Revize cf1dec7f
Přidáno uživatelem Jan Pašek před téměř 4 roky(ů)
| src/controllers/certificates_controller.py | ||
|---|---|---|
| 62 | 62 |
E_WRONG_PASSWORD = {"success": False, "data": "The provided passphrase does not match the provided key."}
|
| 63 | 63 |
E_IDENTITY_NAME_NOT_SPECIFIED = {"success": False, "data": "Invalid request, missing identity name."}
|
| 64 | 64 |
E_IDENTITY_PASSWORD_NOT_SPECIFIED = {"success": False, "data": "Invalid request, missing identity password."}
|
| 65 |
E_INVALID_EXTENSIONS = {"success": False, "data": "Error occurred while creating a certificate. "
|
|
| 66 |
"It may be caused by wrong format of extensions."} |
|
| 65 | 67 |
|
| 66 | 68 |
|
| 67 | 69 |
class CertController: |
| ... | ... | |
| 153 | 155 |
extensions = "" |
| 154 | 156 |
if EXTENSIONS in body: |
| 155 | 157 |
extensions = body[EXTENSIONS] |
| 156 |
|
|
| 157 |
if CA not in body or body[CA] is None: # if issuer omitted (legal) or none |
|
| 158 |
cert = self.certificate_service.create_root_ca( # create a root CA |
|
| 159 |
key, |
|
| 160 |
subject, |
|
| 161 |
usages=usages_dict, # TODO ignoring usages -> discussion |
|
| 162 |
days=body[VALIDITY_DAYS], |
|
| 163 |
extensions=extensions |
|
| 164 |
) |
|
| 165 |
else: |
|
| 166 |
issuer = self.certificate_service.get_certificate(body[CA]) # get base issuer info |
|
| 167 |
|
|
| 168 |
if issuer is None: # if such issuer does not exist |
|
| 169 |
Logger.error(f"No certificate authority with such unique ID exists 'ID = {key.private_key_id}'.")
|
|
| 170 |
self.key_service.delete_key(key.private_key_id) # free |
|
| 171 |
return E_NO_ISSUER_FOUND, C_BAD_REQUEST # and throw |
|
| 172 |
|
|
| 173 |
issuer_key = self.key_service.get_key(issuer.private_key_id) # get issuer's key, which must exist |
|
| 174 |
|
|
| 175 |
if issuer_key is None: # if it does not |
|
| 176 |
Logger.error(f"Internal server error (corrupted database).") |
|
| 177 |
self.key_service.delete_key(key.private_key_id) # free |
|
| 178 |
return E_CORRUPTED_DATABASE, C_INTERNAL_SERVER_ERROR # and throw |
|
| 179 |
|
|
| 180 |
f = self.certificate_service.create_ca if CA_ID in usages_dict and usages_dict[CA_ID] else \ |
|
| 181 |
self.certificate_service.create_end_cert |
|
| 182 |
|
|
| 183 |
# noinspection PyArgumentList |
|
| 184 |
cert = f( # create inter CA or end cert |
|
| 185 |
key, # according to whether 'CA' is among |
|
| 186 |
subject, # the usages' fields |
|
| 187 |
issuer, |
|
| 188 |
issuer_key, |
|
| 189 |
usages=usages_dict, |
|
| 190 |
days=body[VALIDITY_DAYS], |
|
| 191 |
extensions=extensions |
|
| 192 |
) |
|
| 158 |
try: |
|
| 159 |
if CA not in body or body[CA] is None: # if issuer omitted (legal) or none |
|
| 160 |
cert = self.certificate_service.create_root_ca( # create a root CA |
|
| 161 |
key, |
|
| 162 |
subject, |
|
| 163 |
usages=usages_dict, # TODO ignoring usages -> discussion |
|
| 164 |
days=body[VALIDITY_DAYS], |
|
| 165 |
extensions=extensions |
|
| 166 |
) |
|
| 167 |
else: |
|
| 168 |
issuer = self.certificate_service.get_certificate(body[CA]) # get base issuer info |
|
| 169 |
|
|
| 170 |
if issuer is None: # if such issuer does not exist |
|
| 171 |
Logger.error(f"No certificate authority with such unique ID exists 'ID = {key.private_key_id}'.")
|
|
| 172 |
self.key_service.delete_key(key.private_key_id) # free |
|
| 173 |
return E_NO_ISSUER_FOUND, C_BAD_REQUEST # and throw |
|
| 174 |
|
|
| 175 |
issuer_key = self.key_service.get_key(issuer.private_key_id) # get issuer's key, which must exist |
|
| 176 |
|
|
| 177 |
if issuer_key is None: # if it does not |
|
| 178 |
Logger.error(f"Internal server error (corrupted database).") |
|
| 179 |
self.key_service.delete_key(key.private_key_id) # free |
|
| 180 |
return E_CORRUPTED_DATABASE, C_INTERNAL_SERVER_ERROR # and throw |
|
| 181 |
|
|
| 182 |
f = self.certificate_service.create_ca if CA_ID in usages_dict and usages_dict[CA_ID] else \ |
|
| 183 |
self.certificate_service.create_end_cert |
|
| 184 |
|
|
| 185 |
# noinspection PyArgumentList |
|
| 186 |
cert = f( # create inter CA or end cert |
|
| 187 |
key, # according to whether 'CA' is among |
|
| 188 |
subject, # the usages' fields |
|
| 189 |
issuer, |
|
| 190 |
issuer_key, |
|
| 191 |
usages=usages_dict, |
|
| 192 |
days=body[VALIDITY_DAYS], |
|
| 193 |
extensions=extensions |
|
| 194 |
) |
|
| 195 |
|
|
| 196 |
# if extensions are specified and CryptoException occurs, the problem is probably in the |
|
| 197 |
# extensions format - otherwise error 500 is expected |
|
| 198 |
except CryptographyException as e: |
|
| 199 |
if len(extensions) > 0: |
|
| 200 |
return E_INVALID_EXTENSIONS, C_BAD_REQUEST |
|
| 201 |
else: |
|
| 202 |
raise CryptographyException(e.executable, e.args, e.message) |
|
| 193 | 203 |
|
| 194 | 204 |
if cert is not None: |
| 195 | 205 |
return {"success": True,
|
Také k dispozici: Unified diff
Re #8706 - Extensions specification improvement