EasyRSA: pyopenssl -> cryptography

This commit is contained in:
Jörn-Michael Miehe 2022-04-05 00:42:55 +00:00
parent d8bdb46a5c
commit c94e07fbac
3 changed files with 11 additions and 35 deletions

View file

@ -5,11 +5,10 @@ Python interface to EasyRSA CA.
from __future__ import annotations from __future__ import annotations
import subprocess import subprocess
from datetime import datetime
from enum import Enum, auto from enum import Enum, auto
from pathlib import Path from pathlib import Path
from OpenSSL import crypto from cryptography import x509
from passlib import pwd from passlib import pwd
from pydantic import BaseModel from pydantic import BaseModel
@ -196,7 +195,7 @@ class EasyRSA:
cert_filename: Path, cert_filename: Path,
*easyrsa_cmd: str, *easyrsa_cmd: str,
**easyrsa_env: str, **easyrsa_env: str,
) -> crypto.X509: ) -> x509.Certificate:
""" """
Create an X.509 certificate Create an X.509 certificate
""" """
@ -231,8 +230,8 @@ class EasyRSA:
with open( with open(
self.output_directory.joinpath(cert_filename), "rb" self.output_directory.joinpath(cert_filename), "rb"
) as cert_file: ) as cert_file:
return crypto.load_certificate( return x509.load_pem_x509_certificate(
crypto.FILETYPE_PEM, cert_file.read() cert_file.read()
) )
def init_pki(self) -> None: def init_pki(self) -> None:
@ -242,7 +241,7 @@ class EasyRSA:
self.__easyrsa("init-pki") self.__easyrsa("init-pki")
def build_ca(self) -> crypto.X509: def build_ca(self) -> x509.Certificate:
""" """
Build the CA certificate Build the CA certificate
""" """
@ -263,7 +262,7 @@ class EasyRSA:
self, self,
cert_type: CertificateType = CertificateType.client, cert_type: CertificateType = CertificateType.client,
dn: DistinguishedName | None = None, dn: DistinguishedName | None = None,
) -> crypto.X509 | None: ) -> x509.Certificate | None:
""" """
Issue a client or server certificate Issue a client or server certificate
""" """
@ -308,12 +307,8 @@ if __name__ == "__main__":
client = easy_rsa.issue(dn=dn) client = easy_rsa.issue(dn=dn)
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
for cert in (ca, server, client): for cert in (ca, server, client):
if cert is not None: if cert is not None:
print(cert.get_subject().CN) print(cert.subject)
print(cert.get_signature_algorithm().decode(encoding)) print(cert.signature_hash_algorithm)
print(cert.not_valid_after)
assert (na := cert.get_notAfter()) is not None
print(datetime.strptime(na.decode(encoding), date_format))

21
api/poetry.lock generated
View file

@ -292,21 +292,6 @@ typing-extensions = ">=3.7.4.3"
dotenv = ["python-dotenv (>=0.10.4)"] dotenv = ["python-dotenv (>=0.10.4)"]
email = ["email-validator (>=1.0.3)"] email = ["email-validator (>=1.0.3)"]
[[package]]
name = "pyopenssl"
version = "22.0.0"
description = "Python wrapper module around the OpenSSL library"
category = "main"
optional = false
python-versions = ">=3.6"
[package.dependencies]
cryptography = ">=35.0"
[package.extras]
docs = ["sphinx", "sphinx-rtd-theme"]
test = ["flaky", "pretend", "pytest (>=3.0.1)"]
[[package]] [[package]]
name = "pyparsing" name = "pyparsing"
version = "3.0.7" version = "3.0.7"
@ -501,7 +486,7 @@ standard = ["websockets (>=10.0)", "httptools (>=0.4.0)", "watchgod (>=0.6)", "p
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.10" python-versions = "^3.10"
content-hash = "ec07664a3624e6204beb2371bccc164ca1029f6e80663a9bd5946f4eaea04ca1" content-hash = "36a56b6982734607590597302276605f8977119869934f35116e72377905b6b5"
[metadata.files] [metadata.files]
anyio = [ anyio = [
@ -790,10 +775,6 @@ pydantic = [
{file = "pydantic-1.9.0-py3-none-any.whl", hash = "sha256:085ca1de245782e9b46cefcf99deecc67d418737a1fd3f6a4f511344b613a5b3"}, {file = "pydantic-1.9.0-py3-none-any.whl", hash = "sha256:085ca1de245782e9b46cefcf99deecc67d418737a1fd3f6a4f511344b613a5b3"},
{file = "pydantic-1.9.0.tar.gz", hash = "sha256:742645059757a56ecd886faf4ed2441b9c0cd406079c2b4bee51bcc3fbcd510a"}, {file = "pydantic-1.9.0.tar.gz", hash = "sha256:742645059757a56ecd886faf4ed2441b9c0cd406079c2b4bee51bcc3fbcd510a"},
] ]
pyopenssl = [
{file = "pyOpenSSL-22.0.0-py2.py3-none-any.whl", hash = "sha256:ea252b38c87425b64116f808355e8da644ef9b07e429398bfece610f893ee2e0"},
{file = "pyOpenSSL-22.0.0.tar.gz", hash = "sha256:660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d0087f1bf"},
]
pyparsing = [ pyparsing = [
{file = "pyparsing-3.0.7-py3-none-any.whl", hash = "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"}, {file = "pyparsing-3.0.7-py3-none-any.whl", hash = "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"},
{file = "pyparsing-3.0.7.tar.gz", hash = "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"}, {file = "pyparsing-3.0.7.tar.gz", hash = "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"},

View file

@ -9,11 +9,11 @@ python = "^3.10"
fastapi = "^0.75.0" fastapi = "^0.75.0"
passlib = {extras = ["argon2", "bcrypt"], version = "^1.7.4"} passlib = {extras = ["argon2", "bcrypt"], version = "^1.7.4"}
pyOpenSSL = "^22.0.0"
python-jose = {extras = ["cryptography"], version = "^3.3.0"} python-jose = {extras = ["cryptography"], version = "^3.3.0"}
python-multipart = "^0.0.5" python-multipart = "^0.0.5"
sqlmodel = "^0.0.6" sqlmodel = "^0.0.6"
uvicorn = "^0.17.6" uvicorn = "^0.17.6"
cryptography = "^36.0.2"
[tool.poetry.dev-dependencies] [tool.poetry.dev-dependencies]
pytest = "^7.1.0" pytest = "^7.1.0"