Commit 7e4567f1 authored by ale's avatar ale

made signature algorithm configurable

parent 09eeaa8a
...@@ -28,7 +28,7 @@ class CA(object): ...@@ -28,7 +28,7 @@ class CA(object):
self.basedir = basedir self.basedir = basedir
self.config = {'basedir': basedir, 'default_days': '365', 'ou': 'CA', self.config = {'basedir': basedir, 'default_days': '365', 'ou': 'CA',
'days': '3650', 'country': 'XX', 'crl_url': '', 'days': '3650', 'country': 'XX', 'crl_url': '',
'bits': '4096'} 'signature_algorithm': 'sha1', 'bits': '2048'}
self.config.update(config) self.config.update(config)
self.files = _CAFiles(basedir, self.files = _CAFiles(basedir,
conf='conf/ca.conf', conf='conf/ca.conf',
...@@ -113,6 +113,7 @@ class CA(object): ...@@ -113,6 +113,7 @@ class CA(object):
self.basedir, self.files.conf, self.basedir, self.files.conf,
'ca', '-keyfile', self.files.private_key, 'ca', '-keyfile', self.files.private_key,
'-key', self._getpw(), '-key', self._getpw(),
'-md', self.config['signature_algorithm'],
'-extensions', 'v3_ca', '-out', self.files.public_key, '-extensions', 'v3_ca', '-out', self.files.public_key,
'-days', self.config.get('days', self.config['default_days']), '-days', self.config.get('days', self.config['default_days']),
'-selfsign', '-infiles', csr_file) '-selfsign', '-infiles', csr_file)
...@@ -192,6 +193,7 @@ class CA(object): ...@@ -192,6 +193,7 @@ class CA(object):
self.basedir, conf_file, self.basedir, conf_file,
'ca', '-days', conf['days'], 'ca', '-days', conf['days'],
'-key', self._getpw(), '-key', self._getpw(),
'-md', self.config['signature_algorithm'],
'-policy', 'policy_anything', '-out', cert.public_key_file, '-policy', 'policy_anything', '-out', cert.public_key_file,
'-extfile', ext_file, '-infiles', csr_file) '-extfile', ext_file, '-infiles', csr_file)
finally: finally:
......
...@@ -2,6 +2,7 @@ import logging ...@@ -2,6 +2,7 @@ import logging
import os import os
import tempfile import tempfile
import shutil import shutil
import subprocess
import unittest import unittest
from cam import ca from cam import ca
from cam import openssl_wrap from cam import openssl_wrap
...@@ -24,6 +25,9 @@ class CertStub(object): ...@@ -24,6 +25,9 @@ class CertStub(object):
def get_expiration_date(self): def get_expiration_date(self):
return 123456789 return 123456789
def exists(self):
return os.path.exists(self.public_key_file)
class CATest(unittest.TestCase): class CATest(unittest.TestCase):
...@@ -49,6 +53,17 @@ class CATest(unittest.TestCase): ...@@ -49,6 +53,17 @@ class CATest(unittest.TestCase):
self.assertTrue(os.path.exists(cert.public_key_file)) self.assertTrue(os.path.exists(cert.public_key_file))
self.assertTrue(os.path.exists(cert.private_key_file)) self.assertTrue(os.path.exists(cert.private_key_file))
def test_create_cert_with_sha2_signature(self):
self.ca.config['signature_algorithm'] = 'sha256'
self.ca.create()
cert = CertStub('test', 'www.test.com', self.tmpdir)
self.ca.generate(cert)
self.assertTrue(os.path.exists(cert.public_key_file))
self.assertTrue(os.path.exists(cert.private_key_file))
self.assertTrue(
'Signature Algorithm: sha256WithRSAEncryption' in subprocess.check_output(
['openssl', 'x509', '-text', '-noout', '-in', cert.public_key_file]))
def test_revoke(self): def test_revoke(self):
self.ca.create() self.ca.create()
cert = CertStub('test', 'www.test.com', self.tmpdir) cert = CertStub('test', 'www.test.com', self.tmpdir)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment