Beispiel #1
0
 def save(self):
     """Save the Certificate object"""
     
     if self.pk:
         if self.action in ('update', 'revoke', 'renew'):
             
             action = OpensslActions(self)
             prev   = Certificate.objects.get(pk=self.pk)
             
             if self.action == 'update':
                 
                 ## Create or remove DER certificate
                 if self.der_encoded:
                     action.generate_der_encoded()
                 else:
                     action.remove_der_encoded()
                 
                 ## Create or remove PKCS12 certificate
                 if self.pkcs12_encoded:
                     if prev.pkcs12_encoded and prev.pkcs12_passphrase == self.pkcs12_passphrase:
                         logger.debug( 'PKCS12 passphrase is unchanged. Nothing to do' )
                     else:
                         action.generate_pkcs12_encoded()
                 else:
                     action.remove_pkcs12_encoded()
                     self.pkcs12_passphrase = None
                     prev.pkcs12_passphrase = None
                 
                 if self.pkcs12_passphrase:
                     prev.pkcs12_passphrase = md5_constructor(self.pkcs12_passphrase).hexdigest()
                 else:
                     prev.pkcs12_passphrase = None
                 
                 prev.description    = self.description
                 prev.der_encoded    = self.der_encoded
                 prev.pkcs12_encoded = self.pkcs12_encoded
                 prev.pem_encoded    = True
                 
             elif self.action == 'revoke':
                 
                 ## Revoke and generate CRL
                 action.revoke_certificate(self.parent_passphrase)
                 action.generate_crl(self.parent.name, self.parent_passphrase)
                 
                 ## Modify fields
                 prev.parent_passphrase = None
                 prev.active            = False
                 prev.der_encoded       = False
                 prev.pem_encoded       = False
                 prev.pkcs12_encoded    = False
                 prev.revoked = datetime.datetime.now()
                 
             elif self.action == 'renew':
                 
                 ## Revoke if certificate is active
                 if not action.get_revoke_status_from_cert():
                     action.revoke_certificate(self.parent_passphrase)
                 
                 ## Renew and update CRL
                 action.renew_certificate()
                 action.generate_crl(self.parent.name, self.parent_passphrase)
                 
                 ## Modify fields
                 prev.created = datetime.datetime.now()
                 delta = datetime.timedelta(self.valid_days)
                 prev.expiry_date = datetime.datetime.now() + delta
                 
                 prev.parent_passphrase = None
                 prev.active            = True
                 prev.pem_encoded       = True
                 prev.der_encoded       = self.der_encoded
                 prev.pkcs12_encoded    = self.pkcs12_encoded
                 prev.revoked           = None
                 prev.valid_days = self.valid_days
                 
                 ## Get the new serial
                 prev.serial     = action.get_serial_from_cert()
                 #prev.passphrase = md5_constructor(self.passphrase).hexdigest()
             
             ## Save the data
             self = prev
             self.action = 'update'
             
             super(Certificate, self).save()
     else:
         ## Set creation data
         self.created = datetime.datetime.now()
         delta = datetime.timedelta(self.valid_days)
         self.expiry_date = datetime.datetime.now() + delta
         
         ## Force instance to be active
         self.active = True
         
         logger.info( "***** { New certificate generation: %s } *****" % self.name )
         
         ## Generate key and certificate
         action = OpensslActions(self)
         
         action.generate_key()
         action.generate_csr()
         action.sign_csr()
         
         ## Get the serial from certificate
         self.serial = action.get_serial_from_cert()
         
         self.ca_chain = self.parent.ca_chain
         if self.ca_chain == 'self-signed':
             self.ca_chain = self.parent.name
         
         self.pem_encoded = True
         
         ## Create or remove DER certificate
         if self.der_encoded:
             action.generate_der_encoded()
         else:
             action.remove_der_encoded()
         
         ## Create or remove PKCS12 certificate
         if self.pkcs12_encoded:
             action.generate_pkcs12_encoded()
         else:
             action.remove_pkcs12_encoded()
         
         if self.pkcs12_passphrase:
             self.pkcs12_passphrase = md5_constructor(self.pkcs12_passphrase).hexdigest()
         
         ## Encrypt passphrase and blank parent's passphrase
         if self.passphrase:
             self.passphrase = md5_constructor(self.passphrase).hexdigest()
         
         self.parent_passphrase = None
         
         ## Save the data
         super(Certificate, self).save()
Beispiel #2
0
 def save(self, force_insert=False, force_update=False):
     """Save the CertificateAuthority object"""
     
     if self.pk:
         ### existing CA
         if self.action in ('update', 'revoke', 'renew'):
             
             action = OpensslActions(self)
             prev   = CertificateAuthority.objects.get(pk=self.pk)
             
             if self.action == 'update':
                 
                 ## Create or remove DER certificate
                 if self.der_encoded:
                     action.generate_der_encoded()
                 else:
                     action.remove_der_encoded()
                 
                 prev.description = self.description
                 prev.der_encoded = self.der_encoded
                 
             elif self.action == 'revoke':
                 
                 ## DB-revoke all related certs
                 garbage = []
                 id_dict = { 'cert': [], 'ca': [], }
                 
                 from pki.views import chain_recursion as r_chain_recursion
                 r_chain_recursion(self.id, garbage, id_dict)
                 
                 for i in id_dict['cert']:
                     x = Certificate.objects.get(pk=i)
                     x.active         = False
                     x.der_encoded    = False
                     x.pem_encoded    = False
                     x.pkcs12_encoded = False
                     x.revoked        = datetime.datetime.now()
                     
                     super(Certificate, x).save()
                 
                 for i in id_dict['ca']:
                     x = CertificateAuthority.objects.get(pk=i)
                     x.active       = False
                     x.der_encoded  = False
                     x.pem_encoded  = False
                     x.revoked      = datetime.datetime.now()
                     
                     super(CertificateAuthority, x).save()
                 
                 ## Revoke and generate CRL
                 action.revoke_certificate(self.parent_passphrase)
                 action.generate_crl(self.parent.name, self.parent_passphrase)
                 
                 ## Modify fields
                 prev.parent_passphrase = None
                 prev.active            = False
                 prev.der_encoded       = False
                 prev.pem_encoded       = False
                 prev.revoked = datetime.datetime.now()
                 
             elif self.action == 'renew':
                 
                 ## Revoke if certificate is active
                 if self.parent and not action.get_revoke_status_from_cert():
                     action.revoke_certificate(self.parent_passphrase)
                     action.generate_crl(self.parent.name, self.parent_passphrase)
                 
                 ## Rebuild the ca metadata
                 self.rebuild_ca_metadata(modify=True, task='replace')
                 
                 ## Renew certificate and update CRL
                 if self.parent == None:
                     action.generate_self_signed_cert()
                     action.generate_crl(self.name, self.passphrase)
                 else:
                     action.renew_certificate()
                     action.generate_crl(self.parent.name, self.parent_passphrase)
                 
                 action.update_ca_chain_file()
                 
                 ## Modify fields
                 prev.created = datetime.datetime.now()
                 delta = datetime.timedelta(self.valid_days)
                 prev.expiry_date = datetime.datetime.now() + delta
                 prev.valid_days = self.valid_days
                 
                 prev.parent_passphrase = None
                 prev.active            = True
                 prev.pem_encoded       = True
                 prev.der_encoded       = self.der_encoded
                 prev.revoked           = None
                 
                 ## Get the new serial
                 prev.serial     = action.get_serial_from_cert()
                 #prev.passphrase = md5_constructor(self.passphrase).hexdigest()
             
             ## Save the data
             self = prev
             self.action = 'update'
             
             super(CertificateAuthority, self).save()
         else:
             
             raise Exception( 'Invalid action %s supplied' % self.action )
     else:
         ## Set creation data
         self.created = datetime.datetime.now()
         delta = datetime.timedelta(self.valid_days)
         self.expiry_date = datetime.datetime.now() + delta
         
         ## Force instance to be active
         self.active = True
         
         ## Reset the action
         self.action = 'update'
         
         ## Rebuild the ca metadata
         self.rebuild_ca_metadata(modify=True, task='append')
         
         ## Generate keys and certificates
         action = OpensslActions(self)
         action.generate_key()
         
         if not self.parent:
             action.generate_self_signed_cert()
         else:
             action.generate_csr()
             action.sign_csr()
         
         if self.der_encoded:
             action.generate_der_encoded()
         
         ## Generate CRL
         action.generate_crl(self.name, self.passphrase)
         
         ## Always enable pem encoded flag
         self.pem_encoded = True
         
         ## Get the serial from certificate
         self.serial = action.get_serial_from_cert()
         
         ## Generate ca chain (db field and chain file)
         chain = []
         chain_str = ''
         
         p = self.parent
         
         if self.parent == None:
             chain.append('self-signed')
         else:
             chain.append( self.common_name )
             while p != None:
                 chain.append(p.common_name)
                 p = p.parent
         
         chain.reverse()
         
         ## Build chain string and file
         for i in chain:
             if chain_str == '':
                 chain_str += '%s' % i
             else:
                 chain_str += ' → %s' % i
         
         self.ca_chain = chain_str
         
         action.update_ca_chain_file()
         
         ## Encrypt passphrase and blank parent's passphrase
         self.passphrase = md5_constructor(self.passphrase).hexdigest()
         self.parent_passphrase = None
         
     ## Save the data
     super(CertificateAuthority, self).save()