def __init__(self, *args, **kargs):
        CertificateFactory.__init__(self, *args, **kargs)

        # Transform key/signature algorithm to suitable values for keytool
        if not self.parent:
            self.keyalg = self.keyalg.upper()
            self.sigalg = self.sigalg.upper() + "with" + self.keyalg;

        # Create the CA self-signed certificate
        if not self.cacert.exists():
            cacert = self.cacert

            subAltName = cacert.getAlternativeName()
            issuerAltName = self.parent.cacert.getAlternativeName() if self.parent else None
            ext = "-ext bc:c" + \
                  ((" -ext san=" + subAltName) if subAltName else "") + \
                  ((" -ext ian=" + issuerAltName) if issuerAltName else "")

            if not self.parent:
                cacert.keyTool("genkeypair", ext, validity=self.validity, sigalg=self.sigalg)
            else:
                self.cacert = self.parent.cacert
                cacert.keyTool("genkeypair")
                pem = cacert.keyTool("gencert", ext, validity = self.validity, stdin=cacert.keyTool("certreq"))
                chain = ""
                parent = self.parent
                while parent:
                    chain += d(read(parent.cacert.pem))
                    parent = parent.parent
                cacert.keyTool("importcert", stdin=chain + d(pem))

            self.cacert = cacert
            self.cacert.generatePEM()
    def _generateChild(self, cert, serial, validity):
        subAltName = cert.getAlternativeName()
        issuerAltName = self.cacert.getAlternativeName()

        # Generate a certificate/key pair
        cert.keyTool("genkeypair")

        # Create a certificate signing request
        req = cert.keyTool("certreq")

        ext = "-ext ku:c=dig,keyEnc" + \
              ((" -ext san=" + subAltName) if subAltName else "") + \
              ((" -ext ian=" + issuerAltName) if issuerAltName else "")

        # Sign the certificate with the CA
        if validity is None or validity > 0:
            pem = cert.keyTool("gencert", ext, validity = (validity or self.validity), stdin=req)
        else:
            pem = cert.keyTool("gencert", ext, startdate = "{validity}d".format(validity=validity), validity=-validity,
                               stdin=req)

        # Concatenate the CA and signed certificate and re-import it into the keystore
        chain = []
        parent = self
        while parent:
            chain.append(d(read(parent.cacert.pem)))
            parent = parent.parent
        cert.keyTool("importcert", stdin="".join(chain) + d(pem))

        return cert
Beispiel #3
0
    def toText(self):
        s = """Version: %s
Serial Number: %s
Signature Algorithm: %s
Issuer: %s
Validity:
   Not before: %s
   Not after: %s
Subject: %s
Subject Public Key Size: %s
X509v3 extensions:""" % (self.x509.get_version() + 1,
                         self.x509.get_serial_number(),
                         self.x509.get_signature_algorithm(),
                         str(self.x509.get_issuer()).replace(
                             "<X509Name object '", "").replace("'>", ""),
                         datetime.datetime.strptime(
                             d(self.x509.get_notBefore()), "%Y%m%d%H%M%SZ"),
                         datetime.datetime.strptime(
                             d(self.x509.get_notAfter()), "%Y%m%d%H%M%SZ"),
                         str(self.x509.get_subject()).replace(
                             "<X509Name object '", "").replace(
                                 "'>", ""), str(self.x509.get_pubkey().bits()))
        for i in range(0, self.x509.get_extension_count()):
            ext = self.x509.get_extension(i)
            s += "\n    " + d(ext.get_short_name()).strip(
            ) + ":\n        " + str(ext).replace("\n", "\n        ")
        return s
    def __init__(self, *args, **kargs):
        CertificateFactory.__init__(self, *args, **kargs)

        # Transform key/signature algorithm to suitable values for keytool
        if not self.parent:
            self.keyalg = self.keyalg.upper()
            self.sigalg = self.sigalg.upper() + "with" + self.keyalg;

        # Create the CA self-signed certificate
        if not self.cacert.exists():
            cacert = self.cacert

            subAltName = cacert.getAlternativeName()
            issuerAltName = self.parent.cacert.getAlternativeName() if self.parent else None
            ext = "-ext bc:c" + \
                  ((" -ext san=" + subAltName) if subAltName else "") + \
                  ((" -ext ian=" + issuerAltName) if issuerAltName else "")\
                  ((" -ext eku=" + self.extendedKeyUsage) if  self.extendedKeyUsage else "")

            if not self.parent:
                cacert.keyTool("genkeypair", ext, validity=self.validity, sigalg=self.sigalg)
            else:
                self.cacert = self.parent.cacert
                cacert.keyTool("genkeypair")
                pem = cacert.keyTool("gencert", ext, validity = self.validity, stdin=cacert.keyTool("certreq"))
                chain = ""
                parent = self.parent
                while parent:
                    chain += d(read(parent.cacert.pem))
                    parent = parent.parent
                cacert.keyTool("importcert", stdin=chain + d(pem))

            self.cacert = cacert
            self.cacert.generatePEM()
    def _generateChild(self, cert, serial, validity):
        subAltName = cert.getAlternativeName()
        issuerAltName = self.cacert.getAlternativeName()
        extendedKeyUsage = cert.getExtendedKeyUsage()

