Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 87a7a4a5

Přidáno uživatelem Stanislav Král před asi 4 roky(ů)

Re #8472 - Changed access modifier of sign_csr method to private (was protected previously)

Zobrazit rozdíly:

proj/services/cryptography.py
136 136 

  		




  137
  137
  
    
        return self._run_for_output(args, proc_input=bytes(subject_key, encoding="utf-8")).decode()


  		




  138
  138
  
    

  		




  139
  
  
    
    def _sign_csr(self, csr, issuer_pem, issuer_key, issuer_key_pass=None, extensions="", days=30):


  		




  
  139
  
    
    def __sign_csr(self, csr, issuer_pem, issuer_key, issuer_key_pass=None, extensions="", days=30):


  		




  140
  140
  
    
        """


  		




  141
  141
  
    
        Signs the given CSR by the given issuer CA


  		




  142
  142
  
    

  		




  ......




  189
  189
  
    
        :return: string containing the generated certificate in PEM format


  		




  190
  190
  
    
        """


  		




  191
  191
  
    
        csr = self.__create_csr(subject, subject_key, subject_key_pass=subject_key_pass)


  		




  192
  
  
    
        return self._sign_csr(csr, issuer_pem, issuer_key, issuer_key_pass=issuer_key_pass, extensions=extensions,


  		




  193
  
  
    
                              days=days)


  		




  
  192
  
    
        return self.__sign_csr(csr, issuer_pem, issuer_key, issuer_key_pass=issuer_key_pass, extensions=extensions,


  		




  
  193
  
    
                               days=days)


  		




  194
  194
  
    

  		




  195
  195
  
    
    @staticmethod


  		




  196
  196
  
    
    def verify_cert(certificate):


  		












  

    
      proj/tests/services/cryptography/sign_csr_test.py
    
  





  21
  21
  
    
    csr = service._CryptographyService__create_csr(Subject(common_name="bar", country="CZ"), inter_key)


  		




  22
  22
  
    

  		




  23
  23
  
    
    # sign the created CSR with root CA


  		




  24
  
  
    
    inter_ca = service._sign_csr(csr, root_ca, root_key)


  		




  
  24
  
    
    inter_ca = service._CryptographyService__sign_csr(csr, root_ca, root_key)


  		




  25
  25
  
    

  		




  26
  26
  
    
    inter_ca_printed = export_crt(inter_ca)


  		




  27
  27
  
    

  		




  ......




  41
  41
  
    
    csr = service._CryptographyService__create_csr(Subject(common_name="bar", country="CZ"), inter_key)


  		




  42
  42
  
    

  		




  43
  43
  
    
    # sign the created CSR with root CA and specify root key passphrase


  		




  44
  
  
    
    inter_ca = service._sign_csr(csr, root_ca, root_key, issuer_key_pass=root_key_passphrase)


  		




  
  44
  
    
    inter_ca = service._CryptographyService__sign_csr(csr, root_ca, root_key, issuer_key_pass=root_key_passphrase)


  		




  45
  45
  
    

  		




  46
  46
  
    
    inter_ca_printed = export_crt(inter_ca)


  		




  47
  47
  
    

  		




  ......




  51
  51
  
    

  		




  52
  52
  
    
    # try to sign it using a wrong passphrase


  		




  53
  53
  
    
    with pytest.raises(CryptographyException) as e:


  		




  54
  
  
    
        service._sign_csr(csr, root_ca, root_key,


  		




  55
  
  
    
                          extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz.cert", issuer_key_pass="bazbaz")


  		




  
  54
  
    
        service._CryptographyService__sign_csr(csr, root_ca, root_key,


  		




  
  55
  
    
                                               extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz.cert",


  		




  
  56
  
    
                                               issuer_key_pass="bazbaz")


  		




  56
  57
  
    
    assert "bad decrypt" in e.value.message


  		




  57
  58
  
    

  		




  58
  59
  
    
    # try to sign it without specifying a passphrase


  		




  59
  60
  
    
    with pytest.raises(CryptographyException) as e:


  		




  60
  
  
    
        service._sign_csr(csr, root_ca, root_key,


  		




  61
  
  
    
                          extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz.cert")


  		




  
  61
  
    
        service._CryptographyService__sign_csr(csr, root_ca, root_key,


  		




  
  62
  
    
                                               extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz.cert")


  		




  62
  63
  
    
    assert "bad decrypt" in e.value.message


  		




  63
  64
  
    

  		




  64
  65
  
    

  		




  ......




  73
  74
  
    
    csr = service._CryptographyService__create_csr(Subject(common_name="bar", country="CZ"), inter_key)


  		




  74
  75
  
    

  		




  75
  76
  
    
    # sign the created CSR with root CA and specify root key passphrase and specify extensions (AIA and CA)


  		




  76
  
  
    
    inter_ca = service._sign_csr(csr, root_ca, root_key,


  		




  77
  
  
    
                                 extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz/cert\nbasicConstraints=critical,CA:TRUE",


  		




  78
  
  
    
                                 issuer_key_pass=root_key_passphrase)


  		




  
  77
  
    
    inter_ca = service._CryptographyService__sign_csr(csr, root_ca, root_key,


  		




  
  78
  
    
                                                      extensions="authorityInfoAccess = caIssuers;URI:bar.cz/baz/cert\nbasicConstraints=critical,CA:TRUE",


  		




  
  79
  
    
                                                      issuer_key_pass=root_key_passphrase)


  		




  79
  80
  
    

  		




  80
  81
  
    
    inter_ca_printed = export_crt(inter_ca)


  		




  81
  82
  
    

  		












Také k dispozici:  Unified diff