Revize ef65f488
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/dao/certificate_repository.py | ||
|---|---|---|
| 113 | 113 |
else: |
| 114 | 114 |
return None |
| 115 | 115 |
|
| 116 |
def read_all(self, filter_type: int = None): |
|
| 116 |
def read_all(self, filter_type: int = None) -> List[Certificate]:
|
|
| 117 | 117 |
""" |
| 118 | 118 |
Reads (selects) all certificates (with type). |
| 119 | 119 |
|
| src/services/certificate_service.py | ||
|---|---|---|
| 1 |
from typing import List |
|
| 2 |
|
|
| 1 | 3 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID, CA_ID, CERTIFICATE_ID |
| 2 | 4 |
from src.dao.certificate_repository import CertificateRepository |
| 3 | 5 |
from src.model.certificate import Certificate |
| ... | ... | |
| 123 | 125 |
def get_certificate(self, unique_id: int) -> Certificate: |
| 124 | 126 |
return self.certificate_repository.read(unique_id) |
| 125 | 127 |
|
| 126 |
def get_certificates(self, cert_type=None) -> Certificate:
|
|
| 128 |
def get_certificates(self, cert_type=None) -> List[Certificate]:
|
|
| 127 | 129 |
return self.certificate_repository.read_all(cert_type) |
| 130 |
|
|
| 131 |
def get_chain_of_trust(self, from_id: int, to_id: int = -1, exclude_root=True) -> List[Certificate]: |
|
| 132 |
start_cert = self.certificate_repository.read(from_id) |
|
| 133 |
|
|
| 134 |
if start_cert is None or (start_cert.type_id == ROOT_CA_ID and exclude_root): |
|
| 135 |
return [] |
|
| 136 |
|
|
| 137 |
current_cert = start_cert |
|
| 138 |
chain_of_trust = [current_cert] |
|
| 139 |
|
|
| 140 |
# TODO could possibly be simplified |
|
| 141 |
if start_cert.type_id == ROOT_CA_ID: |
|
| 142 |
return chain_of_trust |
|
| 143 |
|
|
| 144 |
while True: |
|
| 145 |
parent_cert = self.certificate_repository.read(current_cert.parent_id) |
|
| 146 |
|
|
| 147 |
# check whether parent certificate |
|
| 148 |
if parent_cert is None or parent_cert.type_id == ROOT_CA_ID: |
|
| 149 |
if not exclude_root: |
|
| 150 |
chain_of_trust.append(parent_cert) |
|
| 151 |
break |
|
| 152 |
|
|
| 153 |
chain_of_trust.append(parent_cert) |
|
| 154 |
|
|
| 155 |
if parent_cert.certificate_id == to_id: |
|
| 156 |
break |
|
| 157 |
|
|
| 158 |
current_cert = parent_cert |
|
| 159 |
|
|
| 160 |
return chain_of_trust |
|
| src/services/cryptography.py | ||
|---|---|---|
| 260 | 260 |
found = re.findall(r"\s?([^c=\s]+)\s?=\s?([^,\n]+)", match.group(1)) |
| 261 | 261 |
subj = Subject() |
| 262 | 262 |
for key, value in found: |
| 263 |
print(f"{key}:{value}")
|
|
| 264 | 263 |
if key == "C": |
| 265 | 264 |
subj.country = value |
| 266 | 265 |
elif key == "ST": |
| tests/integration_tests/services/certificate_key_service_test.py | ||
|---|---|---|
| 149 | 149 |
assert 1 == len(certificate_service_unique.get_certificates(cert_type=ROOT_CA_ID)) |
| 150 | 150 |
assert 1 == len(certificate_service_unique.get_certificates(cert_type=INTERMEDIATE_CA_ID)) |
| 151 | 151 |
assert 1 == len(certificate_service_unique.get_certificates(cert_type=CERTIFICATE_ID)) |
| 152 |
|
|
| 153 |
|
|
| 154 |
def test_get_chain_of_trust(private_key_service, certificate_service): |
|
| 155 |
root_ca_private_key = private_key_service.create_new_key(passphrase="foobar") |
|
| 156 |
inter_ca_private_key = private_key_service.create_new_key(passphrase="barfoo") |
|
| 157 |
end_cert_private_key = private_key_service.create_new_key(passphrase="foofoo") |
