def PrintFound(form, found, cellpadding=2, width=100):
print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding, width)
print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
for i in searchkeys:
print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
print '</TR>'
for ca_name in found.keys():
ca = opensslcnf.getcadata(ca_name)
if ca.isservercert():
certtype = 'server'
else:
certtype = 'email'
for i in found[ca_name]:
print '<TR><TD>%s</TD>' % (ca_name)
if i[DB_type] == DB_TYPE_REV:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
)
elif i[DB_type] == DB_TYPE_EXP:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
elif i[DB_type] == DB_TYPE_VAL:
print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
else:
raise ValueError
dnfield = SplitDN(i[DB_name])
for j in searchkeys:
if dnfield.has_key(j) and dnfield[j]:
if j == "Email":
print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (
dnfield[j], dnfield[j])
else:
print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(
dnfield[j])
else:
print '<TD> </TD>'
print '</TR>'
print '</TABLE>'
return
def PrintFound(form,found,cellpadding=2,width=100):
print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding,width)
print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
for i in searchkeys:
print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
print '</TR>'
for ca_name in found.keys():
ca = opensslcnf.getcadata(ca_name)
if ca.isservercert():
certtype='server'
else:
certtype='email'
for i in found[ca_name]:
print '<TR><TD>%s</TD>' % (ca_name)
if i[DB_type]==DB_TYPE_REV:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
)
elif i[DB_type]==DB_TYPE_EXP:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
elif i[DB_type]==DB_TYPE_VAL:
print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
else:
raise ValueError
dnfield = SplitDN(i[DB_name])
for j in searchkeys:
if dnfield.has_key(j) and dnfield[j]:
if j=="Email":
print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (dnfield[j],dnfield[j])
else:
print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(dnfield[j])
else:
print '<TD> </TD>'
print '</TR>'
print '</TABLE>'
return
def PrintCertTypes(ca_names):
htmlbase.PrintHeader('Start enrollment for certificate request')
htmlbase.PrintHeading('Start enrollment for certificate request')
print """This certificate authority issues several types
of client certificates.<BR>Please choose the appropriate certificate
type below:<P>
<TABLE CELLSPACING=10%%>"""
for ca_name in ca_names:
ca = opensslcnf.getcadata(ca_name)
if ca.isclientcert():
if ca.nsCaPolicyUrl:
nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl)
else:
nsCaPolicyUrlStr = ' '
print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr)
print '</TABLE>'
htmlbase.PrintFooter()
sys.exit(0)
if not ca_name:
PrintCertTypes(ca_names)
sys.exit(0)
if not ca_name in ca_names:
# CA-Definition nicht in openssl-Konfiguration enthalten
htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % ca_name)
sys.exit(0)
# Check for "internal" IP address of client
if (ca_name in caInternalCertTypes) and \
not ipadr.MatchIPAdrList(os.environ.get('REMOTE_ADDR',''),caInternalIPAdr):
htmlbase.PrintErrorMsg('This type of certificate request is restricted to internal hosts!')
sys.exit(0)
ca = opensslcnf.getcadata(ca_name)
HelpUrlBase = '%s%s%s' % ( \
ca.nsBaseUrl, \
pyca_section.get('HelpUrl',''), \
os.path.splitext(os.path.basename(os.environ.get('SCRIPT_NAME','')))[0] \
)
policy_section = opensslcnf.data.get(ca.policy,{})
req_section = opensslcnf.data.get(ca.req,{})
if req_section and req_section.has_key('distinguished_name'):
req_distinguished_name_section = opensslcnf.data.get(req_section['distinguished_name'],{})
req_distinguished_name_keys = opensslcnf.sectionkeys.get(req_section['distinguished_name'],[])
else:
htmlbase.PrintErrorMsg('Request section for "%s" not found.' % ca_name)
)
)
form.getparams()
scep_operation = form.field['operation'][0].content
scep_message = form.field['message'][0].content
if scep_operation in ['GetCACert','GetCACertChain']:
# *** Check parameter message again for being valid FQDN.
# *** Set to pre-configured SCEP CA
scep_message = 'SCEP'
ca = opensslcnf.getcadata(scep_message)
if not opensslcnf.data['ca'].has_key(scep_message):
htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message)
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(ca.certificate):
htmlbase.PrintErrorMsg('CA Certificate of file not found.')
sys.exit(0)
cert = certhelper.pem2der(open(ca.certificate,'r').read())
sys.stderr.write('%s' % repr(cert))
# Simply write MIME-type and certificate data to stdout
sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')
sys.stdout.write(cert)
form.add(
cgiforms.formInputClass('message', 'Message', 10000, (r'.*', re.M + re.S)))
form.getparams()
scep_operation = form.field['operation'][0].content
scep_message = form.field['message'][0].content
if scep_operation in ['GetCACert', 'GetCACertChain']:
# *** Check parameter message again for being valid FQDN.
# *** Set to pre-configured SCEP CA
scep_message = 'SCEP'
ca = opensslcnf.getcadata(scep_message)
if not opensslcnf.data['ca'].has_key(scep_message):
htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' %
scep_message)
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(ca.certificate):
htmlbase.PrintErrorMsg('CA Certificate of file not found.')
sys.exit(0)
cert = certhelper.pem2der(open(ca.certificate, 'r').read())
sys.stderr.write('%s' % repr(cert))
# Simply write MIME-type and certificate data to stdout
sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')