Commit 60d4af7f authored by Alain Takoudjou's avatar Alain Takoudjou

follow naming convention, fix getting new X509Name object for createCertificate

parent 809c04cd
......@@ -42,20 +42,15 @@ MIN_CA_RENEW_PERIOD = 2
DEFAULT_DIGEST_LIST = ['sha256', 'sha384', 'sha512']
SUBJECT_KEY_LIST = ['C', 'ST', 'L', 'OU', 'O', 'CN', 'emailAddress']
def x509_name(**attrs):
def getX509NameFromDict(**name_dict):
"""
Return a new X509Name with the given attributes.
"""
# XXX There's no other way to get a new X509Name.
name = crypto.X509().get_subject()
attrs = list(attrs.items())
# Make the order stable - order matters!
def key(attr):
return attr[1]
attrs.sort(key=key)
for k, v in attrs:
setattr(name, k, v)
for key, value in name_dict.items():
setattr(name, key, value)
return name
class CertificateAuthority(object):
......@@ -251,14 +246,16 @@ class CertificateAuthority(object):
if ca_key_pair is None:
ca_key_pair = self._ca_key_pairs_list[-1]
if subject_dict:
for attr in subject_dict.keys():
if not attr in SUBJECT_KEY_LIST:
raise ValueError("Subject key %r is not allowed. Certificate subject " \
"key should be one of %r" % (attr, SUBJECT_KEY_LIST))
if subject_dict.has_key('C') and len(subject_dict['C']) != 2:
# Country code size is 2
raise ValueError("Country Code size in subject should be equal to 2.")
subject = x509_name(**subject_dict)
if subject_dict.has_key('C') and len(subject_dict['C']) != 2:
# Country code size is 2
raise ValueError("Country Code size in subject should be equal to 2.")
if not subject_dict.has_key('CN'):
raise AttributeError("Attribute 'CN' is required in subject.")
try:
subject = getX509NameFromDict(**subject_dict)
except AttributeError:
raise AttributeError("X509Name attribute not found. Subject " \
"keys should be in %r" % SUBJECT_KEY_LIST)
cert_pem = self._generateCertificateObjects(ca_key_pair,
csr_pem,
serial,
......
......@@ -268,10 +268,10 @@ m4DpuP4nL0ixQJWZuV+qrx6Tow==
subject_dict = {'CN': 'some.site.com',
'C': 'FR',
'ST': 'State',
'L': 'Localisation',
'O': 'My Organisation',
'L': 'Localisation',
'OU': 'Organisation U',
'ST': 'State',
'emailAddress': 'toto@example.com'}
# sign certificate but change subject
cert_id = ca.createCertificate(csr_id, subject_dict=subject_dict)
......@@ -287,6 +287,17 @@ m4DpuP4nL0ixQJWZuV+qrx6Tow==
with self.assertRaises(NotFound):
ca.getPendingCertificateRequest(csr_id)
def test_createCertificate_custom_subject_no_cn(self):
ca = self.make_ca(190)
csr, key = self.generateCSR(cn="test certificate", email="some@test.com")
csr_id = ca.createCertificateSigningRequest(self.csr_tostring(csr))
subject_dict = dict(C="FR", emailAddress="caucase@email.com")
# CN is missing, will raise
with self.assertRaises(AttributeError):
ca.createCertificate(csr_id, subject_dict=subject_dict)
def test_getCAKeypairForCertificate(self):
csr, key = self.generateCSR()
ca = self.make_ca(3)
......
......@@ -508,6 +508,10 @@ def sign_cert():
subject_dict = json.loads(subject)
return signcert(key, subject_dict=subject_dict)
except ValueError, e:
traceback.print_exc()
raise FlaskException(str(e),
payload={"name": "FileFormat", "code": 3})
except AttributeError, e:
raise FlaskException(str(e),
payload={"name": "FileFormat", "code": 3})
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment