký
|
from src.utils.logger import Logger
|
| 7 |
f62119d4
|
Stanislav Král
|
|
| 8 |
|
|
|
| 9 |
|
|
class KeyService:
|
| 10 |
|
|
|
| 11 |
151e7604
|
Jan Pašek
|
@inject
|
| 12 |
f62119d4
|
Stanislav Král
|
def __init__(self, cryptography_service: CryptographyService, private_key_repository: PrivateKeyRepository):
|
| 13 |
|
|
self.cryptography_service = cryptography_service
|
| 14 |
|
|
self.private_key_repository = private_key_repository
|
| 15 |
|
|
|
| 16 |
a6727aa9
|
Stanislav Král
|
def create_new_key(self, passphrase="") -> PrivateKey:
|
| 17 |
|
|
"""
|
| 18 |
|
|
Creates a new private key using the given passphrase.
|
| 19 |
|
|
:param passphrase: Passphrase to be used when encrypting the PK
|
| 20 |
|
|
:return: An instance of the <PrivateKey> class representing the generated PK
|
| 21 |
|
|
"""
|
| 22 |
b3c80ccb
|
David Friesecký
|
|
| 23 |
|
|
Logger.debug("Function launched.")
|
| 24 |
|
|
|
| 25 |
f62119d4
|
Stanislav Král
|
# generate a new private key
|
| 26 |
|
|
private_key_pem = self.cryptography_service.create_private_key(passphrase)
|
| 27 |
|
|
|
| 28 |
932420d8
|
Captain_Trojan
|
# store the private key
|
| 29 |
|
|
private_key = self.wrap_and_store_key(passphrase, private_key_pem)
|
| 30 |
|
|
|
| 31 |
|
|
return private_key
|
| 32 |
|
|
|
| 33 |
|
|
def wrap_and_store_key(self, passphrase, private_key_pem):
|
| 34 |
|
|
"""
|
| 35 |
|
|
Stores a previously unknown PK PEM/passphrase tuple in a PK repository while wrapping the tuple in a PrivateKey
|
| 36 |
|
|
wrapper.
|
| 37 |
|
|
:param passphrase: PK passphrase
|
| 38 |
|
|
:param private_key_pem: PK PEM
|
| 39 |
|
|
:return: a new PrivateKey wrapper
|
| 40 |
|
|
"""
|
| 41 |
|
|
Logger.debug("Function launched.")
|
| 42 |
|
|
|
| 43 |
f62119d4
|
Stanislav Král
|
# store generated PK and the passphrase in a wrapper
|
| 44 |
|
|
private_key = PrivateKey(-1, private_key_pem, passphrase)
|
| 45 |
|
|
# store the wrapper in the PK repository
|
| 46 |
|
|
private_key_id = self.private_key_repository.create(private_key)
|
| 47 |
|
|
# assign the generated ID to the wrapper
|
| 48 |
|
|
private_key.private_key_id = private_key_id
|
| 49 |
932420d8
|
Captain_Trojan
|
return private_key
|
| 50 |
|
|
|
| 51 |
|
|
def wrap_custom_key(self, key_pem, passphrase):
|
| 52 |
|
|
"""
|
| 53 |
|
|
Checks whether a supplied PEM/passphrase tuple is already known and tries to fetch it from a PK repository,
|
| 54 |
|
|
if not, stores it in a PK repository. Returns a wrapped PEM/passphrase tuple in a PrivateKey instance together
|
| 55 |
|
|
with its associated ID.
|
| 56 |
|
|
:param key_pem: target PEM
|
| 57 |
|
|
:param passphrase: corresponding passphrase
|
| 58 |
|
|
:return: PrivateKey instance
|
| 59 |
|
|
"""
|
| 60 |
|
|
Logger.debug("Function launched.")
|
| 61 |
|
|
|
| 62 |
|
|
# check if the supplied key is already known
|
| 63 |
|
|
private_key = self.private_key_repository.find_pk(key_pem)
|
| 64 |
|
|
|
| 65 |
|
|
# if not
|
| 66 |
|
|
if private_key is None:
|
| 67 |
|
|
# store as new
|
| 68 |
|
|
private_key = self.wrap_and_store_key(passphrase, key_pem)
|
| 69 |
f62119d4
|
Stanislav Král
|
|
| 70 |
|
|
return private_key
|
| 71 |
|
|
|
| 72 |
|
|
def get_key(self, unique_id):
|
| 73 |
a6727aa9
|
Stanislav Král
|
"""
|
| 74 |
|
|
Tries to fetch a PK using the given ID.
