Revize 64cfca84
Přidáno uživatelem Jan Pašek před téměř 4 roky(ů)
| src/services/cryptography.py | ||
|---|---|---|
| 3 | 3 |
import time |
| 4 | 4 |
import random |
| 5 | 5 |
|
| 6 |
from src.constants import CRL_CONFIG |
|
| 7 |
from src.model.certificate import Certificate |
|
| 8 |
from src.model.private_key import PrivateKey |
|
| 6 | 9 |
from src.model.subject import Subject |
| 7 | 10 |
from src.utils.temporary_file import TemporaryFile |
| 8 | 11 |
|
| ... | ... | |
| 129 | 132 |
# file instead of an extension file. Therefore the following code creates |
| 130 | 133 |
# the most basic configuration file with sscrt_ext section, that is later |
| 131 | 134 |
# reference in openssl req command using -extensions option. |
| 132 |
extensions += "\n"+CA_EXTENSIONS
|
|
| 135 |
extensions += "\n" + CA_EXTENSIONS
|
|
| 133 | 136 |
if len(config) == 0: |
| 134 | 137 |
config += MINIMAL_CONFIG_FILE |
| 135 | 138 |
config += "\n[ " + SSCRT_SECTION + " ]" + "\n" + extensions |
| ... | ... | |
| 146 | 149 |
if len(config) > 0: |
| 147 | 150 |
args.extend(["-config", conf_path]) |
| 148 | 151 |
if len(extensions) > 0: |
| 149 |
args.extend(["-extensions", SSCRT_SECTION]) # when creating SSCRT, section references section in config |
|
| 152 |
args.extend(["-extensions", SSCRT_SECTION]) # when creating SSCRT, section references section in config
|
|
| 150 | 153 |
|
| 151 | 154 |
# it would be best to not send the pass phrase at all, but for some reason pytest then prompts for |
| 152 | 155 |
# the pass phrase (this does not happen when run from pycharm) |
| ... | ... | |
| 355 | 358 |
""" |
| 356 | 359 |
return self.__run_for_output(["version"]).decode("utf-8")
|
| 357 | 360 |
|
| 358 |
def generate_crl(self, index_file_path: str) -> str: |
|
| 361 |
def generate_crl(self, cert: Certificate, key: PrivateKey, index_file_path: str) -> str:
|
|
| 359 | 362 |
""" |
| 360 | 363 |
Generate a CertificateRevocationList for a specified |
| 361 | 364 |
certificate authority. |
| 362 | 365 |
|
| 366 |
:param key: key that is used to sign the CRL (must belong to the given certificate) |
|
| 367 |
:param cert: Certificate of the certificate authority that issue the CRL |
|
| 363 | 368 |
:param index_file_path: path to a file that contains the openssl index with all revoked certificates |
| 364 | 369 |
:return: CRL encoded in PEM format string |
| 365 | 370 |
""" |
| 366 |
# TODO |
|
| 367 |
return "" |
|
| 371 |
with TemporaryFile("serial.srl", "0") as serial_file, \
|
|
| 372 |
TemporaryFile("crl.conf", CRL_CONFIG % (index_file_path, serial_file)) as config_file, \
|
|
| 373 |
TemporaryFile("certificate.pem", cert.pem_data) as cert_file, \
|
|
| 374 |
TemporaryFile("private_key.pem", key.private_key) as key_file:
|
|
| 375 |
|
|
| 376 |
args = ["ca", "-config", config_file, "-gencrl", "-keyfile", key_file, "-cert", cert_file, "-outdir", "."] |
|
| 377 |
return self.__run_for_output(args).decode("utf-8")
|
|
| 378 |
|
|
| 368 | 379 |
|
| 369 | 380 |
class CryptographyException(Exception): |
| 370 | 381 |
|
Také k dispozici: Unified diff
Re #8576 - cryptography.py implemented generate_crl()