|
1
|
from injector import inject
|
|
2
|
|
|
3
|
from src.dao.private_key_repository import PrivateKeyRepository
|
|
4
|
from src.model.private_key import PrivateKey
|
|
5
|
from src.services.cryptography import CryptographyService
|
|
6
|
from src.utils.logger import Logger
|
|
7
|
|
|
8
|
|
|
9
|
class KeyService:
|
|
10
|
|
|
11
|
@inject
|
|
12
|
def __init__(self, cryptography_service: CryptographyService, private_key_repository: PrivateKeyRepository):
|
|
13
|
self.cryptography_service = cryptography_service
|
|
14
|
self.private_key_repository = private_key_repository
|
|
15
|
|
|
16
|
def create_new_key(self, passphrase="") -> PrivateKey:
|
|
17
|
"""
|
|
18
|
Creates a new private key using the given passphrase.
|
|
19
|
:param passphrase: Passphrase to be used when encrypting the PK
|
|
20
|
:return: An instance of the <PrivateKey> class representing the generated PK
|
|
21
|
"""
|
|
22
|
|
|
23
|
Logger.debug("Function launched.")
|
|
24
|
|
|
25
|
# generate a new private key
|
|
26
|
private_key_pem = self.cryptography_service.create_private_key(passphrase)
|
|
27
|
|
|
28
|
# store the private key
|
|
29
|
private_key = self.wrap_and_store_key(passphrase, private_key_pem)
|
|
30
|
|
|
31
|
return private_key
|
|
32
|
|
|
33
|
def wrap_and_store_key(self, passphrase, private_key_pem):
|
|
34
|
"""
|
|
35
|
Stores a previously unknown PK PEM/passphrase tuple in a PK repository while wrapping the tuple in a PrivateKey
|
|
36
|
wrapper.
|
|
37
|
:param passphrase: PK passphrase
|
|
38
|
:param private_key_pem: PK PEM
|
|
39
|
:return: a new PrivateKey wrapper
|
|
40
|
"""
|
|
41
|
Logger.debug("Function launched.")
|
|
42
|
|
|
43
|
# store generated PK and the passphrase in a wrapper
|
|
44
|
private_key = PrivateKey(-1, private_key_pem, passphrase)
|
|
45
|
# store the wrapper in the PK repository
|
|
46
|
private_key_id = self.private_key_repository.create(private_key)
|
|
47
|
# assign the generated ID to the wrapper
|
|
48
|
private_key.private_key_id = private_key_id
|
|
49
|
return private_key
|
|
50
|
|
|
51
|
def wrap_custom_key(self, key_pem, passphrase):
|
|
52
|
"""
|
|
53
|
Checks whether a supplied PEM/passphrase tuple is already known and tries to fetch it from a PK repository,
|
|
54
|
if not, stores it in a PK repository. Returns a wrapped PEM/passphrase tuple in a PrivateKey instance together
|
|
55
|
with its associated ID.
|
|
56
|
:param key_pem: target PEM
|
|
57
|
:param passphrase: corresponding passphrase
|
|
58
|
:return: PrivateKey instance
|
|
59
|
"""
|
|
60
|
Logger.debug("Function launched.")
|
|
61
|
|
|
62
|
# check if the supplied key is already known
|
|
63
|
private_key = self.private_key_repository.find_pk(key_pem)
|
|
64
|
|
|
65
|
# if not
|
|
66
|
if private_key is None:
|
|
67
|
# store as new
|
|
68
|
private_key = self.wrap_and_store_key(passphrase, key_pem)
|
|
69
|
|
|
70
|
return private_key
|
|
71
|
|
|
72
|
def get_key(self, unique_id):
|
|
73
|
"""
|
|
74
|
Tries to fetch a PK using the given ID.
|
|
75
|
:param unique_id: ID of the PK to be found
|
|
76
|
:return:An instance of the required PK or `None`
|
|
77
|
"""
|
|
78
|
|
|
79
|
Logger.debug("Function launched.")
|
|
80
|
|
|
81
|
return self.private_key_repository.read(unique_id)
|
|
82
|
|
|
83
|
def get_keys(self, unique_ids=None):
|
|
84
|
"""
|
|
85
|
Tries to fetch all PKs in the repository. Exact PKs to be fetched can be specified using the `unique_ids`
|
|
86
|
parameter. If `unique_ids` parameter is not passed then all PKs in the repository are returned.
|
|
87
|
:param unique_ids: An array containing IDs of PKs to be fetched from the repository.
|
|
88
|
:return: A list of instances of the PrivateKey class representing the PKs found
|
|
89
|
"""
|
|
90
|
|
|
91
|
Logger.debug("Function launched.")
|
|
92
|
|
|
93
|
if unique_ids is None:
|
|
94
|
return self.private_key_repository.read_all()
|
|
95
|
else:
|
|
96
|
# TODO this is very inefficient
|
|
97
|
return [self.private_key_repository.read(identifier) for identifier in unique_ids]
|
|
98
|
|
|
99
|
def delete_key(self, unique_id):
|
|
100
|
"""
|
|
101
|
Deletes a private key
|
|
102
|
|
|
103
|
:param unique_id: ID of specific certificate to be deleted
|
|
104
|
:return: `True` when the deletion was successful. `False` in other case
|
|
105
|
"""
|
|
106
|
|
|
107
|
Logger.debug("Function launched.")
|
|
108
|
|
|
109
|
return self.private_key_repository.delete(unique_id)
|
|
110
|
|
|
111
|
def get_public_key(self, private_key: PrivateKey):
|
|
112
|
"""
|
|
113
|
Extracts a public key from the given private key
|
|
114
|
:param private_key: private key from which a public key should be extracted
|
|
115
|
:return: a string containing the extracted public key in PEM format
|
|
116
|
"""
|
|
117
|
|
|
118
|
Logger.debug("Function launched.")
|
|
119
|
|
|
120
|
return self.cryptography_service.extract_public_key_from_private_key(private_key.private_key,
|
|
121
|
private_key.password)
|
|
122
|
|
|
123
|
def verify_key(self, key, passphrase):
|
|
124
|
"""
|
|
125
|
Verifies whether the provided key is encrypted by the provided passphrase. If passphrase is none, verifies
|
|
126
|
that the provided key is unencrypted.
|
|
127
|
Simply calls the namesake CryptographyService method.
|
|
128
|
:param key: target key
|
|
129
|
:param passphrase: target passphrase or None
|
|
130
|
:return: True if the condition is fulfilled, else False
|
|
131
|
"""
|
|
132
|
return self.cryptography_service.verify_key(key, passphrase)
|