def cert(self):
certType = self.fields.get('type')
certName = self.fields.get('name')
# adjust the path for these cert types
if 'ca' == certType:
path = '/rbt/sport/ssl/state/ca/%s' % (certName)
elif 'peering' == certType:
path = '/rbt/sport/ssl/state/tunnel/ca/%s' % (certName)
elif 'mobile' == certType:
path = '/rbt/sport/ssl/state/tunnel/shm_ca/%s' % (certName)
elif certType in ('black', 'gray', 'white'):
path = '/rbt/sport/ssl/state/tunnel/%s_list/%s/cert' % (certType, certName)
elif 'chain' == certType:
sid = self.request().fields().get('sid')
path = '/rbt/sport/ssl/state/server_certs/names/%s/chain_cert/%s' % (sid, certName)
elif 'appliance' == certType:
path = '/rbt/sport/ssl/state/tunnel/cert'
else:
raise 'unknown cert type ' + certType
policyName = self.fields.get('policy')
if policyName:
# get the cert data for the CMC
cert = Nodes.action(self.mgmt,
'/rbt/sport/ssl/action/iterate_node',
('profile', 'string', policyName),
('node', 'string', path))
prefixLen = len(path) + 1
# remove the prefixes
cert = dict([(k[prefixLen:], v) for k,v in cert.iteritems()])
else:
# get the cert data for the SH or other
cert = self.mgmt.getChildren(path)
# tweakage for colors
if certType in ('black', 'gray', 'white'):
self.transaction().color_info = True
cert['IP'] = certName
# display cert
self.transaction().cert = cert
# Bug 33438 specified that we needed a way to move certs between "Peering" and "Mobile"
# bins. Allow peering/mobile base64 PEM certs to be viewable in the popup. User can move
# certs now by cutting and pasting.
# TODO May want to extend this functionality to all popup certs in the future.
if certType in ('peering', 'mobile', 'appliance'):
self.application().includeURL(self.transaction(), '/Templates/presentCertWithPEM')
else:
self.application().includeURL(self.transaction(), '/Templates/presentCert')
def _respond(self, transaction):
mgmt = transaction.session().value('mgmt')
fields = transaction.request().fields()
response = transaction.response()
data = ''
filename = ''
try:
if 'monitor' == mgmt.remoteUser.lower():
data = {'file_contents': 'Not permitted for monitor.'}
filename='NotPermittedForMonitor.txt'
elif 'exportBulkSSLData' == fields.get('action'):
args = [('enc_password', 'string', fields.get('exportPassword', ''))]
if 'true' == fields.get('exportIncludeServers'):
args.append(('include_servers', 'bool', 'true'))
if 'true' == fields.get('exportIncludeAltCfg'):
args.append(('include_alt_cfg', 'bool', 'true'))
data = Nodes.action(mgmt, '/rbt/sport/ssl/action/all/export', *args)
filename = 'ssl_bulk_export.bin'
elif 'exportPeeringSSLData' == fields.get('action'):
args = [('enc_password', 'string', fields.get('exportPassword', ''))]
if 'true' == fields.get('exportIncludeKey'):
args.append(('include_key', 'bool', 'true'))
data = Nodes.action(mgmt, '/rbt/sport/ssl/action/tunnel/export', *args)
filename = 'ssl_peer_export.bin'
elif 'generateCSRSSLData' == fields.get('action'):
common_name = fields.get('common_name')
org = fields.get('org')
org_unit = fields.get('org_unit')
locality = fields.get('locality')
state = fields.get('state')
country = fields.get('country')
email = fields.get('email')
data = Nodes.action(mgmt,
'/rbt/sport/ssl/action/tunnel/generate_csr',
('common_name', 'string', common_name),
('org', 'string', org),
('org_unit', 'string', org_unit),
('locality', 'string', locality),
('state', 'string', state),
('country', 'string', country),
('email', 'string', email))
filename = 'ssl_peer.csr'
elif 'generateCSRSSLDataWeb' == fields.get('action'):
common_name = fields.get('common_name')
org = fields.get('org')
org_unit = fields.get('org_unit')
locality = fields.get('locality')
state = fields.get('state')
country = fields.get('country')
email = fields.get('email')
data = Nodes.action(mgmt,
'/web/action/httpd/ssl/cert/generate_csr',
('common_name', 'string', common_name),
('org', 'string', org),
('org_unit', 'string', org_unit),
('locality', 'string', locality),
('state', 'string', state),
('country', 'string', country),
('email', 'string', email))
filename = 'ssl_web.csr'
elif 'exportSigningSSLData' == fields.get('action'):
args = [('enc_password', 'string',
fields.get('exportPassword', ''))]
if 'true' == fields.get('exportIncludeKey'):
args.append(('include_key', 'bool', 'true'))
data = Nodes.action(mgmt, '/rbt/sport/ssl/action/signing/export', *args)
filename = 'ssl_signing_export.bin'
elif 'generateCSRSSLSigningData' == fields.get('action'):
common_name = fields.get('common_name')
org = fields.get('org')
org_unit = fields.get('org_unit')
locality = fields.get('locality')
state = fields.get('state')
country = fields.get('country')
email = fields.get('email')
data = Nodes.action(mgmt,
'/rbt/sport/ssl/action/signing/generate_csr',
('common_name', 'string', common_name),
('org', 'string', org),
('org_unit', 'string', org_unit),
('locality', 'string', locality),
('state', 'string', state),
('country', 'string', country),
('email', 'string', email))
filename = 'ssl_signing.csr'
elif 'serverCertCSR' == fields.get('_action_'):
name = fields.get('serverCert_name')
common_name = fields.get('csr_common_name')
org = fields.get('csr_org')
org_unit = fields.get('csr_org_unit')
locality = fields.get('csr_locality')
state = fields.get('csr_state')
country = fields.get('csr_country')
email = fields.get('csr_email')
data = Nodes.action(mgmt,
'/rbt/sport/ssl/action/server_certs/generate_csr',
('name', 'string', name),
('common_name', 'string', common_name),
('country', 'string', country),
('email', 'string', email),
('locality', 'string', locality),
('org', 'string', org),
('org_unit', 'string', org_unit),
('state', 'string', state))
filename = '%s.csr' % name
elif 'exportServerCert' == fields.get('_action_'):
name = fields.get('serverCert_name')
includeKey = fields.get('export_includeKey', 'false')
args = [('name', 'string', name),
('include_key', 'bool', includeKey)]
if 'true' == includeKey:
password = fields.get('export_password')
args.append(('enc_password', 'string', password))
data = Nodes.action(mgmt,
'/rbt/sport/ssl/action/server_certs/export',
*args)
filename = '%s.bin' % name
response.setHeader('Content-type', 'application/octet-stream')
response.setHeader('Content-Disposition', 'attachment; filename=' + filename)
response.write(data['file_contents'])
except NonZeroReturnCodeException, x:
response.write('An error occurred: ' + str(x))
