Revize 2f5101f1
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 21 | 21 |
|
| 22 | 22 |
# TODO usages present in method parameters but not in class diagram |
| 23 | 23 |
def create_root_ca(self, key: PrivateKey, subject: Subject, extensions: str = "", config: str = "", |
| 24 |
usages=None): |
|
| 24 |
usages=None, days=30):
|
|
| 25 | 25 |
""" |
| 26 | 26 |
Creates a root CA certificate based on the given parameters. |
| 27 | 27 |
:param key: Private key to be used when generating the certificate |
| ... | ... | |
| 29 | 29 |
:param config: String containing the configuration to be used |
| 30 | 30 |
:param extensions: Name of the section in the configuration representing extensions |
| 31 | 31 |
:param usages: A dictionary containing usages of the certificate to be generated (see constants.py) |
| 32 |
:param days: Number of days for which the generated cert. will be considered valid |
|
| 32 | 33 |
:return: An instance of Certificate class representing the generated root CA cert |
| 33 | 34 |
""" |
| 34 | 35 |
if usages is None: |
| ... | ... | |
| 36 | 37 |
|
| 37 | 38 |
# create a new self signed certificate |
| 38 | 39 |
cert_pem = self.cryptography_service.create_sscrt(subject, key.private_key, key_pass=key.password, |
| 39 |
extensions=extensions, config=config) |
|
| 40 |
extensions=extensions, config=config, days=days)
|
|
| 40 | 41 |
# specify CA usage |
| 41 | 42 |
usages[CA_ID] = True |
| 42 | 43 |
|
| src/services/cryptography.py | ||
|---|---|---|
| 92 | 92 |
return self.__run_for_output( |
| 93 | 93 |
["genrsa", PRIVATE_KEY_ENCRYPTION_METHOD, "-passout", f"pass:{passphrase}", "2048"]).decode()
|
| 94 | 94 |
|
| 95 |
def create_sscrt(self, subject, key, config="", extensions="", key_pass=None): |
|
| 95 |
def create_sscrt(self, subject, key, config="", extensions="", key_pass=None, days=30):
|
|
| 96 | 96 |
""" |
| 97 | 97 |
Creates a root CA |
| 98 | 98 |
|
| ... | ... | |
| 101 | 101 |
:param config: string containing the configuration to be used |
| 102 | 102 |
:param extensions: name of the section in the configuration representing extensions |
| 103 | 103 |
:param key_pass: passphrase of the private key |
| 104 |
:param days: number of days for which the certificate will be valid |
|
| 104 | 105 |
|
| 105 | 106 |
:return: string containing the generated certificate in PEM format |
| 106 | 107 |
""" |
| ... | ... | |
| 110 | 111 |
subj = self.__subject_to_param_format(subject) |
| 111 | 112 |
|
| 112 | 113 |
with TemporaryFile("openssl.conf", config) as conf_path:
|
| 113 |
args = ["req", "-x509", "-new", "-subj", subj, |
|
| 114 |
args = ["req", "-x509", "-new", "-subj", subj, "-days", f"{days}",
|
|
| 114 | 115 |
"-key", "-"] |
| 115 | 116 |
if len(config) > 0: |
| 116 | 117 |
args.extend(["-config", conf_path]) |
| tests/unit_tests/services/cryptography/self_signed_cert_test.py | ||
|---|---|---|
| 110 | 110 |
with pytest.raises(CryptographyException) as e: |
| 111 | 111 |
service.create_sscrt(Subject(common_name="Topnax", country="CZ"), private_key) |
| 112 | 112 |
assert "bad decrypt" in e.value.message |
| 113 |
|
|
| 114 |
|
|
| 115 |
def test_create_sscrt_days(service): |
|
| 116 |
# create a self signed certificate using configuration and extensions |
|
| 117 |
private_key = service.create_private_key(passphrase="foobar") |
|
| 118 |
|
|
| 119 |
cert = service.create_sscrt(Subject(common_name="Topnax"), private_key, key_pass="foobar", |
|
| 120 |
days=30) |
|
| 121 |
|
|
| 122 |
cert_2 = service.create_sscrt(Subject(common_name="Topnax"), private_key, |
|
| 123 |
key_pass="foobar", |
|
| 124 |
days=31) |
|
| 125 |
|
|
| 126 |
cert_3 = service.create_sscrt(Subject(common_name="Topnax"), private_key, |
|
| 127 |
key_pass="foobar", |
|
| 128 |
days=32) |
|
| 129 |
|
|
| 130 |
args = ["openssl", "x509", "-noout", "-enddate", "-in", "-"] |
|
| 131 |
cert_printed = subprocess.check_output(args, |
|
| 132 |
input=bytes(cert, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
|
| 133 |
cert_printed_2 = subprocess.check_output(args, |
|
| 134 |
input=bytes(cert_2, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
|
| 135 |
|
|
| 136 |
cert_printed_3 = subprocess.check_output(args, |
|
| 137 |
input=bytes(cert_3, encoding="utf-8"), stderr=subprocess.STDOUT).decode() |
|
| 138 |
|
|
| 139 |
# TODO improve this test by parsing the date |
|
| 140 |
assert cert_printed != cert_printed_2 |
|
| 141 |
assert cert_printed_2 != cert_printed_3 |
|
| 142 |
assert cert_printed != cert_printed_3 |
|
Také k dispozici: Unified diff
Re #8472 - Added a parameter to the craete_sscrt method in CryptographyService in order to be able to specify tha number of days for which the generated certificate will be valid.