|
| 158 |
|
|
| 159 |
root_ca_cert = certificate_service.create_root_ca(root_ca_private_key, |
|
| 160 |
Subject(common_name="RootFoo", |
|
| 161 |
organization_unit="Department of Foo")) |
|
| 162 |
print(root_ca_cert.certificate_id) |
|
| 163 |
|
|
| 164 |
inter_ca_cert = certificate_service.create_ca(inter_ca_private_key, Subject(common_name="Intermediate CA"), |
|
| 165 |
root_ca_cert, |
|
| 166 |
root_ca_private_key, usages={SSL_ID: True})
|
|
| 167 |
print(inter_ca_cert.certificate_id) |
|
| 168 |
print(inter_ca_cert.parent_id) |
|
| 169 |
|
|
| 170 |
cert = certificate_service.create_end_cert(end_cert_private_key, |
|
| 171 |
Subject("Foo Child", email_address="foo@bar.cz"), inter_ca_cert,
|
|
| 172 |
inter_ca_private_key, usages={AUTHENTICATION_ID: True})
|
|
| 173 |
print(cert.certificate_id) |
|
| 174 |
print(cert.parent_id) |
|
| 175 |
|
|
| 176 |
cot = certificate_service.get_chain_of_trust(cert.certificate_id) |
|
| 177 |
assert len(cot) == 2 |
|
| 178 |
assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id] |
|
| 179 |
|
|
| 180 |
cot = certificate_service.get_chain_of_trust(cert.certificate_id, root_ca_cert.private_key_id) |
|
| 181 |
assert len(cot) == 2 |
|
| 182 |
assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id] |
|
| 183 |
|
|
| 184 |
cot = certificate_service.get_chain_of_trust(cert.certificate_id, inter_ca_cert.private_key_id) |
|
| 185 |
assert len(cot) == 2 |
|
| 186 |
assert [cert.certificate_id, inter_ca_cert.certificate_id] == [cot[0].certificate_id, cot[1].certificate_id] |
|
| 187 |
|
|
| 188 |
cot = certificate_service.get_chain_of_trust(cert.certificate_id, exclude_root=False) |
|
| 189 |
assert len(cot) == 3 |
|
| 190 |
assert [cert.certificate_id, inter_ca_cert.certificate_id, root_ca_cert.certificate_id] == [cot[0].certificate_id, |
|
| 191 |
cot[1].certificate_id, |
|
| 192 |
cot[2].certificate_id] |
|
| 193 |
|
|
| 194 |
# starting from intermediate certificate |
|
| 195 |
cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id) |
|
| 196 |
assert len(cot) == 1 |
|
| 197 |
assert [inter_ca_cert.certificate_id] == [cot[0].certificate_id] |
|
| 198 |
|
|
| 199 |
cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id, root_ca_cert.private_key_id) |
|
| 200 |
assert len(cot) == 1 |
|
| 201 |
assert [inter_ca_cert.certificate_id] == [cot[0].certificate_id] |
|
| 202 |
|
|
| 203 |
cot = certificate_service.get_chain_of_trust(inter_ca_cert.certificate_id, exclude_root=False) |
|
| 204 |
assert len(cot) == 2 |
|
| 205 |
assert [inter_ca_cert.certificate_id, root_ca_cert.certificate_id] == [cot[0].certificate_id, |
|
| 206 |
cot[1].certificate_id] |
|
| 207 |
|
|
| 208 |
# starting from intermediate certificate |
|
| 209 |
cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id) |
|
| 210 |
assert len(cot) == 0 |
|
| 211 |
|
|
| 212 |
cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id, root_ca_cert.private_key_id) |
|
| 213 |
assert len(cot) == 0 |
|
| 214 |
|
|
| 215 |
cot = certificate_service.get_chain_of_trust(root_ca_cert.certificate_id, exclude_root=False) |
|
| 216 |
assert len(cot) == 1 |
|
| 217 |
assert [root_ca_cert.certificate_id] == [cot[0].certificate_id] |
|
Také k dispozici: Unified diff
Re #8472 - Implemented get_chain_of_trust method and added an integration test validating it
Added return type specification to read_all method in CertificateRepository