Revize 7f9b2c58
Přidáno uživatelem Michal Seják před téměř 4 roky(ů)
| src/services/cryptography.py | ||
|---|---|---|
| 380 | 380 |
|
| 381 | 381 |
return self.__run_for_output(args).decode("utf-8")
|
| 382 | 382 |
|
| 383 |
def generate_ocsp(self, cert, key, index_path, der_ocsp_request): |
|
| 384 |
""" |
|
| 385 |
Generate an OCSP Response from an OCSP Request given the issuer cert, issuer cert key and the index file. |
|
| 386 |
The OSCP Response is signed by the CA itself (recommended way according to multiple sources). |
|
| 387 |
|
|
| 388 |
:param cert: issuer certificate |
|
| 389 |
:param key: corresponding key |
|
| 390 |
:param index_path: path/to/the/generated/index/file |
|
| 391 |
:param der_ocsp_request: DER encoded OCSP Request |
|
| 392 |
:return: DER encoded OCSP Response |
|
| 393 |
""" |
|
| 394 |
with TemporaryFile("certificate.pem", cert.pem_data) as ca_certificate, \
|
|
| 395 |
TemporaryFile("private_key.pem", key.private_key) as key_file, \
|
|
| 396 |
TemporaryFile("request.der", der_ocsp_request) as request_file:
|
|
| 397 |
|
|
| 398 |
args = ["ocsp", "-index", index_path, "-CA", ca_certificate, "-rsigner", ca_certificate, "-rkey", key_file, |
|
| 399 |
"-reqin", request_file, "-respout", "-"] |
|
| 400 |
|
|
| 401 |
if key.password is not None and key.password != "": |
|
| 402 |
args.extend(["-passin", f"pass:{key.password}"])
|
|
| 403 |
|
|
| 404 |
return self.__run_for_output(args) |
|
| 405 |
|
|
| 383 | 406 |
|
| 384 | 407 |
class CryptographyException(Exception): |
| 385 | 408 |
|
Také k dispozici: Unified diff
Re #8577 - Added a `generate_ocsp` method to the CryptoService - calls OpenSSL to generate the response.