| 62 |
62 |
E_WRONG_PASSWORD = {"success": False, "data": "The provided passphrase does not match the provided key."}
|
| 63 |
63 |
E_IDENTITY_NAME_NOT_SPECIFIED = {"success": False, "data": "Invalid request, missing identity name."}
|
| 64 |
64 |
E_IDENTITY_PASSWORD_NOT_SPECIFIED = {"success": False, "data": "Invalid request, missing identity password."}
|
|
65 |
E_INVALID_EXTENSIONS = {"success": False, "data": "Error occurred while creating a certificate. "
|
|
66 |
"It may be caused by wrong format of extensions."}
|
| 65 |
67 |
|
| 66 |
68 |
|
| 67 |
69 |
class CertController:
|
| ... | ... | |
| 153 |
155 |
extensions = ""
|
| 154 |
156 |
if EXTENSIONS in body:
|
| 155 |
157 |
extensions = body[EXTENSIONS]
|
| 156 |
|
|
| 157 |
|
if CA not in body or body[CA] is None: # if issuer omitted (legal) or none
|
| 158 |
|
cert = self.certificate_service.create_root_ca( # create a root CA
|
| 159 |
|
key,
|
| 160 |
|
subject,
|
| 161 |
|
usages=usages_dict, # TODO ignoring usages -> discussion
|
| 162 |
|
days=body[VALIDITY_DAYS],
|
| 163 |
|
extensions=extensions
|
| 164 |
|
)
|
| 165 |
|
else:
|
| 166 |
|
issuer = self.certificate_service.get_certificate(body[CA]) # get base issuer info
|
| 167 |
|
|
| 168 |
|
if issuer is None: # if such issuer does not exist
|
| 169 |
|
Logger.error(f"No certificate authority with such unique ID exists 'ID = {key.private_key_id}'.")
|
| 170 |
|
self.key_service.delete_key(key.private_key_id) # free
|
| 171 |
|
return E_NO_ISSUER_FOUND, C_BAD_REQUEST # and throw
|
| 172 |
|
|
| 173 |
|
issuer_key = self.key_service.get_key(issuer.private_key_id) # get issuer's key, which must exist
|
| 174 |
|
|
| 175 |
|
if issuer_key is None: # if it does not
|
| 176 |
|
Logger.error(f"Internal server error (corrupted database).")
|
| 177 |
|
self.key_service.delete_key(key.private_key_id) # free
|
| 178 |
|
return E_CORRUPTED_DATABASE, C_INTERNAL_SERVER_ERROR # and throw
|
| 179 |
|
|
| 180 |
|
f = self.certificate_service.create_ca if CA_ID in usages_dict and usages_dict[CA_ID] else \
|
| 181 |
|
self.certificate_service.create_end_cert
|
| 182 |
|
|
| 183 |
|
# noinspection PyArgumentList
|
| 184 |
|
cert = f( # create inter CA or end cert
|
| 185 |
|
key, # according to whether 'CA' is among
|
| 186 |
|
subject, # the usages' fields
|
| 187 |
|
issuer,
|
| 188 |
|
issuer_key,
|
| 189 |
|
usages=usages_dict,
|
| 190 |
|
days=body[VALIDITY_DAYS],
|
| 191 |
|
extensions=extensions
|
| 192 |
|
)
|
|
158 |
try:
|
|
159 |
if CA not in body or body[CA] is None: # if issuer omitted (legal) or none
|
|
160 |
cert = self.certificate_service.create_root_ca( # create a root CA
|
|
161 |
key,
|
|
162 |
subject,
|
|
163 |
usages=usages_dict, # TODO ignoring usages -> discussion
|
|
164 |
days=body[VALIDITY_DAYS],
|
|
165 |
extensions=extensions
|
|
166 |
)
|
|
167 |
else:
|
|
168 |
issuer = self.certificate_service.get_certificate(body[CA]) # get base issuer info
|
|
169 |
|
|
170 |
if issuer is None: # if such issuer does not exist
|
|
171 |
Logger.error(f"No certificate authority with such unique ID exists 'ID = {key.private_key_id}'.")
|
|
172 |
self.key_service.delete_key(key.private_key_id) # free
|
|
173 |
return E_NO_ISSUER_FOUND, C_BAD_REQUEST # and throw
|
|
174 |
|
|
175 |
issuer_key = self.key_service.get_key(issuer.private_key_id) # get issuer's key, which must exist
|
|
176 |
|
|
177 |
if issuer_key is None: # if it does not
|
|
178 |
Logger.error(f"Internal server error (corrupted database).")
|
|
179 |
self.key_service.delete_key(key.private_key_id) # free
|
|
180 |
return E_CORRUPTED_DATABASE, C_INTERNAL_SERVER_ERROR # and throw
|
|
181 |
|
|
182 |
f = self.certificate_service.create_ca if CA_ID in usages_dict and usages_dict[CA_ID] else \
|
|
183 |
self.certificate_service.create_end_cert
|
|
184 |
|
|
185 |
# noinspection PyArgumentList
|
|
186 |
cert = f( # create inter CA or end cert
|
|
187 |
key, # according to whether 'CA' is among
|
|
188 |
subject, # the usages' fields
|
|
189 |
issuer,
|
|
190 |
issuer_key,
|
|
191 |
usages=usages_dict,
|
|
192 |
days=body[VALIDITY_DAYS],
|
|
193 |
extensions=extensions
|
|
194 |
)
|
|
195 |
|
|
196 |
# if extensions are specified and CryptoException occurs, the problem is probably in the
|
|
197 |
# extensions format - otherwise error 500 is expected
|
|
198 |
except CryptographyException as e:
|
|
199 |
if len(extensions) > 0:
|
|
200 |
return E_INVALID_EXTENSIONS, C_BAD_REQUEST
|
|
201 |
else:
|
|
202 |
raise CryptographyException(e.executable, e.args, e.message)
|
| 193 |
203 |
|
| 194 |
204 |
if cert is not None:
|
| 195 |
205 |
return {"success": True,
|
Přidáno uživatelem Jan Pašek před téměř 4 roky(ů)
Re #8706 - Extensions specification improvement