diff --git a/gimmecert/commands.py b/gimmecert/commands.py index 82c406cf50586e78fdaac025df710fc46d6800fe..18a58d706b49329e0a48c8a5f8bc58f418fa434c 100644 --- a/gimmecert/commands.py +++ b/gimmecert/commands.py @@ -111,7 +111,7 @@ def init(stdout, stderr, project_directory, ca_base_name, ca_hierarchy_depth, ke return ExitCode.SUCCESS -def server(stdout, stderr, project_directory, entity_name, extra_dns_names, custom_csr_path): +def server(stdout, stderr, project_directory, entity_name, extra_dns_names, custom_csr_path, key_specification): """ Issues a server certificate using the CA hierarchy initialised within the specified directory. @@ -139,8 +139,13 @@ def server(stdout, stderr, project_directory, entity_name, extra_dns_names, cust :type extra_dns_names: list[str] :param custom_csr_path: Path to custom certificate signing request to use for issuing client certificate. Set to None or "" to generate private key. + Do not use together with key_specification. :type custom_csr_path: str or None + :param key_specification: Key specification to use when generating private keys for the server. Ignored if custom_csr_path is specified. Set to None to + default to issuing CA hiearchy algorithm and parameters. + :type key_specification: tuple(str, int) or None + :returns: Status code, one from gimmecert.commands.ExitCode. :rtype: int """ @@ -175,7 +180,8 @@ def server(stdout, stderr, project_directory, entity_name, extra_dns_names, cust public_key = csr.public_key() private_key = None else: - key_specification = gimmecert.crypto.key_specification_from_public_key(issuer_private_key.public_key()) + if not key_specification: + key_specification = gimmecert.crypto.key_specification_from_public_key(issuer_private_key.public_key()) key_generator = gimmecert.crypto.KeyGenerator(key_specification[0], key_specification[1]) private_key = key_generator() public_key = private_key.public_key()