|
| 75 |
|
|
:param unique_id: ID of the PK to be found
|
| 76 |
|
|
:return:An instance of the required PK or `None`
|
| 77 |
|
|
"""
|
| 78 |
b3c80ccb
|
David Friesecký
|
|
| 79 |
|
|
Logger.debug("Function launched.")
|
| 80 |
|
|
|
| 81 |
f62119d4
|
Stanislav Král
|
return self.private_key_repository.read(unique_id)
|
| 82 |
|
|
|
| 83 |
699a4f25
|
Stanislav Král
|
def get_keys(self, unique_ids=None):
|
| 84 |
a6727aa9
|
Stanislav Král
|
"""
|
| 85 |
|
|
Tries to fetch all PKs in the repository. Exact PKs to be fetched can be specified using the `unique_ids`
|
| 86 |
|
|
parameter. If `unique_ids` parameter is not passed then all PKs in the repository are returned.
|
| 87 |
|
|
:param unique_ids: An array containing IDs of PKs to be fetched from the repository.
|
| 88 |
|
|
:return: A list of instances of the PrivateKey class representing the PKs found
|
| 89 |
|
|
"""
|
| 90 |
b3c80ccb
|
David Friesecký
|
|
| 91 |
|
|
Logger.debug("Function launched.")
|
| 92 |
|
|
|
| 93 |
699a4f25
|
Stanislav Král
|
if unique_ids is None:
|
| 94 |
|
|
return self.private_key_repository.read_all()
|
| 95 |
|
|
else:
|
| 96 |
|
|
# TODO this is very inefficient
|
| 97 |
|
|
return [self.private_key_repository.read(identifier) for identifier in unique_ids]
|
| 98 |
f62119d4
|
Stanislav Král
|
|
| 99 |
|
|
def delete_key(self, unique_id):
|
| 100 |
a6727aa9
|
Stanislav Král
|
"""
|
| 101 |
|
|
Deletes a private key
|
| 102 |
|
|
|
| 103 |
|
|
:param unique_id: ID of specific certificate to be deleted
|
| 104 |
|
|
:return: `True` when the deletion was successful. `False` in other case
|
| 105 |
|
|
"""
|
| 106 |
b3c80ccb
|
David Friesecký
|
|
| 107 |
|
|
Logger.debug("Function launched.")
|
| 108 |
|
|
|
| 109 |
f62119d4
|
Stanislav Král
|
return self.private_key_repository.delete(unique_id)
|
| 110 |
19d25d2f
|
Stanislav Král
|
|
| 111 |
|
|
def get_public_key(self, private_key: PrivateKey):
|
| 112 |
|
|
"""
|
| 113 |
|
|
Extracts a public key from the given private key
|
| 114 |
|
|
:param private_key: private key from which a public key should be extracted
|
| 115 |
|
|
:return: a string containing the extracted public key in PEM format
|
| 116 |
|
|
"""
|
| 117 |
b3c80ccb
|
David Friesecký
|
|
| 118 |
|
|
Logger.debug("Function launched.")
|
| 119 |
|
|
|
| 120 |
6abfb037
|
Stanislav Král
|
return self.cryptography_service.extract_public_key_from_private_key(private_key.private_key,
|
| 121 |
|
|
private_key.password)
|
| 122 |
932420d8
|
Captain_Trojan
|
|
| 123 |
|
|
def verify_key(self, key, passphrase):
|
| 124 |
|
|
"""
|
| 125 |
|
|
Verifies whether the provided key is encrypted by the provided passphrase. If passphrase is none, verifies
|
| 126 |
|
|
that the provided key is unencrypted.
|
| 127 |
|
|
Simply calls the namesake CryptographyService method.
|
| 128 |
|
|
:param key: target key
|
| 129 |
|
|
:param passphrase: target passphrase or None
|
| 130 |
|
|
:return: True if the condition is fulfilled, else False
|
| 131 |
|
|
"""
|
| 132 |
|
|
return self.cryptography_service.verify_key(key, passphrase)
|