Revize df7f5fda
Přidáno uživatelem Stanislav Král před téměř 4 roky(ů)
| src/services/cryptography.py | ||
|---|---|---|
| 462 | 462 |
:return: byte array containing the generated identity |
| 463 | 463 |
""" |
| 464 | 464 |
with TemporaryFile("cert_key.pem", cert_key_pem) as cert_key_pem_file:
|
| 465 |
args = ["pkcs12", "-export", "-name", identity_name, "-in", "-", "-inkey", cert_key_pem_file, "-CAfile", |
|
| 466 |
"-", "-passout", f"pass:{identity_passphrase}", "-passin", f"pass:{cert_key_passphrase}"]
|
|
| 465 |
args = ["pkcs12", "-export", "-name", identity_name, "-in", "-", "-inkey", cert_key_pem_file, "-passout", f"pass:{identity_passphrase}", "-passin", f"pass:{cert_key_passphrase}"]
|
|
| 466 |
proc_input = cert_pem |
|
| 467 |
# when the chain of trust is not empty append the -CAfile argument and the concatenated list of CoT PEMs |
|
| 468 |
# to the input of the process to be launched |
|
| 469 |
if len(chain_of_trust_pems) > 0: |
|
| 470 |
args.extend(["-CAfile", "-", ]) |
|
| 471 |
proc_input += "".join(chain_of_trust_pems) |
|
| 467 | 472 |
return self.__run_for_output(args, |
| 468 |
proc_input=bytes(cert_pem + "".join(chain_of_trust_pems), |
|
| 469 |
encoding="utf-8")) |
|
| 473 |
proc_input=bytes(proc_input, encoding="utf-8")) |
|
| 470 | 474 |
|
| 471 | 475 |
|
| 472 | 476 |
class CryptographyException(Exception): |
Také k dispozici: Unified diff
Re #8708 - Changed the behaviour of the generate_pkcs_identity method in the CryptographyService that now does not use the -CAfile argument when the passed chain of trust is empty
Added a unit test verifying that the changed method works as expected when empty chain of trust is passed