Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jérome Perrin
caucase
Commits
60d4af7f
Commit
60d4af7f
authored
Jun 29, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
follow naming convention, fix getting new X509Name object for createCertificate
parent
809c04cd
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
31 additions
and
19 deletions
+31
-19
caucase/ca.py
caucase/ca.py
+14
-17
caucase/test/testca.py
caucase/test/testca.py
+13
-2
caucase/web.py
caucase/web.py
+4
-0
No files found.
caucase/ca.py
View file @
60d4af7f
...
@@ -42,20 +42,15 @@ MIN_CA_RENEW_PERIOD = 2
...
@@ -42,20 +42,15 @@ MIN_CA_RENEW_PERIOD = 2
DEFAULT_DIGEST_LIST
=
[
'sha256'
,
'sha384'
,
'sha512'
]
DEFAULT_DIGEST_LIST
=
[
'sha256'
,
'sha384'
,
'sha512'
]
SUBJECT_KEY_LIST
=
[
'C'
,
'ST'
,
'L'
,
'OU'
,
'O'
,
'CN'
,
'emailAddress'
]
SUBJECT_KEY_LIST
=
[
'C'
,
'ST'
,
'L'
,
'OU'
,
'O'
,
'CN'
,
'emailAddress'
]
def
x509_name
(
**
attrs
):
def
getX509NameFromDict
(
**
name_dict
):
"""
"""
Return a new X509Name with the given attributes.
Return a new X509Name with the given attributes.
"""
"""
# XXX There's no other way to get a new X509Name.
# XXX There's no other way to get a new X509Name.
name
=
crypto
.
X509
().
get_subject
()
name
=
crypto
.
X509
().
get_subject
()
attrs
=
list
(
attrs
.
items
())
for
key
,
value
in
name_dict
.
items
():
# Make the order stable - order matters!
setattr
(
name
,
key
,
value
)
def
key
(
attr
):
return
attr
[
1
]
attrs
.
sort
(
key
=
key
)
for
k
,
v
in
attrs
:
setattr
(
name
,
k
,
v
)
return
name
return
name
class
CertificateAuthority
(
object
):
class
CertificateAuthority
(
object
):
...
@@ -251,14 +246,16 @@ class CertificateAuthority(object):
...
@@ -251,14 +246,16 @@ class CertificateAuthority(object):
if
ca_key_pair
is
None
:
if
ca_key_pair
is
None
:
ca_key_pair
=
self
.
_ca_key_pairs_list
[
-
1
]
ca_key_pair
=
self
.
_ca_key_pairs_list
[
-
1
]
if
subject_dict
:
if
subject_dict
:
for
attr
in
subject_dict
.
keys
():
if
not
attr
in
SUBJECT_KEY_LIST
:
raise
ValueError
(
"Subject key %r is not allowed. Certificate subject "
\
"key should be one of %r"
%
(
attr
,
SUBJECT_KEY_LIST
))
if
subject_dict
.
has_key
(
'C'
)
and
len
(
subject_dict
[
'C'
])
!=
2
:
if
subject_dict
.
has_key
(
'C'
)
and
len
(
subject_dict
[
'C'
])
!=
2
:
# Country code size is 2
# Country code size is 2
raise
ValueError
(
"Country Code size in subject should be equal to 2."
)
raise
ValueError
(
"Country Code size in subject should be equal to 2."
)
subject
=
x509_name
(
**
subject_dict
)
if
not
subject_dict
.
has_key
(
'CN'
):
raise
AttributeError
(
"Attribute 'CN' is required in subject."
)
try
:
subject
=
getX509NameFromDict
(
**
subject_dict
)
except
AttributeError
:
raise
AttributeError
(
"X509Name attribute not found. Subject "
\
"keys should be in %r"
%
SUBJECT_KEY_LIST
)
cert_pem
=
self
.
_generateCertificateObjects
(
ca_key_pair
,
cert_pem
=
self
.
_generateCertificateObjects
(
ca_key_pair
,
csr_pem
,
csr_pem
,
serial
,
serial
,
...
...
caucase/test/testca.py
View file @
60d4af7f
...
@@ -268,10 +268,10 @@ m4DpuP4nL0ixQJWZuV+qrx6Tow==
...
@@ -268,10 +268,10 @@ m4DpuP4nL0ixQJWZuV+qrx6Tow==
subject_dict
=
{
'CN'
:
'some.site.com'
,
subject_dict
=
{
'CN'
:
'some.site.com'
,
'C'
:
'FR'
,
'C'
:
'FR'
,
'ST'
:
'State'
,
'L'
:
'Localisation'
,
'O'
:
'My Organisation'
,
'O'
:
'My Organisation'
,
'L'
:
'Localisation'
,
'OU'
:
'Organisation U'
,
'OU'
:
'Organisation U'
,
'ST'
:
'State'
,
'emailAddress'
:
'toto@example.com'
}
'emailAddress'
:
'toto@example.com'
}
# sign certificate but change subject
# sign certificate but change subject
cert_id
=
ca
.
createCertificate
(
csr_id
,
subject_dict
=
subject_dict
)
cert_id
=
ca
.
createCertificate
(
csr_id
,
subject_dict
=
subject_dict
)
...
@@ -287,6 +287,17 @@ m4DpuP4nL0ixQJWZuV+qrx6Tow==
...
@@ -287,6 +287,17 @@ m4DpuP4nL0ixQJWZuV+qrx6Tow==
with
self
.
assertRaises
(
NotFound
):
with
self
.
assertRaises
(
NotFound
):
ca
.
getPendingCertificateRequest
(
csr_id
)
ca
.
getPendingCertificateRequest
(
csr_id
)
def
test_createCertificate_custom_subject_no_cn
(
self
):
ca
=
self
.
make_ca
(
190
)
csr
,
key
=
self
.
generateCSR
(
cn
=
"test certificate"
,
email
=
"some@test.com"
)
csr_id
=
ca
.
createCertificateSigningRequest
(
self
.
csr_tostring
(
csr
))
subject_dict
=
dict
(
C
=
"FR"
,
emailAddress
=
"caucase@email.com"
)
# CN is missing, will raise
with
self
.
assertRaises
(
AttributeError
):
ca
.
createCertificate
(
csr_id
,
subject_dict
=
subject_dict
)
def
test_getCAKeypairForCertificate
(
self
):
def
test_getCAKeypairForCertificate
(
self
):
csr
,
key
=
self
.
generateCSR
()
csr
,
key
=
self
.
generateCSR
()
ca
=
self
.
make_ca
(
3
)
ca
=
self
.
make_ca
(
3
)
...
...
caucase/web.py
View file @
60d4af7f
...
@@ -508,6 +508,10 @@ def sign_cert():
...
@@ -508,6 +508,10 @@ def sign_cert():
subject_dict
=
json
.
loads
(
subject
)
subject_dict
=
json
.
loads
(
subject
)
return
signcert
(
key
,
subject_dict
=
subject_dict
)
return
signcert
(
key
,
subject_dict
=
subject_dict
)
except
ValueError
,
e
:
except
ValueError
,
e
:
traceback
.
print_exc
()
raise
FlaskException
(
str
(
e
),
payload
=
{
"name"
:
"FileFormat"
,
"code"
:
3
})
except
AttributeError
,
e
:
raise
FlaskException
(
str
(
e
),
raise
FlaskException
(
str
(
e
),
payload
=
{
"name"
:
"FileFormat"
,
"code"
:
3
})
payload
=
{
"name"
:
"FileFormat"
,
"code"
:
3
})
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment