EasyRSA: pyopenssl -> cryptography
This commit is contained in:
parent
d8bdb46a5c
commit
c94e07fbac
3 changed files with 11 additions and 35 deletions
|
@ -5,11 +5,10 @@ Python interface to EasyRSA CA.
|
||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
import subprocess
|
import subprocess
|
||||||
from datetime import datetime
|
|
||||||
from enum import Enum, auto
|
from enum import Enum, auto
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
from OpenSSL import crypto
|
from cryptography import x509
|
||||||
from passlib import pwd
|
from passlib import pwd
|
||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
|
|
||||||
|
@ -196,7 +195,7 @@ class EasyRSA:
|
||||||
cert_filename: Path,
|
cert_filename: Path,
|
||||||
*easyrsa_cmd: str,
|
*easyrsa_cmd: str,
|
||||||
**easyrsa_env: str,
|
**easyrsa_env: str,
|
||||||
) -> crypto.X509:
|
) -> x509.Certificate:
|
||||||
"""
|
"""
|
||||||
Create an X.509 certificate
|
Create an X.509 certificate
|
||||||
"""
|
"""
|
||||||
|
@ -231,8 +230,8 @@ class EasyRSA:
|
||||||
with open(
|
with open(
|
||||||
self.output_directory.joinpath(cert_filename), "rb"
|
self.output_directory.joinpath(cert_filename), "rb"
|
||||||
) as cert_file:
|
) as cert_file:
|
||||||
return crypto.load_certificate(
|
return x509.load_pem_x509_certificate(
|
||||||
crypto.FILETYPE_PEM, cert_file.read()
|
cert_file.read()
|
||||||
)
|
)
|
||||||
|
|
||||||
def init_pki(self) -> None:
|
def init_pki(self) -> None:
|
||||||
|
@ -242,7 +241,7 @@ class EasyRSA:
|
||||||
|
|
||||||
self.__easyrsa("init-pki")
|
self.__easyrsa("init-pki")
|
||||||
|
|
||||||
def build_ca(self) -> crypto.X509:
|
def build_ca(self) -> x509.Certificate:
|
||||||
"""
|
"""
|
||||||
Build the CA certificate
|
Build the CA certificate
|
||||||
"""
|
"""
|
||||||
|
@ -263,7 +262,7 @@ class EasyRSA:
|
||||||
self,
|
self,
|
||||||
cert_type: CertificateType = CertificateType.client,
|
cert_type: CertificateType = CertificateType.client,
|
||||||
dn: DistinguishedName | None = None,
|
dn: DistinguishedName | None = None,
|
||||||
) -> crypto.X509 | None:
|
) -> x509.Certificate | None:
|
||||||
"""
|
"""
|
||||||
Issue a client or server certificate
|
Issue a client or server certificate
|
||||||
"""
|
"""
|
||||||
|
@ -308,12 +307,8 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
client = easy_rsa.issue(dn=dn)
|
client = easy_rsa.issue(dn=dn)
|
||||||
|
|
||||||
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
|
|
||||||
|
|
||||||
for cert in (ca, server, client):
|
for cert in (ca, server, client):
|
||||||
if cert is not None:
|
if cert is not None:
|
||||||
print(cert.get_subject().CN)
|
print(cert.subject)
|
||||||
print(cert.get_signature_algorithm().decode(encoding))
|
print(cert.signature_hash_algorithm)
|
||||||
|
print(cert.not_valid_after)
|
||||||
assert (na := cert.get_notAfter()) is not None
|
|
||||||
print(datetime.strptime(na.decode(encoding), date_format))
|
|
||||||
|
|
21
api/poetry.lock
generated
21
api/poetry.lock
generated
|
@ -292,21 +292,6 @@ typing-extensions = ">=3.7.4.3"
|
||||||
dotenv = ["python-dotenv (>=0.10.4)"]
|
dotenv = ["python-dotenv (>=0.10.4)"]
|
||||||
email = ["email-validator (>=1.0.3)"]
|
email = ["email-validator (>=1.0.3)"]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pyopenssl"
