Merge branch 'master' into '8778_Subject_country_code_assertion'
Added a global error handler for CryptographyException errors.Added a dependency ony pytest-mock library in order to be able to mock method calls in tests.Covered the added global CryptographyException error handler in a test.
Empty country code is now considered as a valid country code when creating a new certificate.
Changed tests accordingly.
Improved InvalidSubjectAttribute string representation and added an "except" block in CertificateController that handles this error.
Added docstrings describing the reasons why an InvalidCertificateAttribute error might be raised in the CertificateService.
Added a new exception that is thrown when a subject with an invalid attribute is passed while creating a new certificate via CertificateService.
Merge branch 'master' into '8705_rapi_private_key'
Re #8705 - `verify_key` bugfix - added check whether the passed PEM is an actual key
Merge branch '8702_augmented_filtering' into 'master'
8702 Augmented filtering of certificates
See merge request aswi/aswi-2021/aswi2021jmsd!25
Merge branch '8708_PKCS_Identity' into 'master'
8708 pkcs identity
See merge request aswi/aswi-2021/aswi2021jmsd!22
Re #8708 - Changed the generate_pkcs_identity method of the CertificateService in such way that the Certificate class instance is now passed instead of a certificate ID resulting in a decrease of SQL queries.
Re #8708 - Added a unit test covering a scenario in which an empty identity password is passed to the generate_pkcs_identity method of the CryptographyService
Improved the generate_pkcs_identity method in such way that when None is passed as the identity password then an empty string literal ("") is used instead.
Re #8702 - Finished implementing filtering methods in the CertService.
Merge branch '8590_Implement_subject_fields'
Re #8702 - Started implementing required CertService updates.
Re #8708 - Changed the behaviour of the generate_pkcs_identity method in the CryptographyService that now does not use the -CAfile argument when the passed chain of trust is empty
Added a unit test verifying that the changed method works as expected when empty chain of trust is passed
Re #8708 - Implemented a new method in the CertificateService that does generate a PKCS12 identity by using the CryptographyService
Covered the new method with few integration testsFixed minor typos in the CertificateService
Re #8705 - Added the `verify_key` method to CryptoService.
Re #8705 - Added wrapping methods and the `verify_key` method to KeyService.
Re #8700 - Review merge.
Re #8708 - Implemented a new method in the CryptographyService that allows the caller to create a PKCS12 identity of a certificate and it's chain of trust
Covered the new method with unit tests.
Re #8590 - Modified IF statement- revocation data can be None
Re #8590 - Modified methods due to fields of subject implemented
Re #8707 - Added logging for the new functionality
Re #8707 - Implemented get_certificate_state() in CertificateRepository
Re #8707 - Implemented status in the controller, prepared method in CertificateService
Merge branch '8570_Implement_logging'
Re #8570 - Rotating file settings
Re #8700 - Implemented certificate revalidation check and fixed affected tests
Re #8570 - Added logs
Certificate usage hotfix before DEMO #4 - digital signature does not specify timestamping
Re #8585 - Fixed an issue where required extensions based on cert. usages were not present in the generated certificate
Created an utility that converts usages to extension configuration linesDefined which extension field flags are required for certain usages
Re #8576 crl endpointMerge branch '8576_crl_endpoint' into 'master'See merge request aswi/aswi-2021/aswi2021jmsd!15
Re #8577 - Minor refactoring (crl -> crl_ocsp).
Merge remote-tracking branch 'origin/8576_crl_endpoint' into 8576_crl_endpoint
Re #8576 - openssl config template update, comment added
Re #8577 - Added a `generate_ocsp` method to the CryptoService - calls OpenSSL to generate the response.
Re #8577 - Added a `create_index` method (= index including valid certificates) to the CRL Service.
Re #8576 - Fix of specifying CRL and OCSP endpoint
Re #8576 - Added crl endpoint integration tests, fix of serial number
Re #8576 - Fixed generating index file for generating empty CRL
Merge branch '8583_interactive_details_page' into 'master'
8583 - Interactive details page
See merge request aswi/aswi-2021/aswi2021jmsd!14
Re #8576 - calling CryptographyService from CrlService, passphrase support
Re #8576 - cryptography.py implemented generate_crl()
Re #8576 - CrlService implemented generate_crl_response(), prepared method generate_crl in CryptographyService
Re #8576 - moved CertificateNotFoundException to separate file
Re #8575 - Serial number item in the index file is now always uppercase
Re #8575 - Fixed an issue where when creating an index file the valid_to field was passed instead of the revocation_date field
Re #8575 - Fixed an issue where serial number was not passed when creating certificatesRemoved a TODO that has already been fixed
Re #8575 - Implemented CrlService that allows the caller to generate a CA database index of revoked certificates
Added an integration test verifying its validity.Renamed NOT_BEFORE_AFTER_DATE_FORMAT constant to VALID_FROM_TO_DATE_FORMAT in certificate_service.py....
Re #8575 - Added a file that defines methods used for generating CA index file lines
Added unit tests verifying the validity of added methods
Re #8575 - Added unit tests verifying that serial number is set when creating a self signed certificate
Re #8583 - Deleting certificates
Re #8575 - Fixed an issue where the serial number was not passed when signing a CSR
Re #8575 - Added a "sn" parameter to some CryptographyService
Re #8572 - resolved conflicts
Re #8574 - Added the `get_certificates_issued_by(id)` method to the CertificateService (just calling the homonymous CryptoService method).
Re #8572 - Extended the method in the CertificateService.
Re #8571 - Fixed problems during walk-through code review
Re #8571 - RestAPI testing
Re #8571 - certificate_service.py revocation support end tests
Re #8571 - cryptography.py unified extension specification and support for CRL LF
Re #8573 - Added some CertificateService tests and improved CryptographyService tests of methods that extract public keys
Re #8573 - /api/certificates/{id}/public_key endpoint now does not extract public key from private key but does so directly from the certificate instead
Re #8573 - Implemented extract_public_key_from_certificate
Re #8573 - Added get_public_key method to KeyService that extracts a public key from a private key
Re #8573 - Changed extract_public_key method in such way that it now extracts a public key from a private key instead of a certificate
Re #8573 - Implemented extract_public_key method that allows the caller to extract a public key from a certificate
Re #8569 Checking presence of OpenSSL during init
Re #8569 Prepared services for dependency injection
Re #8569 Parsing datetime in cryptography.py service on windows (stripping \r)
Re #8473 - Added get_subject_from_certificate to certificate_service.py
Re #8473 - Fixed minor typo in certificate_service.py
Re #8472 - Added a parameter to the craete_sscrt method in CryptographyService in order to be able to specify tha number of days for which the generated certificate will be valid.
Re #8472 - Added missing docstrings to KeyService and CertificateService classes
Re #8472 - Added KeyService.delete test and renamed a test suite
Applied a small change to the KeyService.get_keys method
Re #8472 - Implemented delete_certificate method in CertificateService and added a test validating it
Re #8472 - Added get_chain_of_trust method documentation and comments
Re #8472 - Implemented get_chain_of_trust method and added an integration test validating it
Added return type specification to read_all method in CertificateRepository
Re #8472 - Implemented get_certificates method and added an integration test validating it
Added fixtures providing a unique DB connection for each test
Re #8472 - Implemented create_end_cert method and added an integration test validating it
Re #8472 - Added the ability to pass usage dictionary to create_ca and create_root_ca methods via optional parameter
Re #8472 - Implemented create_ca method in CertificateService and added test verifying this method's validity
Re #8472 - Implemented get_certificate method in CertificateService and added a test testing this method
Re #8472 - Finished implementation of create_root_ca method in CertificateService
Re #8472 - Improved parse_cert_pem method in such way that it also parses notBefore and notAfter fields now
Re #8472 - Finished implementation of parse_cert_pem method that parses a subject out of a PEM formatted certificate
Added few unit tests testing this method.
Re #8472 - WIP commit of adding a method capable of parsing a Subject from a cert PEM
Re #8472 - Implemented KeyService
Re #8471 - Merge implement DAO - source code