Revize ca3ac7c0
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 1 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID |
|
| 1 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID, CA_ID
|
|
| 2 | 2 |
from src.dao.certificate_repository import CertificateRepository |
| 3 | 3 |
from src.model.certificate import Certificate |
| 4 | 4 |
from src.model.private_key import PrivateKey |
| ... | ... | |
| 18 | 18 |
self.certificate_repository = certificate_repository |
| 19 | 19 |
|
| 20 | 20 |
# TODO usages present in method parameters but not in class diagram |
| 21 |
def create_root_ca(self, key: PrivateKey, subject: Subject, extensions: str = "", config: str = ""): |
|
| 21 |
def create_root_ca(self, key: PrivateKey, subject: Subject, extensions: str = "", config: str = "", |
|
| 22 |
usages=None): |
|
| 23 |
if usages is None: |
|
| 24 |
usages = {}
|
|
| 25 |
|
|
| 22 | 26 |
# create a new self signed certificate |
| 23 | 27 |
cert_pem = self.cryptography_service.create_sscrt(subject, key.private_key, key_pass=key.password, |
| 24 | 28 |
extensions=extensions, config=config) |
| ... | ... | |
| 30 | 34 |
not_before_formatted = time.strftime(DATE_FORMAT, not_before) |
| 31 | 35 |
not_after_formatted = time.strftime(DATE_FORMAT, not_after) |
| 32 | 36 |
|
| 37 |
# specify CA usage |
|
| 38 |
usages[CA_ID] = True |
|
| 39 |
|
|
| 33 | 40 |
# create a certificate wrapper |
| 34 | 41 |
certificate = Certificate(-1, subject.common_name, not_before_formatted, not_after_formatted, cert_pem, |
| 35 |
key.private_key_id, ROOT_CA_ID, 0, {})
|
|
| 42 |
key.private_key_id, ROOT_CA_ID, 0, usages)
|
|
| 36 | 43 |
|
| 37 | 44 |
# store the wrapper into the repository |
| 38 | 45 |
created_id = self.certificate_repository.create(certificate) |
| ... | ... | |
| 44 | 51 |
|
| 45 | 52 |
# TODO config parameter present in class diagram but not here (unused) |
| 46 | 53 |
def create_ca(self, subject_key: PrivateKey, subject: Subject, issuer_cert: Certificate, issuer_key: PrivateKey, |
| 47 |
extensions: str = "", days: int = 30): |
|
| 54 |
extensions: str = "", days: int = 30, usages=None): |
|
| 55 |
if usages is None: |
|
| 56 |
usages = {}
|
|
| 57 |
|
|
| 48 | 58 |
extensions = extensions + "\n" + CA_EXTENSIONS |
| 49 | 59 |
# TODO implement AIA URI via extensions |
| 50 | 60 |
cert_pem = self.cryptography_service.create_crt(subject, subject_key.private_key, issuer_cert.pem_data, |
| ... | ... | |
| 60 | 70 |
not_before_formatted = time.strftime(DATE_FORMAT, not_before) |
| 61 | 71 |
not_after_formatted = time.strftime(DATE_FORMAT, not_after) |
| 62 | 72 |
|
| 73 |
# specify CA usage |
|
| 74 |
usages[CA_ID] = True |
|
| 75 |
|
|
| 63 | 76 |
# create a certificate wrapper |
| 64 | 77 |
certificate = Certificate(-1, subject.common_name, not_before_formatted, not_after_formatted, cert_pem, |
| 65 |
subject_key.private_key_id, INTERMEDIATE_CA_ID, 0, {})
|
|
| 78 |
subject_key.private_key_id, INTERMEDIATE_CA_ID, issuer_cert.certificate_id, usages)
|
|
| 66 | 79 |
|
| 67 | 80 |
# store the wrapper into the repository |
| 68 | 81 |
created_id = self.certificate_repository.create(certificate) |
Také k dispozici: Unified diff
Re #8472 - Added the ability to pass usage dictionary to create_ca and create_root_ca methods via optional parameter