ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

from functools import cmp_to_key

# basic constraints

from typing import Dict

BASIC_CONSTRAINTS_KEY = "basicConstraints"

CRITICAL = "critical"

CA = "CA:TRUE"

# key usages

KEY_USAGES_KEY = "keyUsage"

DIGITAL_SIGNATURE = "digitalSignature"

NON_REPUDIATION = "nonRepudiation"

KEY_ENCIPHERMENT = "keyEncipherment"

DATA_ENCIPHERMENT = "dataEncipherment"

KEY_AGREEMENT = "keyAgreement"

KEY_CERT_SIGN = "keyCertSign"

CRL_SIGN = "cRLSign"

ENCIPHER_ONLY = "encipherOnly"

DECIPHER_ONLY = "decipherOnly"

# extended key usages

EXTENDED_KEY_USAGE_KEY = "extendedKeyUsage"

SERVER_AUTH = "serverAuth"

CLIENT_AUTH = "clientAuth"

CODE_SIGNING = "codeSigning"

EMAIL_PROTECTION = "emailProtection"

TIME_STAMPING = "timeStamping"

OCSP_SIGNING = "OCSPSigning"

class ExtensionFieldFlags:

    def __init__(self, key_usages_flags, extended_key_usages_flags, basic_constraints_flags):

        self.key_usages_flags = key_usages_flags

        self.extended_key_usages_flags = extended_key_usages_flags

        self.basic_constraints_flags = basic_constraints_flags

def __compare_with_critical_prioritized(item1, item2):

    # compare in such way, that the CRITICAL str is always considered to be "smaller" (put before) than any other string

    if item1 == CRITICAL:

        # first item is CRITICAL, return -1

        return -1

    elif item2 == CRITICAL:

        # second item is CRITICAL, return 2

        return 1

    elif item1 == item2:

        # items are same, return 0

        return 0

    else:

        # none of the items is CRITICAL and they are not equal, compare via < str overloaded operator

        return -1 if item1 < item2 else 1

def usages_to_extension_lines(usages, required_extension_flags:  Dict[int, ExtensionFieldFlags]):

    """

    Converts usages dictionary to a configuration lines to be put in the extensions section

    :param usages: a dictionary containing usages to be converted into ext. configuration lines

    :param required_extension_flags: an object containing an information about which flags are required to be present

    in the extension configuration lines to be generated

    :return: a list of configuration lines

    """

    # initialize sets that will represent values of all required fields (keyUsages, extendedKeyUsage, basicConstraints)

    key_usages = set()

    extended_key_usages = set()

    basic_constraints = set()

    # iterate over given usages

    for usage, value in usages.items():

        # check whether the usage is set to true

        if value:

            # load required extension fields

            key_usage = required_extension_flags[usage]

            # append the required keyUsage flags

            key_usages = key_usages.union(key_usage.key_usages_flags)

            # append the required extendedKeyUsage flags

            extended_key_usages = extended_key_usages.union(key_usage.extended_key_usages_flags)

            # append the required basicConstraints flags

            basic_constraints = basic_constraints.union(key_usage.basic_constraints_flags)

    lines = []

    # sort flags so their order is consistent and therefore testable

    # after sorting the flags generate an extension line joining the flags with "," character

    if len(basic_constraints) > 0:

        # "basicConstraints" (maybe) require the "critical" flag to be at the head of the list if present

        lines.append(

            f"""{BASIC_CONSTRAINTS_KEY}={",".join(sorted(basic_constraints, key=cmp_to_key(__compare_with_critical_prioritized)))}""")

    if len(key_usages) > 0:

        # "keyUsages" (maybe) require the "critical" flag to be at the head of the list if present

        lines.append(

            f"""{KEY_USAGES_KEY}={",".join(sorted(key_usages, key=cmp_to_key(__compare_with_critical_prioritized)))}""")

    if len(extended_key_usages) > 0:

        lines.append(f"""{EXTENDED_KEY_USAGE_KEY}={",".join(sorted(extended_key_usages))}""")

    return lines