Skip to content

Commit

Permalink
attempt to add HSM support directly
Browse files Browse the repository at this point in the history
  • Loading branch information
mathiasertl committed Jul 26, 2024
1 parent 2804cfb commit 17f595f
Show file tree
Hide file tree
Showing 15 changed files with 1,093 additions and 12 deletions.
16 changes: 16 additions & 0 deletions ca/ca/test_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"""Test settings for the django-ca project."""

import json
import os
from pathlib import Path

# Base paths in this project
Expand Down Expand Up @@ -195,6 +196,14 @@
"BACKEND": "django_ca.key_backends.storages.StoragesBackend",
"OPTIONS": {"storage_alias": "secondary"},
},
# "softhsm": {
# "BACKEND": "django_ca.key_backends.hsm.HSMBackend",
# "OPTIONS": {
# "module": "/usr/lib/softhsm/libsofthsm2.so",
# "token": "my_test_token_1",
# "pin": "1234",
# },
# },
}

# Custom settings
Expand Down Expand Up @@ -253,3 +262,10 @@
CA_PASSWORDS = {
_fixture_data["certs"]["pwd"]["serial"]: _fixture_data["certs"]["pwd"]["password"].encode("utf-8"),
}


# PKCS11 settings
PKCS11_PATH = os.environ.get("PKCS11_LIBRARY", "/usr/lib/softhsm/libsofthsm2.so")
PKCS11_TOKEN_LABEL = "my_test_token_1"
PKCS11_SO_PIN = "so-pin-1234"
PKCS11_USER_PIN = "user-pin-1234"
5 changes: 2 additions & 3 deletions ca/django_ca/key_backends/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -213,13 +213,12 @@ def get_use_parent_private_key_options(

@abc.abstractmethod
def get_use_private_key_options(
self, ca: Optional["CertificateAuthority"], options: dict[str, Any]
self, ca: "CertificateAuthority", options: dict[str, Any]
) -> UsePrivateKeyOptionsTypeVar:
"""Get options to use the private key of a certificate authority.
The returned model will be used for the certificate authority `ca`. You can pass it as extra context
to influence model validation. If `ca` is ``None``, it indicates that the CA is currently being
created via :command:`manage.py init_ca`.
to influence model validation.
`options` is the dictionary of arguments to :command:`manage.py init_ca` (including default values).
The key backend is expected to be able to sign certificates and CRLs using the options provided here.
Expand Down
18 changes: 18 additions & 0 deletions ca/django_ca/key_backends/hsm/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# This file is part of django-ca (https://github.com/mathiasertl/django-ca).
#
# django-ca is free software: you can redistribute it and/or modify it under the terms of the GNU General
# Public License as published by the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# django-ca is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License along with django-ca. If not, see
# <http://www.gnu.org/licenses/>.

"""HSM backend module."""

from django_ca.key_backends.hsm.backend import HSMBackend

__all__ = ("HSMBackend",)
Loading

0 comments on commit 17f595f

Please sign in to comment.