Ejemplo n.º 1
0
def PrintFound(form, found, cellpadding=2, width=100):

    print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding, width)
    print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
    for i in searchkeys:
        print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
    print '</TR>'

    for ca_name in found.keys():
        ca = opensslcnf.getcadata(ca_name)
        if ca.isservercert():
            certtype = 'server'
        else:
            certtype = 'email'
        for i in found[ca_name]:
            print '<TR><TD>%s</TD>' % (ca_name)
            if i[DB_type] == DB_TYPE_REV:
                print '<TD>%s</TD><TD>&nbsp;</TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
             i[DB_serial],
                nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
                strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
                )
            elif i[DB_type] == DB_TYPE_EXP:
                print '<TD>%s</TD><TD>&nbsp;</TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
           i[DB_serial],
                nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
                strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
                )
            elif i[DB_type] == DB_TYPE_VAL:
                print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
           i[DB_serial],
                nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
                nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
                strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
                )
            else:
                raise ValueError
            dnfield = SplitDN(i[DB_name])
            for j in searchkeys:
                if dnfield.has_key(j) and dnfield[j]:
                    if j == "Email":
                        print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (
                            dnfield[j], dnfield[j])
                    else:
                        print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(
                            dnfield[j])
                else:
                    print '<TD>&nbsp;</TD>'
            print '</TR>'

    print '</TABLE>'

    return
Ejemplo n.º 2
0
def PrintFound(form,found,cellpadding=2,width=100):

  print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding,width)
  print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
  for i in searchkeys:
    print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
  print '</TR>'

  for ca_name in found.keys():
    ca = opensslcnf.getcadata(ca_name)
    if ca.isservercert():
      certtype='server'
    else:
      certtype='email'
    for i in found[ca_name]:
      print '<TR><TD>%s</TD>' % (ca_name)
      if i[DB_type]==DB_TYPE_REV:
        print '<TD>%s</TD><TD>&nbsp;</TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
  	  i[DB_serial],
	  nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
	  strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
	)
      elif i[DB_type]==DB_TYPE_EXP:
        print '<TD>%s</TD><TD>&nbsp;</TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
	  i[DB_serial],
	  nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
	  strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
	)
      elif i[DB_type]==DB_TYPE_VAL:
        print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
	  i[DB_serial],
	  nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
	  nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
	  strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
	)
      else:
        raise ValueError
      dnfield = SplitDN(i[DB_name])
      for j in searchkeys:
	if dnfield.has_key(j) and dnfield[j]:
	  if j=="Email":
            print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (dnfield[j],dnfield[j])
	  else:
            print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(dnfield[j])
	else:
          print '<TD>&nbsp;</TD>'
      print '</TR>'

  print '</TABLE>'

  return
Ejemplo n.º 3
0
def PrintCertTypes(ca_names):
  htmlbase.PrintHeader('Start enrollment for certificate request')
  htmlbase.PrintHeading('Start enrollment for certificate request')
  print """This certificate authority issues several types
of client certificates.<BR>Please choose the appropriate certificate
type below:<P>
<TABLE CELLSPACING=10%%>"""
  for ca_name in ca_names:
    ca = opensslcnf.getcadata(ca_name)
    if ca.isclientcert():
      if ca.nsCaPolicyUrl:
        nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl)
      else:
        nsCaPolicyUrlStr = '&nbsp;'
      print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr)
  print '</TABLE>'
  htmlbase.PrintFooter()
Ejemplo n.º 4
0
  sys.exit(0)
if not ca_name:
  PrintCertTypes(ca_names)
  sys.exit(0)
if not ca_name in ca_names:
  # CA-Definition nicht in openssl-Konfiguration enthalten
  htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % ca_name)
  sys.exit(0)

# Check for "internal" IP address of client
if (ca_name in caInternalCertTypes) and \
   not ipadr.MatchIPAdrList(os.environ.get('REMOTE_ADDR',''),caInternalIPAdr):
  htmlbase.PrintErrorMsg('This type of certificate request is restricted to internal hosts!')
  sys.exit(0)

ca = opensslcnf.getcadata(ca_name)

HelpUrlBase = '%s%s%s' % ( \
		ca.nsBaseUrl, \
		pyca_section.get('HelpUrl',''), \
		os.path.splitext(os.path.basename(os.environ.get('SCRIPT_NAME','')))[0] \
	      )

policy_section = opensslcnf.data.get(ca.policy,{})
req_section = opensslcnf.data.get(ca.req,{})

if req_section and req_section.has_key('distinguished_name'):
  req_distinguished_name_section = opensslcnf.data.get(req_section['distinguished_name'],{})
  req_distinguished_name_keys = opensslcnf.sectionkeys.get(req_section['distinguished_name'],[])
else:
  htmlbase.PrintErrorMsg('Request section for "%s" not found.' % ca_name)
Ejemplo n.º 5
0
  )
)

form.getparams()

scep_operation = form.field['operation'][0].content
scep_message = form.field['message'][0].content

if scep_operation in ['GetCACert','GetCACertChain']:

  # *** Check parameter message again for being valid FQDN.

  # *** Set to pre-configured SCEP CA
  scep_message = 'SCEP'

  ca = opensslcnf.getcadata(scep_message)

  if not opensslcnf.data['ca'].has_key(scep_message):
    htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message)
    sys.exit(0)

  # Does the certificate file exist?
  if not os.path.isfile(ca.certificate):
    htmlbase.PrintErrorMsg('CA Certificate of file not found.')
    sys.exit(0)

  cert = certhelper.pem2der(open(ca.certificate,'r').read())
  sys.stderr.write('%s' % repr(cert))
  # Simply write MIME-type and certificate data to stdout
  sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')
  sys.stdout.write(cert)
Ejemplo n.º 6
0
form.add(
    cgiforms.formInputClass('message', 'Message', 10000, (r'.*', re.M + re.S)))

form.getparams()

scep_operation = form.field['operation'][0].content
scep_message = form.field['message'][0].content

if scep_operation in ['GetCACert', 'GetCACertChain']:

    # *** Check parameter message again for being valid FQDN.

    # *** Set to pre-configured SCEP CA
    scep_message = 'SCEP'

    ca = opensslcnf.getcadata(scep_message)

    if not opensslcnf.data['ca'].has_key(scep_message):
        htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' %
                               scep_message)
        sys.exit(0)

    # Does the certificate file exist?
    if not os.path.isfile(ca.certificate):
        htmlbase.PrintErrorMsg('CA Certificate of file not found.')
        sys.exit(0)

    cert = certhelper.pem2der(open(ca.certificate, 'r').read())
    sys.stderr.write('%s' % repr(cert))
    # Simply write MIME-type and certificate data to stdout
    sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')