        # Generate a certificate/key pair
        cert.keyTool("genkeypair")

        # Create a certificate signing request
        req = cert.keyTool("certreq")

        ext = "-ext ku:c=dig,keyEnc" + \
              ((" -ext san=" + subAltName) if subAltName else "") + \
              ((" -ext ian=" + issuerAltName) if issuerAltName else "") + \
              ((" -ext eku=" + extendedKeyUsage) if extendedKeyUsage else "")

        # Sign the certificate with the CA
        if validity is None or validity > 0:
            pem = cert.keyTool("gencert", ext, validity = (validity or self.validity), stdin=req)
        else:
            pem = cert.keyTool("gencert", ext, startdate = "{validity}d".format(validity=validity), validity=-validity,
                               stdin=req)

        # Concatenate the CA and signed certificate and re-import it into the keystore
        chain = []
        parent = self
        while parent:
            chain.append(d(read(parent.cacert.pem)))
            parent = parent.parent
        cert.keyTool("importcert", stdin="".join(chain) + d(pem))

        return cert
    def savePKCS12(self,
                   path,
                   password=None,
                   chain=True,
                   root=False,
                   addkey=None):
        if addkey is None:
            addkey = self != self.parent.cacert

        chainfile = None
        if chain:
            # Save the certificate chain to PKCS12
            certs = ""
            parent = self.parent
            while parent if root else parent.parent:
                certs += d(read(parent.cacert.pem))
                parent = parent.parent
            if len(certs) > 0:
                (f, chainfile) = tempfile.mkstemp()
                os.write(f, b(certs))
                os.close(f)

        key = "-inkey={0}".format(self.key) if addkey else "-nokeys"
        try:
            self.openSSL("pkcs12",
                         out=path,
                         inkey=self.key,
                         certfile=chainfile,
                         password=password or "password")
        finally:
            if chainfile:
                os.remove(chainfile)
        return self
    def toText(self):
        s = """Version: %s
Serial Number: %s
Signature Algorithm: %s
Issuer: %s
Validity:
   Not before: %s
   Not after: %s
Subject: %s
X509v3 extensions:""" % (self.x509.get_version() + 1,
                         self.x509.get_serial_number(),
                         self.x509.get_signature_algorithm(),
                         str(self.x509.get_issuer()).replace("<X509Name object '", "").replace("'>", ""),
                         datetime.datetime.strptime(d(self.x509.get_notBefore()), "%Y%m%d%H%M%SZ"),
                         datetime.datetime.strptime(d(self.x509.get_notAfter()), "%Y%m%d%H%M%SZ"),
                         str(self.x509.get_subject()).replace("<X509Name object '", "").replace("'>", ""))
        for i in range(0, self.x509.get_extension_count()):
            ext = self.x509.get_extension(i)
            s += "\n    " + d(ext.get_short_name()).strip() + ":\n        " + str(ext).replace("\n", "\n        ")
        return s
    def savePKCS12(self, path, password=None, chain=True, root=False, addkey=None):
        if addkey is None:
            addkey = self != self.parent.cacert

        chainfile = None
        if chain:
            # Save the certificate chain to PKCS12
            certs = ""
            parent = self.parent
            while parent if root else parent.parent:
                certs += d(read(parent.cacert.pem))
                parent = parent.parent
            if len(certs) > 0:
                (f, chainfile) = tempfile.mkstemp()
                os.write(f, b(certs))
                os.close(f)

        key = "-inkey={0}".format(self.key) if addkey else "-nokeys"
        try:
            self.openSSL("pkcs12", out=path, inkey=self.key, certfile=chainfile, password=password or "password")
        finally:
            if chainfile:
                os.remove(chainfile)
        return self
 def toText(self):
     return d(self.parent.keyTool("printcert", "-v", stdin = self.keyTool("exportcert")))
 def getSubjectHash(self):
     return d(self.openSSL("x509", "-noout", "-subject_hash"))
 def toText(self):
     return d(self.openSSL("x509", "-noout", "-text"))
 def load(self):
     subject = d(self.openSSL("x509", "-noout", "-subject"))
     if subject:
         self.dn = DistinguishedName.parse(subject[subject.find("=") +
                                                   1:].replace("/", ","))
     return self
 def toText(self):
     return d(self.parent.keyTool("printcert", "-v", stdin = self.keyTool("exportcert")))
 def getSubjectHash(self):
     return d(self.openSSL("x509", "-noout", "-subject_hash"))
 def toText(self):
     return d(self.openSSL("x509", "-noout", "-text"))
 def load(self):
     subject = d(self.openSSL("x509", "-noout", "-subject"))
     if subject:
         self.dn = DistinguishedName.parse(subject[subject.find("=") + 1:].replace("/", ","))
     return self