Ejemplo n.º 1
0
def PrintCertTypes(ca_names):
  htmlbase.PrintHeader('Start enrollment for certificate request')
  htmlbase.PrintHeading('Start enrollment for certificate request')
  print """This certificate authority issues several types
of client certificates.<BR>Please choose the appropriate certificate
type below:<P>
<TABLE CELLSPACING=10%%>"""
  for ca_name in ca_names:
    ca = opensslcnf.getcadata(ca_name)
    if ca.isclientcert():
      if ca.nsCaPolicyUrl:
        nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl)
      else:
        nsCaPolicyUrlStr = '&nbsp;'
      print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr)
  print '</TABLE>'
  htmlbase.PrintFooter()
Ejemplo n.º 2
0
def PrintKeygenForm(form,ca_name,ca,browsertype,scriptmethod='POST'):

  print """Content-type: text/html\n
<HTML>
  <HEAD>
    <TITLE>Create key pair and certificate request</TITLE>
"""
  if browsertype=='MSIE':
    import vbs
    vbs.PrintVBSXenrollObject()
    print '<SCRIPT Language=VBSCRIPT>\n<!-- '
    vbs.PrintVBSCryptoProvider()
    vbs.PrintVBSKeyGenCode(form)
    print ' -->\n</SCRIPT>'
  print '</HEAD><BODY onLoad=KeySizeSelectList() %s>' % htmlbase.bodyPARAM
  htmlbase.PrintHeading('Create key pair and certificate request')
  print 'Your key pair and certificate request can be generated now.<BR>'
  print 'Please have a look below to check if your input data was correct.<P>'
  # Print input given by user as readable table and hidden input fields
  PrintInput(form)
  print '<FORM name="KeyGenForm" ACTION="%s/%s" METHOD=%s ACCEPT-CHARSET="iso-8859-1">' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,scriptmethod)
  for i in form.inputkeys:
    for j in form.field[i]:
      print '<INPUT TYPE="hidden" NAME="%s" VALUE="%s">' % (j.name,j.content)

  # Print hint about minimum key size
  if ca.min_key_size>0:
    print """Please note:<BR>
The certificate type <STRONG>%s</STRONG> requires a minimum key size of <STRONG>%d</STRONG> bits!
If you are not able to choose a key length equal or greater than <STRONG>%d</STRONG> the
certificate authority will refuse to issue a certificate for your certificate request!<P>
""" % (ca_name,ca.min_key_size,ca.min_key_size)

  if browsertype=='MSIE':
    print '<P>Key size: <SELECT NAME="KeySize"></SELECT></P><INPUT TYPE="hidden" NAME="PKCS10" VALUE="">'
    print '<INPUT TYPE="BUTTON" onClick="GenTheKeyPair()" VALUE="Generate key pair"></FORM>'
  else:
    print '<P>%s:%s</P><INPUT TYPE="submit" VALUE="Generate key pair"></FORM>' % ( \
      HelpURL(HelpUrlBase,form.field['SPKAC'][0].name,form.field['SPKAC'][0].text),\
      form.field['SPKAC'][0].inputfield(form.field['challenge'][0].content) \
    )
  htmlbase.PrintFooter()
Ejemplo n.º 3
0
    else:
      form.add(cgiforms.formInputClass(i,dn_attr[i]['comment'],imaxlength,dn_attr[i]['regex'],dn_attr[i]['default'],required=policy_field=='supplied',size=isize))

if not form.contentlength:

  import time

  if not ca.nsComment:
    ca.nsComment = 'No comment'
  if ca.nsCaPolicyUrl:
    nsCommentStr = '<A HREF="%s%s">%s</A>' % (ca.nsBaseUrl,ca.nsCaPolicyUrl,ca.nsComment)
  else:
    nsCommentStr = ca.nsComment

  htmlbase.PrintHeader('Input form for certificate request')
  htmlbase.PrintHeading('Input form for certificate request')

  if not http_browsertype:
    print '<P><STRONG>Your browser type could not be automatically determined.<BR>Please choose the browser you are using.</STRONG></P>'

  print """<TABLE>
<TR><TD>Certificate authority:</TD><TD><STRONG>%s</STRONG></TD></TR>
<TR><TD>Certificate type:</TD><TD><STRONG>%s</STRONG></TD></TR>
<TR><TD>Certificate comment:</TD><TD><STRONG>%s</STRONG></TD></TR>
</TABLE>
<P>
  Certificates of this type will be valid for <STRONG>%d days</STRONG>, approximately until <STRONG>%s</STRONG>.
</P>
""" % (ca_name,
       ca.nsCertTypeStr,
       nsCommentStr,
Ejemplo n.º 4
0
                                                            certfilename)
            for ca_certfilename in ca_certfilenames:
                command = command + ' -certfile %s ' % (ca_certfilename)
            cert = ReadCertFromFileObject(os.popen(command))
        else:
            cert = open(certfilename, 'r').read()
            mimetype = 'application/x-x509-user-cert'

else:
    htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
    sys.exit(0)

if browser_name == 'MSIE' and cert_type == 'user':
    import vbs, charset
    htmlbase.PrintHeader('Install certificate')
    htmlbase.PrintHeading('Install certificate')
    print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
    print 'Subject DN: %s<BR>Valid until: %s' % ( \
      charset.asn12html4(entry[DB_name]), \
      strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
    )
    vbs.PrintVBSXenrollObject()
    print '<SCRIPT Language=VBSCRIPT>\n<!-- '
    vbs.PrintVBSCertInstallCode(
        string.strip(entry[DB_name]), entry[DB_serial],
        strftime('%d.%m.%Y',
                 localtime(mktime(dbtime2tuple(entry[DB_exp_date])))), cert)
    print ' -->\n</SCRIPT>'
    htmlbase.PrintFooter()
else:
    # Simply write MIME-type and certificate data to stdout
Ejemplo n.º 5
0
        htmlbase.PrintErrorMsg('Certificate not found.')
        sys.exit(0)
    certfilename = os.path.join(ca.certs, '%s.pem' % (entry[DB_serial]))
else:
    htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
    sys.exit(0)

# Does the certificate file exist?
if not os.path.isfile(certfilename):
    htmlbase.PrintErrorMsg('Certificate file not found.')
    sys.exit(0)

if cert_type == 'crl':

    htmlbase.PrintHeader('View CRL')
    htmlbase.PrintHeading('View CRL')
    crl = openssl.cert.CRLClass(certfilename)
    issuerdatalist = []
    for attr in openssl.cert.X509v1_certattrlist:
        issuerdatalist.append(
            string.strip(charset.asn12html4(crl.issuer.get(attr, ''))))
    print """
<DL>
  <DT><STRONG>This CRL was issued by:</STRONG></DT>
  <DD>%s</DD>
  <DT><STRONG>last updated:</STRONG></DT>
  <DD>%s</DD>
  <DT><STRONG>next update:</STRONG></DT>
  <DD>%s</DD>
</DL>
<P><A HREF="%s%s/%s/crl.crl">Download CRL</A></P>
Ejemplo n.º 6
0
form.add(
    cgiforms.formCheckboxClass('servercerts', 'search server certificates',
                               'yes', 0))
form.add(cgiforms.formInputClass('CN', 'Common Name', 30, alphanumregex))
form.add(cgiforms.formInputClass('Email', 'E-Mail', 40, mailadrregex))
form.add(
    cgiforms.formInputClass('OU', 'Organizational Unit', 30, alphanumregex))
form.add(cgiforms.formInputClass('O', 'Organization', 30, alphanumregex))
form.add(cgiforms.formInputClass('L', 'Location', 30, alphanumregex))
form.add(cgiforms.formInputClass('ST', 'State / Province', 30, alphanumregex))
form.add(cgiforms.formInputClass('C', 'Country', 2, '[a-zA-Z?]' * 2))

if not form.contentlength:

    htmlbase.PrintHeader('Search certificates')
    htmlbase.PrintHeading('Search certificates')
    print """You can search for certificates in the
certificate database.<P>Just type in substrings or
regular expressions as search criteria."""
    PrintEmptyForm(form)
    htmlbase.PrintFooter()
    sys.exit(0)

try:
    form.getparams()
except cgiforms.formContentLengthException, e:
    htmlbase.PrintErrorMsg('Content length invalid.')
    sys.exit(0)
except cgiforms.formParamNameException, e:
    htmlbase.PrintErrorMsg('Unknown parameter "%s".' % (e.name))
    sys.exit(0)
Ejemplo n.º 7
0
]

########################################################################
# There's nothing to configure below this line
########################################################################

import sys, os, string, time, re, urllib

import pycacnf, htmlbase, charset

sys.stdin.close()

gmt = time.time() - 3600 * time.daylight + time.timezone

htmlbase.PrintHeader('Cryptographic Browser Check')
htmlbase.PrintHeading('Cryptographic Browser Check')

htmlbase.PrintHeading('SSL', 2)

if os.environ.has_key('HTTPS'):

    htmlbase.PrintHeading('SSL symmetric cipher', 3)
    print 'You connected with cipher <STRONG>%s</STRONG>, key size <STRONG>%s Bit</STRONG>, secret key size <STRONG>%s Bit</STRONG>.<P>' % (
        os.environ['SSL_CIPHER'], os.environ['HTTPS_KEYSIZE'],
        os.environ['HTTPS_SECRETKEYSIZE'])

    htmlbase.PrintHeading('Client Certificate', 3)
    ssl_client_dn = os.environ.get('SSL_CLIENT_DN', '')
    if ssl_client_dn:
        ssl_client_idn = os.environ.get('SSL_CLIENT_I_DN', '')
        if not ssl_client_idn:
Ejemplo n.º 8
0
import os, sys, types, string, pycacnf, openssl, htmlbase

from pycacnf import opensslcnf, pyca_section

nsGetCertUrl = pyca_section.get('nsGetCertUrl', '')
nsViewCertUrl = pyca_section.get('nsViewCertUrl', '')
nsEnrollUrl = pyca_section.get('nsEnrollUrl', '')

ca_names = opensslcnf.sectionkeys.get('ca', [])

if not ca_names:
    htmlbase.PrintErrorMsg('No certificate authorities found.')
    sys.exit(0)

htmlbase.PrintHeader('Overview of certificate authorities')
htmlbase.PrintHeading('Overview of certificate authorities')
print """<TABLE BORDER WIDTH=100%>
<TR>
  <TH>CA name</TH>
  <TH COLSPAN=2>CA certificate</TH>
  <TH COLSPAN=2>CRL</TH>
  <TH>certificate<BR>types</TH>
  <TH>Comment</TH>
  <TH>View policy</TH>
</TR>
"""

for ca_name in ca_names:
    ca = opensslcnf.getcadata(ca_name)
    if nsEnrollUrl and ca.isclientcert():
        nsCertTypeStr = '<A HREF="%s%s/%s">%s</A>' % (