claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity

fix: validate algorithm parameter in PKI methods

Browse Source
This commit is contained in:
Username
2025-12-25 00:26:23 +01:00
parent 79b12cc3b3
commit d1df8c4f76
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/pki.py
View File

@@ -310,6 +310,10 @@ class PKI:
if self.has_ca():
raise CAExistsError("CA already exists")
# Validate algorithm (only EC supported for now)
if algorithm != "ec":
raise PKIError(f"Unsupported algorithm: {algorithm} (only 'ec' supported)")
# Generate EC key
curves = {
"secp256r1": ec.SECP256R1(),
@@ -532,6 +536,10 @@ class PKI:
if days is None:
days = self.cert_days
# Validate algorithm (only EC supported for now)
if algorithm != "ec":
raise PKIError(f"Unsupported algorithm: {algorithm} (only 'ec' supported)")
ca_key, ca_cert = self._get_signing_key()
assert self._ca_store is not None # narrowing for mypy (validated in _get_signing_key)