Merge branch '37-issue-creating-a-root-ca' into 'master'

Bugfix when creating root certificate dont check for issuer passphrase Closes #37 See merge request bounca/bounca!24
repleo · Feb 21, 2023 · aa94cc7 · aa94cc7
2 parents 2c98fde + 842ae37
commit aa94cc7
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 12 deletions.
diff --git a/api/serializers.py b/api/serializers.py
@@ -81,16 +81,18 @@ def validate_passphrase_out(self, passphrase_out):
         return None
 
     def validate_passphrase_issuer(self, passphrase_issuer):
-        if not self.initial_data.get("parent"):
-            raise serializers.ValidationError(
-                "You should provide a parent certificate if you provide an issuer passphrase"
-            )
-        parent = Certificate.objects.get(pk=self.initial_data.get("parent"))
-        try:
-            if not parent.is_passphrase_valid(passphrase_issuer):
-                raise serializers.ValidationError("Passphrase incorrect. Not allowed to revoke your certificate")
-        except KeyStore.DoesNotExist:
-            raise serializers.ValidationError("Certificate has no cert, something went wrong during generation")
+        if self.initial_data.get("parent"):
+            parent = Certificate.objects.get(pk=self.initial_data.get("parent"))
+            try:
+                if not parent.is_passphrase_valid(passphrase_issuer):
+                    raise serializers.ValidationError("Passphrase incorrect. Not allowed to revoke your certificate")
+            except KeyStore.DoesNotExist:
+                raise serializers.ValidationError("Certificate has no cert, something went wrong during generation")
+        else:
+            if passphrase_issuer:
+                raise serializers.ValidationError(
+                    "You should provide a parent certificate if you provide an issuer passphrase"
+                )
         return passphrase_issuer
 
     def validate_passphrase_out_confirmation(self, passphrase_out_confirmation):

diff --git a/certificate_engine/ssl/certificate.py b/certificate_engine/ssl/certificate.py
@@ -458,7 +458,7 @@ def _get_issuer_key(cert_request, passphrase_issuer):
         try:
             if cert_request.parent:
                 issuer_key = Key().load(cert_request.parent.keystore.key, passphrase_issuer)
-        except ValueError:
+        except (ValueError, TypeError):
             raise PassPhraseError("Bad passphrase, could not decode issuer key")
         return issuer_key
 

diff --git a/certificate_engine/ssl/key.py b/certificate_engine/ssl/key.py
@@ -111,7 +111,7 @@ def load(self, pem: str, passphrase: Optional[str] = None) -> "Key":
                 pem.encode("utf-8"), passphrase.encode("utf-8") if passphrase else None, backend=default_backend()
             )
             self._key = cast(CERTIFICATE_PRIVATE_KEY_TYPES, deserialized_key)
-        except ValueError:
+        except (ValueError, TypeError):
             raise ValueError("Bad decrypt. Incorrect password?")
         return self
 

diff --git a/changelog.md b/changelog.md
@@ -1,6 +1,9 @@
 # Change Log
 The BounCA change history
 
+## [0.4.3] - Release 2023-02-21
+* Bugfix when creating root certificate dont check for issuer passphrase
+
 ## [0.4.2] - Release 2023-02-15
 * Dont check policies when revoking a certificate