ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

import time

VALID_FROM_TO_DATE_FORMAT = "%d.%m.%Y %H:%M:%S"

CA_EXTENSIONS = "basicConstraints=critical,CA:TRUE"

CRL_EXTENSION = "crlDistributionPoints=URI:"

        :param days: Number of days for which the generated cert. will be considered valid

        :return: An instance of Certificate class representing the generated root CA cert

        """

        if usages is None:

            usages = {}

        :param cert_type: Type of this certificate (see constants.py)

        :return: An instance of the Certificate class wrapping the values passed  via method parameters

        """

        # parse the generated pem for subject and notBefore/notAfter fields

        # TODO this could be improved in the future in such way that calling openssl is not required to parse the dates

        subj, not_before, not_after = self.cryptography_service.parse_cert_pem(cert_pem)

        :param days: Number of days for which the generated cert. will be considered valid

        :return: An instance of Certificate class representing the generated intermediate CA cert

        """

        if usages is None:

            usages = {}

        :param days: Number of days for which the generated cert. will be considered valid

        :return: An instance of Certificate class representing the generated cert

        """

        if usages is None:

            usages = {}

        :return: Instance of the Certificate class containing a certificate with the given id or `None` if such

        certificate is not found

        """

        return self.certificate_repository.read(unique_id)

    def get_certificates(self, cert_type=None) -> List[Certificate]:

        :return: List of instances of the Certificate class representing all certificates present in the certificate

        repository. An empty list is returned when no certificates are found.

        """

        return self.certificate_repository.read_all(cert_type)

    def get_chain_of_trust(self, from_id: int, to_id: int = -1, exclude_root=True) -> List[Certificate]:

        :return: a list of certificates representing the chain of trust starting with the certificate given by `from_id`

        ID

        """

        # read the first certificate of the chain

        start_cert = self.certificate_repository.read(from_id)

        :param unique_id: ID of specific certificate

        """

        to_delete = self.certificate_repository.get_all_descendants_of(unique_id)

        if to_delete is None:

            raise CertificateNotFoundException(unique_id)

        for cert in to_delete:

            try:

                self.set_certificate_revocation_status(cert.certificate_id, STATUS_REVOKED)

            except CertificateAlreadyRevokedException:

                # TODO log as an info/debug, not warning or above <-- perfectly legal

                pass

    def get_certificates_issued_by(self, unique_id):

        """

        :param unique_id: target certificate ID

        :return: children of unique_id

        """

        try:

            if self.certificate_repository.read(unique_id) is None:

                raise CertificateNotFoundException(unique_id)

        except DatabaseException:

            raise CertificateNotFoundException(unique_id)

        return self.certificate_repository.get_all_issued_by(unique_id)

        :param id: identifier of the certificate whose status is to be changed

        :param status: new status of the certificate

        """

        if status not in CERTIFICATE_STATES:

            raise CertificateStatusInvalidException(status)

        if reason not in CERTIFICATE_REVOCATION_REASONS:

            raise RevocationReasonInvalidException(reason)

        # check whether the certificate exists

        certificate = self.certificate_repository.read(id)

        if certificate is None:

            raise CertificateNotFoundException(id)

        updated = False

            # check if the certificate is not revoked already

            revoked = self.certificate_repository.get_all_revoked_by(certificate.parent_id)

            if certificate.certificate_id in [x.certificate_id for x in revoked]:

                raise CertificateAlreadyRevokedException(id)

            revocation_timestamp = int(time.time())

            updated = self.certificate_repository.set_certificate_revoked(id, str(revocation_timestamp), reason)

        if not updated:

            raise UnknownException("Repository returned 'false' from clear_certificate_revocation() "

                                   "or set_certificate_revoked().")

        :param certificate: certificate instance whose Subject shall be parsed

        :return: instance of Subject class containing resulting distinguished name

        """

        (subject, _, _) = self.cryptography_service.parse_cert_pem(certificate.pem_data)

        return subject

        should be extracted.

        :return: a string containing the extracted public key in PEM format

        """

        return self.cryptography_service.extract_public_key_from_certificate(certificate.pem_data)

    def __get_crl_endpoint(self, ca_identifier: int) -> str:

        :param ca_identifier: ID of issuing authority

        :return: CRL endpoint for the given CA

        """

        return self.configuration.base_server_url + "/api/crl/" + str(ca_identifier)

    def __get_ocsp_endpoint(self, ca_identifier: int) -> str:

        :param ca_identifier: ID of issuing authority

        :return: OCSP endpoint for the given CA

        """

        return self.configuration.base_server_url + "/api/ocsp/" + str(ca_identifier)