ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

from src.model.certificate import Certificate

from src.model.private_key import PrivateKey

from src.model.subject import Subject

from src.utils.temporary_file import TemporaryFile

# encryption method to be used when generating private keys

        :param subject: subject to be converted

        :return: a dictionary containing openssl field names mapped to subject's fields

        """

        subj_dict = {}

        if subject.common_name is not None:

            subj_dict["CN"] = subject.common_name

        :param executable: Executable to be run (defaults to openssl)

        :return: If the process ends with a zero return code then the STDOUT of the process is returned as a byte array.

        """

        if args is None:

            args = []

        try:

            if proc.returncode != 0:

                # if the process did not result in zero result code, then raise an exception

                if err is not None and len(err) > 0:

                    raise CryptographyException(executable, args, err.decode())

                else:

                    raise CryptographyException(executable, args,

                                                f""""Execution resulted in non-zero argument""")

            return out

        except FileNotFoundError:

            raise CryptographyException(executable, args, f""""{executable}" not found in the current PATH.""")

    def create_private_key(self, passphrase=None):

        encrypted at all). Empty passphrase ("") also results in a key that is not encrypted.

        :return: string containing the generated private key in PEM format

        """

        if passphrase is None or len(passphrase) == 0:

            return self.__run_for_output(["genrsa", "2048"]).decode()

        else:

        :return: string containing the generated certificate in PEM format

        """

        assert key is not None

        assert subject is not None

        :return: string containing the generated certificate signing request in PEM format

        """

        subj_param = self.__subject_to_param_format(subject)

        args = ["req", "-new", "-subj", subj_param, "-key", "-"]

        :return: string containing the generated and signed certificate in PEM format

        """

        # concatenate CSR, issuer certificate and issuer's key (will be used in the openssl call)

        proc_input = csr + issuer_pem + issuer_key

        :param sn: serial number to be set, when "None" is set a random serial number is generated

        :return: string containing the generated certificate in PEM format

        """

        csr = self.__create_csr(subject, subject_key, key_pass=subject_key_pass)

        return self.__sign_csr(csr, issuer_pem, issuer_key, issuer_key_pass=issuer_key_pass, extensions=extensions,

                               days=days, sn=sn)

        :param certificate: certificate to be verified in PEM format

        :return: Returns `true` if the certificate is not expired, `false` when expired.

        """

        # call openssl to check whether the certificate is valid to this date

        args = [OPENSSL_EXECUTABLE, "x509", "-checkend", "0", "-noout", "-text", "-in", "-"]

            return False

        else:

            # the process failed because of some other reason (incorrect cert format)

            raise CryptographyException(OPENSSL_EXECUTABLE, args, err.decode())

    def extract_public_key_from_private_key(self, private_key_pem: str, passphrase=None) -> str:

        :param passphrase: passphrase to be provided when the supplied private key is encrypted

        :return: a string containing the extracted public key in PEM format

        """

        args = ["rsa", "-in", "-", "-pubout"]

        if passphrase is not None:

            args.extend(["-passin", f"pass:{passphrase}"])

        :param cert_pem: PEM data representing a certificate from which a public key should be extracted

        :return: a string containing the extracted public key in PEM format

        """

        # extracting public key from a certificate does not seem to require a passphrase even when

        # signed using an encrypted PK

        args = ["x509", "-in", "-", "-noout", "-pubkey"]

        :param cert_pem: a certificated in a PEM format to be parsed

        :return: a tuple containing a subject, NOT_BEFORE and NOT_AFTER dates

        """

        # run openssl x509 to view certificate content

        args = ["x509", "-noout", "-subject", "-startdate", "-enddate", "-in", "-"]

        Get version of the OpenSSL installed on the system

        :return: version of the OpenSSL as returned from the process

        """

        return self.__run_for_output(["version"]).decode("utf-8")

    def generate_crl(self, cert: Certificate, key: PrivateKey, index_file_path: str) -> str:

        :param index_file_path: path to a file that contains the openssl index with all revoked certificates

        :return: CRL encoded in PEM format string

        """

        # openssl ca requires the .srl file to exists, therefore a dummy, unused file is created

        with TemporaryFile("serial.srl", "0") as serial_file, \

             TemporaryFile("crl.conf", CRL_CONFIG % (index_file_path, serial_file)) as config_file, \

        :param der_ocsp_request: DER encoded OCSP Request

        :return: DER encoded OCSP Response

        """

        with TemporaryFile("certificate.pem", cert.pem_data) as ca_certificate, \

             TemporaryFile("private_key.pem", key.private_key) as key_file, \

             TemporaryFile("request.der", der_ocsp_request) as request_file:

        self.message = message

    def __str__(self):

        EXECUTABLE: {self.executable}

        ARGS: {self.args}

        MESSAGE: {self.message}

        """