Verified Commit 7d6231e3 authored by Vojtech Myslivec's avatar Vojtech Myslivec
Browse files

ca: Move sign_cert function into crypto module

parent 2e5cc285
......@@ -5,15 +5,13 @@ Sentinel:CA certificate authority class
import datetime
import logging
from cryptography.hazmat.backends import default_backend
from cryptography import x509
from cryptography.hazmat.primitives import hashes
# to setup logger handlers
import sn
from .exceptions import CAError, CASetupError
from .crypto import build_aki, build_client_cert, build_subject, cert_from_file, check_cert, key_from_file, key_match
from .crypto import build_aki, build_client_cert, build_subject, cert_from_file, check_cert, key_from_file, key_match, sign_cert
from .db import get_certs, store_cert, row_with_serial_number
logger = logging.getLogger("ca")
......@@ -23,8 +21,6 @@ logger = logging.getLogger("ca")
CERT_DAYS = 60
# 25% before end of validity
VALID_DAYS = int(0.25*CERT_DAYS)
# The HashAlgorithm instance used to sign the certificates
SIGNING_HASH = hashes.SHA256()
class CA:
......@@ -74,7 +70,7 @@ class CA:
not_before=not_before,
not_after=not_after,
)
cert = cert.sign(self.key, SIGNING_HASH, default_backend())
cert = sign_cert(cert, self.key)
store_cert(self.db, cert)
return cert
......
......@@ -7,8 +7,7 @@ import logging
import sys
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
# signing certs
from cryptography.hazmat.primitives import serialization, hashes
from cryptography import x509
from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID
......@@ -27,6 +26,9 @@ ALLOWED_HASHES = {
"sha512",
}
# The HashAlgorithm instance used to sign the certificates
DEFAULT_SIGNING_HASH = hashes.SHA256()
def build_aki(issuer):
try:
......@@ -246,3 +248,7 @@ def key_from_file(file_name, password=None):
def key_match(csr, cert):
return cert.public_key().public_numbers() == csr.public_key().public_numbers()
def sign_cert(cert, key, hash_algorithm=DEFAULT_SIGNING_HASH):
return cert.sign(key, hash_algorithm, default_backend())
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment