Revize 18588728
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| proj/services/cryptography.py | ||
|---|---|---|
| 72 | 72 |
Creates a private key with the option to encrypt it using a passphrase. |
| 73 | 73 |
:param passphrase: A passphrase to be used when encrypting the key (if none is passed then the key is not |
| 74 | 74 |
encrypted at all). Empty passphrase ("") also results in a key that is not encrypted.
|
| 75 |
:return: A text representation of the generated private key.
|
|
| 75 |
:return: string containing the generated private key in PEM format
|
|
| 76 | 76 |
""" |
| 77 | 77 |
if passphrase is None or len(passphrase) == 0: |
| 78 | 78 |
return self._run_for_output(["genrsa", "2048"]).decode() |
| ... | ... | |
| 80 | 80 |
return self._run_for_output( |
| 81 | 81 |
["genrsa", PRIVATE_KEY_ENCRYPTION_METHOD, "-passout", f"pass:{passphrase}", "2048"]).decode()
|
| 82 | 82 |
|
| 83 |
def create_sscrt(self, key, subject, config="", extensions="", key_passphrase=None):
|
|
| 83 |
def create_sscrt(self, key, subject, config="", extensions="", key_pass=None): |
|
| 84 | 84 |
""" |
| 85 | 85 |
Creates a root CA |
| 86 | 86 |
|
| ... | ... | |
| 88 | 88 |
:param subject: an instance of <Subject> representing the subject to be added to the certificate |
| 89 | 89 |
:param config: string containing the configuration to be used |
| 90 | 90 |
:param extensions: name of the section in the configuration representing extensions |
| 91 |
:param key_passphrase: passphrase of the private key
|
|
| 91 |
:param key_pass: passphrase of the private key |
|
| 92 | 92 |
|
| 93 |
:return: byte array containing the generated certificate
|
|
| 93 |
:return: string containing the generated certificate in PEM format
|
|
| 94 | 94 |
""" |
| 95 | 95 |
assert key is not None |
| 96 | 96 |
assert subject is not None |
| ... | ... | |
| 111 | 111 |
|
| 112 | 112 |
# add the passphrase even when None is passed. Otherwise when running tests with pytest some tests freeze |
| 113 | 113 |
# waiting for the passphrase to be typed in |
| 114 |
args.extend(["-passin", f"pass:{key_passphrase}"])
|
|
| 114 |
args.extend(["-passin", f"pass:{key_pass}"])
|
|
| 115 | 115 |
|
| 116 | 116 |
return self._run_for_output(args, proc_input=bytes(key, encoding="utf-8")).decode() |
| 117 | 117 |
|
| ... | ... | |
| 122 | 122 |
:param subject: an instance of <Subject> representing the subject to be added to the CSR |
| 123 | 123 |
:param subject_key: the private key of the subject to be used to generate the CSR |
| 124 | 124 |
:param subject_key_pass: passphrase of the subject's private key |
| 125 |
:return: byte array containing the generated certificate signing request
|
|
| 125 |
:return: string containing the generated certificate signing request in PEM format
|
|
| 126 | 126 |
""" |
| 127 | 127 |
|
| 128 | 128 |
subj_param = self.subject_to_param_format(subject) |
| ... | ... | |
| 167 | 167 |
|
| 168 | 168 |
return self._run_for_output(params, proc_input=(bytes(proc_input, encoding="utf-8"))).decode() |
| 169 | 169 |
|
| 170 |
def create_crt(self, subject, key, issuer_pem, issuer_key, key_pass=None, issuer_key_pass=None, config="", |
|
| 170 |
def create_crt(self, subject, subject_key, issuer_pem, issuer_key, subject_key_pass=None, issuer_key_pass=None, |
|
| 171 |
config="", |
|
| 171 | 172 |
extensions=""): |
| 172 | 173 |
""" |
| 173 | 174 |
Signs the given CSR by the given issuer CA |
| 174 | 175 |
:param subject: subject to be added to the created certificate |
| 175 |
:param key: string containing the private key to be used when creating the certificate in PEM format |
|
| 176 |
:param subject_key: string containing the private key to be used when creating the certificate in PEM format
|
|
| 176 | 177 |
:param issuer_key: string containing the private key of the issuer's certificate in PEM format |
| 177 | 178 |
:param issuer_pem: string containing the certificate of the issuer that will sign this CSR in PEM format |
| 178 | 179 |
:param issuer_key: string containing the private key of the issuer's certificate in PEM format |
| 179 |
:param key_pass: string containing the passphrase of the private key used when creating the certificate in PEM |
|
| 180 |
:param subject_key_pass: string containing the passphrase of the private key used when creating the certificate in PEM
|
|
| 180 | 181 |
format |
| 181 | 182 |
:param issuer_key_pass: string containing the passphrase of the private key of the issuer's certificate in PEM |
| 182 | 183 |
format |
| 183 | 184 |
:param config: TODO NOT USED |
| 184 | 185 |
:param extensions: extensions to be applied when creating the certificate |
| 185 |
:return: string containing the generated in PEM format |
|
| 186 |
:return: string containing the generated certificate in PEM format
|
|
| 186 | 187 |
""" |
| 187 |
csr = self.make_csr(subject, key, subject_key_pass=key_pass)
|
|
| 188 |
csr = self.make_csr(subject, subject_key, subject_key_pass=subject_key_pass)
|
|
| 188 | 189 |
return self.sign_csr(csr, issuer_pem, issuer_key, issuer_key_pass=issuer_key_pass, extensions=extensions) |
| 189 | 190 |
|
| 190 | 191 |
|
Také k dispozici: Unified diff
Re #8472 - Small changes in the documentation