|
|
||||||
version = "22.0.0"
|
|
||||||
description = "Python wrapper module around the OpenSSL library"
|
|
||||||
category = "main"
|
|
||||||
optional = false
|
|
||||||
python-versions = ">=3.6"
|
|
||||||
|
|
||||||
[package.dependencies]
|
|
||||||
cryptography = ">=35.0"
|
|
||||||
|
|
||||||
[package.extras]
|
|
||||||
docs = ["sphinx", "sphinx-rtd-theme"]
|
|
||||||
test = ["flaky", "pretend", "pytest (>=3.0.1)"]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "pyparsing"
|
name = "pyparsing"
|
||||||
version = "3.0.7"
|
version = "3.0.7"
|
||||||
|
@ -501,7 +486,7 @@ standard = ["websockets (>=10.0)", "httptools (>=0.4.0)", "watchgod (>=0.6)", "p
|
||||||
[metadata]
|
[metadata]
|
||||||
lock-version = "1.1"
|
lock-version = "1.1"
|
||||||
python-versions = "^3.10"
|
python-versions = "^3.10"
|
||||||
content-hash = "ec07664a3624e6204beb2371bccc164ca1029f6e80663a9bd5946f4eaea04ca1"
|
content-hash = "36a56b6982734607590597302276605f8977119869934f35116e72377905b6b5"
|
||||||
|
|
||||||
[metadata.files]
|
[metadata.files]
|
||||||
anyio = [
|
anyio = [
|
||||||
|
@ -790,10 +775,6 @@ pydantic = [
|
||||||
{file = "pydantic-1.9.0-py3-none-any.whl", hash = "sha256:085ca1de245782e9b46cefcf99deecc67d418737a1fd3f6a4f511344b613a5b3"},
|
{file = "pydantic-1.9.0-py3-none-any.whl", hash = "sha256:085ca1de245782e9b46cefcf99deecc67d418737a1fd3f6a4f511344b613a5b3"},
|
||||||
{file = "pydantic-1.9.0.tar.gz", hash = "sha256:742645059757a56ecd886faf4ed2441b9c0cd406079c2b4bee51bcc3fbcd510a"},
|
{file = "pydantic-1.9.0.tar.gz", hash = "sha256:742645059757a56ecd886faf4ed2441b9c0cd406079c2b4bee51bcc3fbcd510a"},
|
||||||
]
|
]
|
||||||
pyopenssl = [
|
|
||||||
{file = "pyOpenSSL-22.0.0-py2.py3-none-any.whl", hash = "sha256:ea252b38c87425b64116f808355e8da644ef9b07e429398bfece610f893ee2e0"},
|
|
||||||
{file = "pyOpenSSL-22.0.0.tar.gz", hash = "sha256:660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d0087f1bf"},
|
|
||||||
]
|
|
||||||
pyparsing = [
|
pyparsing = [
|
||||||
{file = "pyparsing-3.0.7-py3-none-any.whl", hash = "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"},
|
{file = "pyparsing-3.0.7-py3-none-any.whl", hash = "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"},
|
||||||
{file = "pyparsing-3.0.7.tar.gz", hash = "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"},
|
{file = "pyparsing-3.0.7.tar.gz", hash = "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"},
|
||||||
|
|
|
@ -9,11 +9,11 @@ python = "^3.10"
|
||||||
|
|
||||||
fastapi = "^0.75.0"
|
fastapi = "^0.75.0"
|
||||||
passlib = {extras = ["argon2", "bcrypt"], version = "^1.7.4"}
|
passlib = {extras = ["argon2", "bcrypt"], version = "^1.7.4"}
|
||||||
pyOpenSSL = "^22.0.0"
|
|
||||||
python-jose = {extras = ["cryptography"], version = "^3.3.0"}
|
python-jose = {extras = ["cryptography"], version = "^3.3.0"}
|
||||||
python-multipart = "^0.0.5"
|
python-multipart = "^0.0.5"
|
||||||
sqlmodel = "^0.0.6"
|
sqlmodel = "^0.0.6"
|
||||||
uvicorn = "^0.17.6"
|
uvicorn = "^0.17.6"
|
||||||
|
cryptography = "^36.0.2"
|
||||||
|
|
||||||
[tool.poetry.dev-dependencies]
|
[tool.poetry.dev-dependencies]
|
||||||
pytest = "^7.1.0"
|
pytest = "^7.1.0"
|
||||||
|
|
Loading…
Reference in a new issue