def generate_certificate(sender, instance, created, **kwargs): if created: keystore = KeyStore(certificate=instance) key_size = None if settings.KEY_ALGORITHM == "rsa": key_size = 4096 if instance.type in [ CertificateTypes.ROOT, CertificateTypes.INTERMEDIATE ] else 2048 key = KeyGenerator().create_key(settings.KEY_ALGORITHM, key_size) keystore.key = key.serialize(instance.passphrase_out) certhandler = CertificateGenerator() certhandler.create_certificate(instance, keystore.key, instance.passphrase_out, instance.passphrase_issuer) keystore.crt = certhandler.serialize() if instance.type not in [ CertificateTypes.ROOT, CertificateTypes.INTERMEDIATE ]: root_certificate = CertificateGenerator().load( instance.parent.keystore.crt).certificate int_certificate = CertificateGenerator().load( instance.parent.keystore.crt).certificate keystore.p12 = key.serialize_pkcs12( instance.name, certhandler.certificate, instance.passphrase_out, cas=[int_certificate, root_certificate]) keystore.save() if instance.type in [ CertificateTypes.ROOT, CertificateTypes.INTERMEDIATE ]: crl = revocation_list_builder([], instance, instance.passphrase_out) crlstore = CrlStore(certificate=instance) crlstore.crl = serialize(crl) crlstore.save()
def test_serialize_pkcs12_nopassphrase(self): subject = DistinguishedNameFactory( localityName="Amsterdam", organizationalUnitName="BounCA Root", ) key = Key() key.create_key("rsa", 4096) certificate_request = CertificateFactory(dn=subject) certhandler = Certificate() certhandler.create_certificate(certificate_request, key.serialize()) crt = certhandler.certificate pkcs12 = key.serialize_pkcs12("test_pkcs12", crt) pkcs12_obj = load_pkcs12(pkcs12, None) self.assertEqual(pkcs12_obj.key.key_size, 4096) self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"), "test_pkcs12") self.assertEqual(pkcs12_obj.cert.certificate.serial_number, crt.serial_number)
def test_serialize_pkcs12_no_certificate(self): key = Key() key.create_key("rsa", 4096) with self.assertRaisesMessage(ValueError, "No certificate provided"): key.serialize_pkcs12("test_pkcs12", None)
def test_serialize_pkcs12_no_key(self): key = Key() with self.assertRaisesMessage(RuntimeError, "No key object"): key.serialize_pkcs12("test_pkcs12", None)
def test_serialize_pkcs12_cas_nopassphrase(self): root_key = Key().create_key("ed25519", None) subject = DistinguishedNameFactory(countryName="NL", stateOrProvinceName="Noord Holland", organizationName="Repleo") root_certificate = CertificateFactory( dn=subject, name="test_server_root_certificate", expires_at=arrow.get(timezone.now()).shift(days=+30).date()) with mute_signals(signals.post_save): root_certificate.save() root_certhandler = Certificate() root_certhandler.create_certificate(root_certificate, root_key.serialize()) keystore = KeyStore(certificate=root_certificate) keystore.crt = root_certhandler.serialize() keystore.key = root_key.serialize() keystore.save() int_key = Key().create_key("rsa", 2048) subject = DistinguishedNameFactory( countryName=root_certificate.dn.countryName, stateOrProvinceName=root_certificate.dn.stateOrProvinceName, organizationName=root_certificate.dn.organizationName, ) int_certificate = CertificateFactory( expires_at=arrow.get(timezone.now()).shift(days=+5).date(), name="test_server_intermediate_certificate", type=CertificateTypes.INTERMEDIATE, parent=root_certificate, dn=subject, crl_distribution_url="https://example.com/crl/cert.crl.pem", ocsp_distribution_host="https://example.com/ocsp/", ) with mute_signals(signals.post_save): int_certificate.save() int_certhandler = Certificate() int_certhandler.create_certificate(int_certificate, int_key.serialize()) keystore = KeyStore(certificate=int_certificate) keystore.crt = int_certhandler.serialize() keystore.key = int_key.serialize() keystore.save() pkcs12 = int_key.serialize_pkcs12("test_pkcs12_cas", int_certhandler.certificate, cas=[root_certhandler.certificate]) pkcs12_obj = load_pkcs12(pkcs12, None) self.assertEqual(pkcs12_obj.key.key_size, 2048) self.assertEqual(pkcs12_obj.cert.friendly_name.decode("utf-8"), "test_pkcs12_cas") self.assertEqual(pkcs12_obj.cert.certificate.serial_number, int_certhandler.certificate.serial_number) self.assertEqual( pkcs12_obj.additional_certs[0].certificate.serial_number, root_certhandler.certificate.serial_number)