def ImportPEMIdentityCertificate(certMgr, certFile, keyFile):
"""
Import a PEM-formatted X509 identity certificate.
@param certFile: File containing the certificate.
@param keyFile: File containing the private key.
"""
try:
print "Import PEM, looking for cb"
cb = Toolkit.GetDefaultApplication().GetCertificateManagerUI(
).GetPassphraseCallback("Private key passphrase",
"Enter the passphrase to your private key.")
impCert = certMgr.ImportIdentityCertificatePEM(
certMgr.GetCertificateRepository(), certFile, keyFile, cb)
log.debug("Imported identity %s", str(impCert.GetSubject()))
except CertificateRepository.RepoInvalidCertificate, ex:
why = ex.args[0]
log.exception("Import fails: %s. cert file %s keyfile %s", why,
certFile, keyFile)
dlg = wx.MessageDialog(None,
"Error occurred during certificate import:\n" +
why,
"Error on import",
style=wx.OK | wx.ICON_ERROR)
dlg.ShowModal()
dlg.Destroy()
return
def OnSetDefault(self, event):
cert = self.GetSelectedCertificate()
if cert is None:
return
self.certMgr.SetDefaultIdentity(cert)
Toolkit.GetDefaultApplication().GetCertificateManagerUI().InitEnvironment()
self.Load()
def GetPassphrase(self,verifyFlag=0,
prompt1="Enter the passphrase to your private key.",
prompt2='Verify passphrase:'):
# note: verifyFlag is unused
from AccessGrid import Toolkit
cb = Toolkit.GetDefaultApplication().GetCertificateManagerUI().GetPassphraseCallback(prompt1,
prompt2)
p1 = cb(0)
passphrase = ''.join(p1)
return passphrase
def OnDelete(self, event):
cert = self.GetSelectedCertificate()
if cert is None:
return
dlg = wx.MessageDialog(
self,
"Deleting a certificate is an irreversible operation.\n" +
"Really delete certificate for identity " +
cert.GetShortSubject() + "?",
"Really delete?",
style=wx.YES_NO | wx.NO_DEFAULT)
ret = dlg.ShowModal()
dlg.Destroy()
if ret == wx.ID_NO:
return
self.certMgr.GetCertificateRepository().RemoveCertificate(cert)
Toolkit.GetDefaultApplication().GetCertificateManagerUI(
).InitEnvironment()
self.Load()
def ImportRequestedCertificate(self, userCert):
repo = self.GetCertificateRepository()
impCert = repo.ImportRequestedCertificate(userCert)
log.debug("imported requested cert %s", impCert.GetSubject())
impCert.SetMetadata("AG.CertificateManager.certType", "identity")
try:
defID = self.GetDefaultIdentity()
except NoCertificates:
defID = None
if defID is None:
from AccessGrid import Toolkit
self.SetDefaultIdentity(impCert)
certMgrUI = Toolkit.GetDefaultApplication().GetCertificateManagerUI()
certMgrUI.InitEnvironment()
repo.NotifyObservers()
return impCert
def OnDelete(self, event):
cert = self.GetSelectedCertificate()
if cert is None:
return
dlg = DeleteCertificateDialog(self,
"Deleting a certificate is an irreversible operation.\n" +
"Really delete certificate for identity " +
cert.GetShortSubject() + "?")
ret = dlg.ShowModal()
retain = dlg.GetRetainPrivateKey()
dlg.Destroy()
if ret == wx.ID_NO:
return
self.certMgr.GetCertificateRepository().RemoveCertificate(cert, dlg.GetRetainPrivateKey())
Toolkit.GetDefaultApplication().GetCertificateManagerUI().InitEnvironment()
self.Load()
def ImportCACertificates(self):
sysConfDir = AGTkConfig.instance().GetConfigDir()
caDir = os.path.join(sysConfDir,'CAcertificates')
log.debug("Initializing from %s", caDir)
#
# Now handle the CA certs.
#
if caDir is not None:
try:
files = os.listdir(caDir)
except:
from AccessGrid import Toolkit
certMgrUI = Toolkit.GetDefaultApplication().GetCertificateManagerUI()
certMgrUI.ReportError("Error reading CA certificate directory\n" +
caDir + "\n" +
"You will have to import trusted CA certificates later.")
files = []
#
# Extract the files from the caDir that match OpenSSL's
# 8-character dot index format.
#
regexp = re.compile(r"^[\da-fA-F]{8}\.\d$")
possibleCertFiles = filter(lambda f, r = regexp: r.search(f), files)
for f in possibleCertFiles:
path = os.path.join(caDir, f);
log.info("%s might be a cert" % (path))
# Check for existence of signing policy
certbasename = f.split('.')[0]
signingPolicyFile = '%s.signing_policy' % (certbasename,)
signingPath = os.path.join(caDir,signingPolicyFile)
if not os.path.isfile(signingPath):
log.info("Not importing CA cert %s; couldn't find signing policy file %s",
f,signingPath)
continue
try:
# Import the certificate
desc = self.ImportCACertificatePEM(self.certRepo, path)
except:
log.exception('import of ca cert failed')
try:
#
# Copy the signing policy file
#
shutil.copyfile(signingPath,
desc.GetFilePath("signing_policy"))
log.info("Imported cert as %s.0", desc.GetSubject().get_hash())
except:
# print "Failure to import ", path
log.exception("failure importing %s", path)
return 0
if __name__ == "__main__":
h = Log.StreamHandler()
h.setFormatter(Log.GetFormatter())
Log.HandleLoggers(h, Log.GetDefaultLoggers())
os.mkdir("foo")
log.debug("foo")
try:
cm = CertificateManager("foo")
ui = CertificateManagerUserInterface(cm)
x = cm.ImportIdentityCertificatePEM(cm.certRepo,
r"v\venueServer_cert.pem",
r"v\venueServer_key.pem", None)
if 0:
certMgrUI = Toolkit.GetDefaultApplication().GetCertificateManagerUI()
passphraseCB = certMgrUI.GetPassphraseCallback("DOE cert", "")
x = cm.ImportIdentityCertificatePEM(cm.certRepo,
r"\temp\doe.pem",
r"\temp\doe.pem", passphraseCB)
cm.InitEnvironment()
except Exception, e:
print e
os.removedirs("foo")
def OnCreate(self, event):
#self.certMgr.CreateProxyCertificate()
Toolkit.GetDefaultApplication().GetCertificateManagerUI().CreateProxy()
self.Load()
print " Initialization Error: Missing Dependency: ", e
sys.exit(-1)
except Exception, e:
print "Toolkit Initialization failed, exiting."
print " Initialization Error: ", e
sys.exit(-1)
log = app.GetLog()
Log.SetDefaultLevel(Log.ServiceManager, Log.DEBUG)
port = app.GetOption("port")
# Create the hosting environment
hostname = app.GetHostname()
if app.GetOption("secure"):
context = Toolkit.GetDefaultApplication().GetContext()
server = SecureServer((hostname, port), context)
else:
server = InsecureServer((hostname, port))
# Create the Service Manager
gServiceManager = AGServiceManager(server)
# Create the Service Manager Service
smi = AGServiceManagerI(impl=gServiceManager, auth_method_name=None)
server.RegisterObject(smi, path="/ServiceManager")
url = server.FindURLForObject(gServiceManager)
gServiceManager.SetName('%s:%d' % (hostname, port))
gServiceManager.SetUri(url)
if app.GetOption("nodeService") is not None: