def do(self, args): args = self.parser.parse_args(args) cert = None if args.dn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.dn) if not cert: raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn) if args.name != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName(args.name) if not cert: raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name) if not cert: raise Exception(_("CLI_NO_DN_NAME_SET_ERROR")) if cert.isSelfSigned(): if not cert.isCA(): raise Exception(_("CLI_RENEW_SELFSIGN_NOT_IMPLEMENTED")) cert = cert.renew(cert) else: cert = cert.getIssuerCa().renewCertificate(cert, args.validity[0], args.validity[1])
def do(self, args): args = self.parser.parse_args(args) if args.selfsigned: self.printSelfSigned(args.verbose) return cert = None if args.dn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.dn) if not cert: raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn) if args.name != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName(args.name) if not cert: raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name) if cert: self.printTreeCA(cert, 0, args.verbose) else: rootCAList = DBHelper.getInstance().getRootCAList() if len(rootCAList) == 0: print _("CLI_LIST_NO_AC_FOUND") else: for r in rootCAList: self.printTreeCA(r, 0, args.verbose)
def do(self, args): args = self.parser.parse_args(args) cert = None if args.dn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.dn) if not cert: raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn) if args.name != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName(args.name) if not cert: raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name) if not cert: raise Exception(_("CLI_NO_DN_NAME_SET_ERROR")) der = cert.getX509CertDER() tmpfile = "./%s_cert.der.tmp" % cert.getCacheDN() f = open(tmpfile, "w") f.write(der) f.close() #FIXME devrait être fait directement avec la libopenssl plutot que via un appel out = subprocess.check_output( "openssl x509 -inform der -text -noout -in %s" % tmpfile, shell=True) sys.stdout.write(out) os.remove(tmpfile)
def parseSAN(string): try: san, sep, value = string.partition(":") san = san.lower() try: return anssipki.SANFromStr(san), value except Exception, e: raise Exception(_("CLI_INVALID_SAN") % san) except ValueError, e: raise Exception(_("CLI_INVALID_SAN") % string)
def __init__(self, action=None): super(CLIShowCertificate, self).__init__(action) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP"))
def __init__(self, action): super(CLIAttachCA, self).__init__(action) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--in", help=_("CLI_IMPORT_IN_OPTION_HELP"))
def __init__(self, action): super(CLICreateCRL, self).__init__(action) self.parser.add_argument("--issuername", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--issuerdn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--out", help=_("CLI_CREATECRL_OUT_OPTION_HELP"))
def __init__(self, action): super(CLIRevoke, self).__init__(action) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--reason", type=str, action=UniqueAppendAction, help=_("CLI_REVOKE_REASON_OPTION_HELP")),
def __init__(self, action): super(CLIRenewCertificate, self).__init__(action) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--validity", type=parseValidity, action=UniqueAppendAction, help=_("CLI_VALIDITY_OPTION_HELP"))
def parseExtendedKeyUsage(string): res = set() for ku in string.split(':'): try: res.add(anssipki.extendedKeyUsageFromStr(ku)) except Exception, e: raise Exception(_("CLI_INVALID_EKU") % ku)
def parseTemplate(self, filename, parser, oldargs): template_filepath = None for template_dir in Conf.getValue("TEMPLATES_DIR"): if os.path.exists(template_dir + "/" + filename + ".tpl"): template_filepath = template_dir + "/" + filename + ".tpl" if not template_filepath: raise Exception(_("CLI_TEMPLATE_NOT_FOUND_ERROR") % filename) args = [] template = ConfigParser.ConfigParser() with open(template_filepath, "r") as fp: template.readfp(fp) if 'PARENT' in template.sections(): for (i, v) in template.items('PARENT'): if i != 'template': raise Exception("%s: Invalid key in PARENT section." % filename) oldargs = self.parseTemplate(v, parser, oldargs) # Autorise les templates avec juste une section PARENT, sorte de template 'alias' if 'CERTIFICATE' not in template.sections(): return args else: if 'CERTIFICATE' not in template.sections(): raise Exception( "Can't find group [CERTIFICATE] in template file : %s" % filename) for (i, v) in template.items('CERTIFICATE'): override = False for arg in sys.argv: if arg.find("--" + i) == 0: override = True break if not override: args.append("--" + i + "=" + v) return parser.parse_args(args, oldargs)
def do(self, args): args = self.parser.parse_args(args) cert = None if args.dn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.dn) if not cert: raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn) if args.name != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName(args.name) if not cert: raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name) if not cert: raise Exception(_("CLI_NO_DN_NAME_SET_ERROR")) feedCard(cert)
def do(self, args): args = self.parser.parse_args(args) cert = None if args.issuerdn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.issuerdn) if not cert: raise Exception( _("CLI_DN_CERT_NOT_FOUND_ERROR") % args.issuerdn) if args.issuername != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName( args.issuername) if not cert: raise Exception( _("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.issuername) if not cert: raise Exception(_("CLI_NO_DN_NAME_SET_ERROR")) if not cert.isCA(): raise Exception(_("CLI_DN_CERT_NOT_A_CA_ERROR") % args.issuerdn) crl = cert.buildCRL() if args.out != None: outputFile = args.out else: outputFile = "./%s.crl" % cert.getName() with open(outputFile, "w") as f: f.write(crl) print _("CLI_CRL_WRITTEN_TO") % outputFile
def do(self, args): args = self.parser.parse_args(args) cert = None if args.dn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.dn) if not cert: raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn) if args.name != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName(args.name) if not cert: raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name) if not cert.isCA(): raise Exception(_("CLI_DN_CERT_NOT_A_CA_ERROR") % cert.getName()) if not cert.isSelfSigned(): raise Exception( _("CLI_DN_CERT_NOT_SELFSIGNED_ERROR") % cert.getName()) if vars(args)['in'] == None: raise Exception(_("CLI_IMPORT_NO_IN_ERROR")) with open(vars(args)['in'], "r") as fp: der = fp.read() if not cert.attachCA(der): raise Exception(_("CLI_ATTACH_ERROR"))
def parseCertPolicy(string): #FIXME add regex check policies = {} for pol in string.split("|"): oid, sep, cps = pol.partition(":") if oid in policies: raise Exception(_("CLI_CERT_POL_OID_REDEFINITION")) policies[oid] = cps return policies
def __init__(self, action=None): super(CLIListCertificates, self).__init__(action) self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--verbose", default=False, action='store_true', help="") self.parser.add_argument("--selfsigned", default=False, action='store_true', help="")
def do(self, args): args = self.parser.parse_args(args) # list sign algo print _("CLI_AVAILABLE_SIGNALGO") for sa in anssipki.P11Helper.getInstance().listAvailableSignAlgorithms( ): print "\t", sa # list templates print _("CLI_AVAILABLE_TEMPLATES") for tmpDir in Conf.getValue('TEMPLATES_DIR'): for tmp in [ f for f in listdir(tmpDir) if (isfile(join(tmpDir, f)) and f.endswith(".tpl")) ]: print "\t", tmp[:-4] template = parseTemplate(tmp[:-4])['values'] for i in template: print "\t ", i, "=", template[i]
def do(self, args): args = self.parser.parse_args(args) cert = None if args.dn != None: cert = DBHelper.getInstance().getCertificateFromDN(args.dn) if not cert: raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn) if args.name != None: if cert: raise Exception(_("CLI_DN_AND_NAME_SET_ERROR")) cert = DBHelper.getInstance().getCertificateFromName(args.name) if not cert: raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name) if cert: logs = DBHelper.getInstance().getCertLogActions(cert.getDbCertID()) else: logs = DBHelper.getInstance().getLogActions() for l in logs: print l
def __init__(self, action): super(CLIExportCertificate, self).__init__(action) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--out", help=_("CLI_EXPORT_OUT_OPTION_HELP")) if action == "exportp12" or action == "exportcert": self.parser.add_argument("--chain", default=False, action='store_true', help=_("CLI_EXPORT_CHAIN_OPTION_HELP")) if action == "exportp12": self.parser.add_argument("--password", action=UniqueAppendAction, help=_("CLI_EXPORT_PASSWORD_OPTION_HELP")) self.parser.add_argument("--randpass", default=False, action='store_true', help=_("CLI_EXPORT_RANDPASS_OPTION_HELP"))
def usage(): print "\t" + ', '.join( CLICreateCRL.actions) + ": " + _("CLI_CREATECRL_USAGE")
def usage(): print "\t" + ', '.join( CLIRevoke.actions) + ": " + _("CLI_REVOKE_USAGE")
def parseSignAlgo(string): if anssipki.SignAlgoStrToP11Mech(string) == 0: raise Exception(_("CLI_INVALID_SIGN_ALGO") % string) return string def parseKeyUsage(string): res = set() for ku in string.split(':'): try: res.add(anssipki.keyUsageFromStr(ku)) except Exception, e: raise Exception(_("CLI_INVALID_KU") % ku) if len(res) == 0: raise Exception(_("CLI_INVALID_KU") % string) return res def parseExtendedKeyUsage(string): res = set() for ku in string.split(':'): try: res.add(anssipki.extendedKeyUsageFromStr(ku)) except Exception, e: raise Exception(_("CLI_INVALID_EKU") % ku) if len(res) == 0: raise Exception(_("CLI_INVALID_EKU") % string) return res def parseSAN(string):
def __init__(self, action): super(CLICreateCertificate, self).__init__(action) self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction, help=_("CLI_NAME_OPTION_HELP")) self.parser.add_argument("--template", action=UniqueAppendAction, help=_("CLI_CREATE_CERT_TEMPLATE_HELP")), self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction, help=_("CLI_DN_OPTION_HELP")) self.parser.add_argument("--validity", type=parseValidity, action=UniqueAppendAction, help=_("CLI_VALIDITY_OPTION_HELP")) self.parser.add_argument("--keysize", type=int, action=UniqueAppendAction, help=_("CLI_KEYSIZE_OPTION_HELP")), self.parser.add_argument("--keyalgo", type=parseKeyAlgo, action=UniqueAppendAction, help=_("CLI_KEYALGO_OPTION_HELP")), self.parser.add_argument("--signalgo", type=parseSignAlgo, action=UniqueAppendAction, help=_("CLI_SIGNALGO_OPTION_HELP")), if action == "createsubca" or action == "createcert": self.parser.add_argument("--issuerdn", type=parseDN, action=UniqueAppendAction, help=_("CLI_ISSUERDN_OPTION_HELP")), if action == "createcert": self.parser.add_argument("--smartcard", default=False, action='store_true', help=_("CLI_SMARTCARD_OPTION_HELP")) self.parser.add_argument("--selfsigned", default=False, action='store_true', help=_("CLI_SELFSIGNED_OPTION_HELP")), self.parser.add_argument("--keyusage", type=parseKeyUsage, action=UniqueAppendAction, help=_("CLI_KU_OPTION_HELP")), self.parser.add_argument("--extkeyusage", type=parseExtendedKeyUsage, action=UniqueAppendAction, help=_("CLI_EKU_OPTION_HELP")) self.parser.add_argument("--san", type=parseSAN, action='append', help=_("CLI_SAN_OPTION_HELP")) self.parser.add_argument("--OSSLextension", type=str, action='append', help=_("CLI_OSSLEXT_OPTION_HELP")) self.parser.add_argument("--certpolicies", type=parseCertPolicy, action=UniqueAppendAction, help=_("CLI_CERTPOL_OPTION_HELP"))
def usage(): print "\t" + ', '.join( CLIListCertificates.actions) + ": " + _("CLI_LIST_USAGE")
def parseSignAlgo(string): if anssipki.SignAlgoStrToP11Mech(string) == 0: raise Exception(_("CLI_INVALID_SIGN_ALGO") % string) return string
def do(self, args): args = self.parser.parse_args(args) createCA = self.action == 'createca' createSubCA = self.action == 'createsubca' createCert = self.action == 'createcert' selfsigned = False useSmartcard = False sanOpt = None osslExtOpt = None if createCA: selfsigned = True if createSubCA: selfsigned = False if createCert: selfsigned = args.selfsigned useSmartcard = args.smartcard sanOpt = args.san osslExtOpt = args.OSSLextension if args.template: args = self.parseTemplate(args.template, self.parser, args) if args.dn == None: raise Exception(_("CLI_DN_NOT_SET_ERROR")) if args.validity == None: raise Exception(_("CLI_VALIDITY_NOT_SET_ERROR")) if createCert and args.keyusage == None: raise Exception(_("CLI_KU_NOT_SET_ERROR")) if (selfsigned or createCA) and args.signalgo == None: raise Exception(_("CLI_SA_NOT_SET_ERROR")) if createCert and selfsigned and args.issuerdn != None: raise Exception(_("CLI_ISSUER_AND_SS_SET_ERROR")) if not createCA and not selfsigned and args.issuerdn == None: raise Exception(_("CLI_NO_ISSUER_SET_ERROR")) if args.keysize == None: raise Exception(_("CLI_KS_NOT_SET_ERROR")) if args.keyalgo == None: raise Exception(_("CLI_KA_NOT_SET_ERROR")) if createCert and anssipki.KeyCertSign in args.keyusage: raise Exception(_("CLI_CREATECERT_KCS_KU_SET_ERROR")) if DBHelper.getInstance().getCertificateFromDN(args.dn) != None: raise Exception(_("CLI_CERT_DN_ALREADY_EXISTS") % args.dn) csr = CSR(args.dn, createCA or createSubCA) csr.setKeyOptions(args.keyalgo, args.keysize, useSmartcard) if not createCA and not createSubCA and args.keyusage: for ku in args.keyusage: csr.setKeyUsage(ku) if not createCA and not createSubCA and args.extkeyusage: for ku in args.extkeyusage: csr.setExtendedKeyUsage(ku) if sanOpt: for s, v in sanOpt: csr.addSubjectAltName(s, v) if args.certpolicies: for oid in args.certpolicies: csr.addCertificatePolicy(oid, args.certpolicies[oid]) if osslExtOpt: for OSSLextension in osslExtOpt: csr.addOSSLextension(OSSLextension) certificate = None if selfsigned: certificate = csr.selfSign(args.validity[0], args.validity[1], args.signalgo) else: issuer = DBHelper.getInstance().getCertificateFromDN(args.issuerdn) if not issuer: raise Exception( _("CLI_DN_CERT_NOT_FOUND_ERROR") % args.issuerdn) if not issuer.isCA(): raise Exception( _("CLI_DN_CERT_NOT_A_CA_ERROR") % args.issuerdn) certificate = issuer.signCSR(csr, args.validity[0], args.validity[1], args.signalgo) if args.name != None: DBHelper.getInstance().changeCertificateInternalName( certificate, args.name) if not certificate: raise Exception(_("CLI_CERT_CREATION_ERROR"))
def usage(): print "\t" + "feedcard: %s" % _("CLI_FEEDCARD_USAGE")
def usage(): print "\t" + ', '.join( CLIRenewCertificate.actions) + ": " + _("CLI_RENEW_USAGE")
def parseKeyAlgo(string): try: return anssipki.keyPairAlgoFromStr(string) except Exception, e: raise Exception(_("CLI_INVALID_KEY_ALGO") % string)
def usage(): print "\t" + "createca: " + _("CLI_CREATECA_USAGE") print "\t" + "createsubca: " + _("CLI_CREATESUBCA_USAGE") print "\t" + "createcert: " + _("CLI_CREATECERT_USAGE")