/src/services/crl/crl_service.py - Komentovat - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

| Větev: | Tag: | Revize:

aswi2021jmsd-gitlab/src/services/crl/crl_service.py @ f8bd4850

1	ca31a7f7	Stanislav Král	from datetime import datetime
2	7313994f	Stanislav Král
3			from injector import inject
4
5			from src.dao.certificate_repository import CertificateRepository
6	94e89bb1	Jan Pašek	from src.dao.private_key_repository import PrivateKeyRepository
7	0fd6d825	Jan Pašek	from src.exceptions.certificate_not_found_exception import CertificateNotFoundException
8	94e89bb1	Jan Pašek	from src.exceptions.private_key_not_found_exception import PrivateKeyNotFoundException
9	7313994f	Stanislav Král	from src.services.crl.ca_index_file_line_generator import create_index_file_revoked_line
10			from src.services.cryptography import CryptographyService
11	0fd6d825	Jan Pašek	from src.utils.temporary_file import TemporaryFile
12	7313994f	Stanislav Král
13
14			class CrlService:
15			@inject
16			def __init__(self,
17			certificate_repository: CertificateRepository,
18	94e89bb1	Jan Pašek	key_repository: PrivateKeyRepository,
19	7313994f	Stanislav Král	cryptography_service: CryptographyService
20			):
21	94e89bb1	Jan Pašek	self.key_repository = key_repository
22	7313994f	Stanislav Král	self.certificate_repository = certificate_repository
23			self.cryptography_service = cryptography_service
24
25			def create_revoked_index(self, ca_id) -> str:
26			"""
27			Queries the certificate repository and looks for all certificates revoked by the certificate authority given
28			by the passed ID. Found certificates are then put into a string representing the CA's database index file.
29
30			:param ca_id: ID of the CA whose revoked certificates should be put into the index file
31			:return: a str representing the content of a CA index file
32			"""
33
34			index_lines = []
35			# iterate over revoked certificates of the CA given by an ID
36			for certificate in self.certificate_repository.get_all_revoked_by(ca_id):
37			# extract the complete subject information and not_after date field
38			subject, _, not_after = self.cryptography_service.parse_cert_pem(certificate.pem_data)
39	ca31a7f7	Stanislav Král
40	7313994f	Stanislav Král	line = create_index_file_revoked_line(certificate,
41			subject,
42	ca31a7f7	Stanislav Král	# parse revocation date from unix timestamp to struct_time
43			datetime.utcfromtimestamp(int(certificate.revocation_date)).timetuple(),
44	7313994f	Stanislav Král	not_after)
45
46			# append it to the list of lines
47			index_lines.append(line)
48
49			# join all lines with a new line
50			return "\n".join(index_lines)
51	0fd6d825	Jan Pašek
52			def generate_crl_response(self, ca_id: int) -> str:
53			"""
54			Generate a CRL for the given certificate authority
55			that contains all revoked certificates
56
57			:param ca_id: ID of a CA whose CRL shall be generated
58			:return: CRL in PEM format
59			"""
60	94e89bb1	Jan Pašek	# get cert and check if the requested CA exists and if not throw an exception
61			cert = self.certificate_repository.read(ca_id)
62			if cert is None:
63	0fd6d825	Jan Pašek	raise CertificateNotFoundException(ca_id)
64
65	94e89bb1	Jan Pašek	# get key and check if it exists
66			key = self.key_repository.read(cert.private_key_id)
67			if key is None:
68			raise PrivateKeyNotFoundException(ca_id)
69
70	0fd6d825	Jan Pašek	# Create an index file and call cryptography service to generate CRL
71	94e89bb1	Jan Pašek	with TemporaryFile("crl.index", f"{self.create_revoked_index(ca_id)}\n") as index_path:
72			crl_content = self.cryptography_service.generate_crl(cert, key, index_path)
73	0fd6d825	Jan Pašek
74			return crl_content

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD