Revize a6727aa9
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 22 | 22 |
# TODO usages present in method parameters but not in class diagram |
| 23 | 23 |
def create_root_ca(self, key: PrivateKey, subject: Subject, extensions: str = "", config: str = "", |
| 24 | 24 |
usages=None): |
| 25 |
""" |
|
| 26 |
Creates a root CA certificate based on the given parameters. |
|
| 27 |
:param key: Private key to be used when generating the certificate |
|
| 28 |
:param subject: Subject to be used put into the certificate |
|
| 29 |
:param config: String containing the configuration to be used |
|
| 30 |
:param extensions: Name of the section in the configuration representing extensions |
|
| 31 |
:param usages: A dictionary containing usages of the certificate to be generated (see constants.py) |
|
| 32 |
:return: An instance of Certificate class representing the generated root CA cert |
|
| 33 |
""" |
|
| 25 | 34 |
if usages is None: |
| 26 | 35 |
usages = {}
|
| 27 | 36 |
|
| ... | ... | |
| 32 | 41 |
usages[CA_ID] = True |
| 33 | 42 |
|
| 34 | 43 |
# wrap into Certificate class |
| 35 |
certificate = self.__create_wrapper(cert_pem, key.private_key_id, subject.common_name, usages, 0,
|
|
| 44 |
certificate = self.__create_wrapper(cert_pem, key.private_key_id, usages, 0, |
|
| 36 | 45 |
ROOT_CA_ID) |
| 37 | 46 |
|
| 38 | 47 |
# store the wrapper into the repository |
| ... | ... | |
| 43 | 52 |
|
| 44 | 53 |
return certificate |
| 45 | 54 |
|
| 46 |
def __create_wrapper(self, cert_pem, private_key_id, common_name, usages, parent_id, cert_type): |
|
| 55 |
def __create_wrapper(self, cert_pem, private_key_id, usages, parent_id, cert_type): |
|
| 56 |
""" |
|
| 57 |
Wraps the given parameters using hte Certificate class. Uses CryptographyService to find out the notBefore and |
|
| 58 |
notAfter fields. |
|
| 59 |
:param cert_pem: PEM of the cert. to be wrapped |
|
| 60 |
:param private_key_id: ID of the private key used to create the given certificate |
|
| 61 |
:param usages: A dictionary containing usages of the generated certificate generated (see constants.py) |
|
| 62 |
:param parent_id: ID of the CA that issued this certificate |
|
| 63 |
:param cert_type: Type of this certificate (see constants.py) |
|
| 64 |
:return: An instance of the Certificate class wrapping the values passed via method parameters |
|
| 65 |
""" |
|
| 47 | 66 |
# parse the generated pem for subject and notBefore/notAfter fields |
| 67 |
# TODO this could be improved in the future in such way that calling openssl is not required to parse the dates |
|
| 48 | 68 |
subj, not_before, not_after = self.cryptography_service.parse_cert_pem(cert_pem) |
| 49 | 69 |
# format the parsed date |
| 50 | 70 |
not_before_formatted = time.strftime(DATE_FORMAT, not_before) |
| 51 | 71 |
not_after_formatted = time.strftime(DATE_FORMAT, not_after) |
| 52 | 72 |
|
| 53 | 73 |
# create a certificate wrapper |
| 54 |
certificate = Certificate(-1, common_name, not_before_formatted, not_after_formatted, cert_pem, |
|
| 74 |
certificate = Certificate(-1, subj.common_name, not_before_formatted, not_after_formatted, cert_pem,
|
|
| 55 | 75 |
private_key_id, cert_type, parent_id, usages) |
| 56 | 76 |
|
| 57 | 77 |
return certificate |
| ... | ... | |
| 59 | 79 |
# TODO config parameter present in class diagram but not here (unused) |
| 60 | 80 |
def create_ca(self, subject_key: PrivateKey, subject: Subject, issuer_cert: Certificate, issuer_key: PrivateKey, |
| 61 | 81 |
extensions: str = "", days: int = 30, usages=None): |
| 82 |
""" |
|
| 83 |
Creates an intermediate CA certificate issued by the given parent CA. |
|
| 84 |
:param subject_key: Private key to be used when generating the certificate |
|
| 85 |
:param subject: Subject to be used put into the certificate |
|
| 86 |
:param issuer_cert: Issuer certificate that will sign the CSR required to create an intermediate CA |
|
| 87 |
:param issuer_key: PK used to generate the issuer certificate |
|
| 88 |
:param extensions: Extensions to be used when generating the certificate |
|
| 89 |
:param usages: A dictionary containing usages of the certificate to be generated (see constants.py) |
|
| 90 |
:param days: Number of days for which the generated cert. will be considered valid |
|
| 91 |
:return: An instance of Certificate class representing the generated intermediate CA cert |
|
| 92 |
""" |
|
| 62 | 93 |
if usages is None: |
| 63 | 94 |
usages = {}
|
| 64 | 95 |
|
| ... | ... | |
| 74 | 105 |
usages[CA_ID] = True |
| 75 | 106 |
|
| 76 | 107 |
# wrap into Certificate class |
| 77 |
self.__create_wrapper(cert_pem, subject_key.private_key_id, subject.common_name, usages,
|
|
| 108 |
self.__create_wrapper(cert_pem, subject_key.private_key_id, usages, |
|
| 78 | 109 |
issuer_cert.certificate_id, INTERMEDIATE_CA_ID) |
| 79 | 110 |
|
| 80 | 111 |
# parse the generated pem for subject and notBefore/notAfter fields |
| ... | ... | |
| 102 | 133 |
def create_end_cert(self, subject_key: PrivateKey, subject: Subject, issuer_cert: Certificate, |
| 103 | 134 |
issuer_key: PrivateKey, |
| 104 | 135 |
extensions: str = "", days: int = 30, usages=None): |
| 136 |
""" |
|
| 137 |
Creates an end certificate issued by the given parent CA. |
|
| 138 |
:param subject_key: Private key to be used when generating the certificate |
|
| 139 |
:param subject: Subject to be used put into the certificate |
|
| 140 |
:param issuer_cert: Issuer certificate that will sign the CSR required to create an intermediate CA |
|
| 141 |
:param issuer_key: PK used to generate the issuer certificate |
|
| 142 |
:param extensions: Extensions to be used when generating the certificate |
|
| 143 |
:param usages: A dictionary containing usages of the certificate to be generated (see constants.py) |
|
| 144 |
:param days: Number of days for which the generated cert. will be considered valid |
|
| 145 |
:return: An instance of Certificate class representing the generated cert |
|
| 146 |
""" |
|
| 105 | 147 |
if usages is None: |
| 106 | 148 |
usages = {}
|
| 107 | 149 |
|
| ... | ... | |
| 113 | 155 |
days=days) |
| 114 | 156 |
|
| 115 | 157 |
# wrap the generated certificate using Certificate class |
| 116 |
certificate = self.__create_wrapper(cert_pem, subject_key.private_key_id, subject.common_name, usages,
|
|
| 158 |
certificate = self.__create_wrapper(cert_pem, subject_key.private_key_id, usages, |
|
| 117 | 159 |
issuer_cert.certificate_id, CERTIFICATE_ID) |
| 118 | 160 |
|
| 119 | 161 |
created_id = self.certificate_repository.create(certificate) |
| ... | ... | |
| 123 | 165 |
return certificate |
| 124 | 166 |
|
| 125 | 167 |
def get_certificate(self, unique_id: int) -> Certificate: |
| 168 |
""" |
|
| 169 |
Tries to fetch a certificate from the certificate repository using a given id. |
|
| 170 |
:param unique_id: ID of the certificate to be fetched |
|
| 171 |
:return: Instance of the Certificate class containing a certificate with the given id or `None` if such |
|
| 172 |
certificate is not found |
|
| 173 |
""" |
|
| 126 | 174 |
return self.certificate_repository.read(unique_id) |
| 127 | 175 |
|
| 128 | 176 |
def get_certificates(self, cert_type=None) -> List[Certificate]: |
| 177 |
""" |
|
| 178 |
Tries to fetch a list of all certificates from the certificate repository. Using the `cert_type` parameter only |
|
| 179 |
certificates of the given type can be returned. |
|
| 180 |
:param cert_type: Type of certificates to be returned |
|
| 181 |
:return: List of instances of the Certificate class representing all certificates present in the certificate |
|
| 182 |
repository. An empty list is returned when no certificates are found. |
|
| 183 |
""" |
|
| 129 | 184 |
return self.certificate_repository.read_all(cert_type) |
| 130 | 185 |
|
| 131 | 186 |
def get_chain_of_trust(self, from_id: int, to_id: int = -1, exclude_root=True) -> List[Certificate]: |
| ... | ... | |
| 178 | 233 |
|
| 179 | 234 |
return chain_of_trust |
| 180 | 235 |
|
| 181 |
def delete_certificate(self, unique_id): |
|
| 236 |
def delete_certificate(self, unique_id) -> bool:
|
|
| 182 | 237 |
""" |
| 183 | 238 |
Deletes a certificate |
| 184 | 239 |
|
| 185 | 240 |
:param unique_id: ID of specific certificate |
| 186 | 241 |
|
| 187 |
:return: the result of whether the deletion was successful
|
|
| 242 |
:return: `True` when the deletion was successful. `False` in other case
|
|
| 188 | 243 |
""" |
| 189 | 244 |
# TODO delete children? |
| 190 | 245 |
return self.certificate_repository.delete(unique_id) |
Také k dispozici: Unified diff
Re #8472 - Added missing docstrings to KeyService and CertificateService classes