Revize fe647b46
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| proj/services/cryptography.py | ||
|---|---|---|
| 49 | 49 |
args.insert(0, executable) |
| 50 | 50 |
|
| 51 | 51 |
# create a new process |
| 52 |
proc = subprocess.Popen(args, stdin=subprocess.PIPE if proc_input is not None else None, stdout=subprocess.PIPE, |
|
| 52 |
proc = subprocess.Popen(args, stdin=subprocess.PIPE if proc_input is not None else None, |
|
| 53 |
stdout=subprocess.PIPE, |
|
| 53 | 54 |
stderr=subprocess.PIPE) |
| 54 | 55 |
|
| 55 | 56 |
out, err = proc.communicate(proc_input) |
| ... | ... | |
| 108 | 109 |
# it would be best to not send the pass phrase at all, but for some reason pytest then prompts for |
| 109 | 110 |
# the pass phrase (this does not happen when run from pycharm) |
| 110 | 111 |
|
| 111 |
# if key_passphrase is not None: |
|
| 112 |
# add the passphrase even when None is passed. Otherwise when running tests with pytest some tests freeze |
|
| 113 |
# waiting for the passphrase to be typed in |
|
| 112 | 114 |
args.extend(["-passin", f"pass:{key_passphrase}"])
|
| 113 | 115 |
|
| 114 | 116 |
return self._run_for_output(args, proc_input=bytes(key, encoding="utf-8")).decode() |
| 115 | 117 |
|
| 116 |
def make_csr(self, subject, subject_key, subject_key_pass=None):
|
|
| 118 |
def make_csr(self, subject, subject_key, subject_key_pass=""):
|
|
| 117 | 119 |
""" |
| 118 | 120 |
Makes a CSR (Certificate Signing Request) |
| 119 | 121 |
|
| ... | ... | |
| 127 | 129 |
|
| 128 | 130 |
args = ["req", "-new", "-subj", subj_param, "-key", "-"] |
| 129 | 131 |
|
| 130 |
if subject_key_pass is not None: |
|
| 131 |
args.extend(["-passin", f"pass:{subject_key_pass}"])
|
|
| 132 |
# add the passphrase even when None is passed. Otherwise when running tests with pytest some tests freeze |
|
| 133 |
# waiting for the passphrase to be typed in |
|
| 134 |
args.extend(["-passin", f"pass:{subject_key_pass}"])
|
|
| 132 | 135 |
|
| 133 | 136 |
return self._run_for_output(args, proc_input=bytes(subject_key, encoding="utf-8")).decode() |
| 134 | 137 |
|
| 138 |
def sign_csr(self, csr, issuer_pem, issuer_key, issuer_key_pass=None, config="", extensions=""): |
|
| 139 |
""" |
|
| 140 |
Signs the given CSR by the given issuer CA |
|
| 141 |
:param csr: a string containing the CSR to be signed |
|
| 142 |
:param issuer_pem: string containing the certificate of the issuer that will sign this CSR in PEM format |
|
| 143 |
:param issuer_key: string containing the private key of the issuer's certificate in PEM format |
|
| 144 |
:param issuer_key_pass: string containing the private key of the issuer's certificate in PEM format |
|
| 145 |
:param config: TODO NOT USED |
|
| 146 |
:param extensions: extensions to be applied when signing the CSR |
|
| 147 |
:return: string containing the generated and signed certificate in PEM format |
|
| 148 |
""" |
|
| 149 |
|
|
| 150 |
# concatenate CSR, issuer certificate and issuer's key (will be used in the openssl call) |
|
| 151 |
proc_input = csr + issuer_pem + issuer_key |
|
| 152 |
|
|
| 153 |
# prepare openssl parameters... |
|
| 154 |
# CSR, CA and CA's private key will be passed via stdin (that's the meaning of the '-' symbol) |
|
| 155 |
params = ["x509", "-req", "-in", "-", "-CA", "-", "-CAkey", "-", "-CAcreateserial"] |
|
| 156 |
|
|
| 157 |
# TODO delete created -.srl file |
|
| 158 |
|
|
| 159 |
with TemporaryFile("extensions.conf", extensions) as ext_path:
|
|
| 160 |
# add the passphrase even when None is passed. Otherwise when running tests with pytest some tests freeze |
|
| 161 |
# waiting for the passphrase to be typed in |
|
| 162 |
params.extend(["-passin", f"pass:{issuer_key_pass}"])
|
|
| 163 |
|
|
| 164 |
if len(extensions) > 0: |
|
| 165 |
params.extend(["-extfile", ext_path]) |
|
| 166 |
|
|
| 167 |
return self._run_for_output(params, proc_input=(bytes(proc_input, encoding="utf-8"))).decode() |
|
| 168 |
|
|
| 135 | 169 |
|
| 136 | 170 |
class CryptographyException(Exception): |
| 137 | 171 |
|
Také k dispozici: Unified diff
Re #8472 - Added sign_csr method that signs a CSR
Added 3 unit tests testing the added method.