Skip to content

C
caucase
Commit 52d85d1e authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

serial is a random unique number get from the csr_id

parent f9819934
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 13 deletions
caucase/ca.py
View file @ 52d85d1e
...@@ -227,9 +227,11 @@ class CertificateAuthority(object): ...@@ -227,9 +227,11 @@ class CertificateAuthority(object):
csr_pem = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_pem = crypto.load_certificate_request(crypto.FILETYPE_PEM,
self._storage.getPendingCertificateRequest(csr_id)) self._storage.getPendingCertificateRequest(csr_id))
# Certificate serial is the csr_id without extension .csr.pem
serial = int(csr_id[:-8], 16)
if ca_key_pair is None: if ca_key_pair is None:
ca_key_pair = self._ca_key_pairs_list[-1] ca_key_pair = self._ca_key_pairs_list[-1]
cert_pem = self._generateCertificateObjects(ca_key_pair, csr_pem) cert_pem = self._generateCertificateObjects(ca_key_pair, csr_pem, serial)
crt_id = self._storage.storeCertificate(csr_id, cert_pem) crt_id = self._storage.storeCertificate(csr_id, cert_pem)
return crt_id return crt_id
...@@ -440,14 +442,13 @@ class CertificateAuthority(object): ...@@ -440,14 +442,13 @@ class CertificateAuthority(object):
""" """
return crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey_object) return crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey_object)
def _generateCertificateObjects(self, ca_key_pair, req): def _generateCertificateObjects(self, ca_key_pair, req, serial):
""" """
Generate certificate from CSR PEM Object. Generate certificate from CSR PEM Object.
This method set default certificate extensions, later will allow to set custom extensions This method set default certificate extensions, later will allow to set custom extensions
""" """
# Here comes the actual certificate # Here comes the actual certificate
serial = self._storage.getNextCertificateSerialNumber()
cert = crypto.X509() cert = crypto.X509()
# version v3 # version v3
cert.set_version(2) cert.set_version(2)
......
caucase/storage.py
View file @ 52d85d1e
...@@ -78,15 +78,6 @@ class Storage(object): ...@@ -78,15 +78,6 @@ class Storage(object):
def _getMaxCsrCount(self): def _getMaxCsrCount(self):
return int(self.getConfig('max-csr-amount', 50)) return int(self.getConfig('max-csr-amount', 50))
def getNextCertificateSerialNumber(self):
last_cert = Certificate.query.order_by(
Certificate.id.desc()
).first()
if last_cert:
return last_cert.id + 1
else:
return 1
def getCAKeyPairList(self): def getCAKeyPairList(self):
""" """
Return the chronologically sorted (oldest in [0], newest in [-1]) certificate authority Return the chronologically sorted (oldest in [0], newest in [-1]) certificate authority
...@@ -164,7 +155,7 @@ class Storage(object): ...@@ -164,7 +155,7 @@ class Storage(object):
# this only prevent client loop sending the same csr until csr_amount is reached # this only prevent client loop sending the same csr until csr_amount is reached
return check_csr.csr_id return check_csr.csr_id
key = str(uuid.uuid1()) key = str(uuid.uuid1().hex)
csr_id = '%s.csr.pem' % key csr_id = '%s.csr.pem' % key
crt_id = '%s.crt.pem' % key crt_id = '%s.crt.pem' % key
req = CertificateRequest( req = CertificateRequest(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7