print '<P>Key size: <SELECT NAME="KeySize"></SELECT></P><INPUT TYPE="hidden" NAME="PKCS10" VALUE="">' print '<INPUT TYPE="BUTTON" onClick="GenTheKeyPair()" VALUE="Generate key pair"></FORM>' else: print '<P>%s:%s</P><INPUT TYPE="submit" VALUE="Generate key pair"></FORM>' % ( \ HelpURL(HelpUrlBase,form.field['SPKAC'][0].name,form.field['SPKAC'][0].text),\ form.field['SPKAC'][0].inputfield(form.field['challenge'][0].content) \ ) htmlbase.PrintFooter() ######################################################################## # Main ######################################################################## # Read several parameters from config MailRelay = pyca_section.get('MailRelay','localhost') TmpDir = pyca_section.get('TmpDir','/tmp') caCertReqMailAdr = pyca_section.get('caCertReqMailAdr','') caPendCertReqValid = string.atoi(pyca_section.get('caPendCertReqValid','0')) caInternalCertTypes = pyca_section.get('caInternalCertTypes',[]) if type(caInternalCertTypes)!=types.ListType: caInternalCertTypes = [caInternalCertTypes] caInternalIPAdr = pyca_section.get('caInternalIPAdr',['127.0.0.1/255.255.255.255']) if type(caInternalIPAdr)!=types.ListType: caInternalIPAdr = [caInternalIPAdr] caInternalDomains = pyca_section.get('caInternalDomains','') if type(caInternalDomains)!=types.ListType:
import sys, os, string, re, pycacnf, htmlbase, cgihelper, certhelper, openssl from time import time, localtime, strftime, mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable OpenSSLExec = pyca_section.get('OpenSSLExec', '/usr/bin/openssl') request_method = os.environ.get('REQUEST_METHOD', '') query_string = os.environ.get('QUERY_STRING', '') path_info = os.environ.get('PATH_INFO', '')[1:] browser_name, browser_version = cgihelper.BrowserType( os.environ.get('HTTP_USER_AGENT', '')) if request_method != 'GET': htmlbase.PrintErrorMsg('Wrong method.') sys.exit(0) try: ca_name, cert_typeandformat = string.split(path_info, '/', 1) cert_typeandformat = string.lower(cert_typeandformat) except ValueError:
__version__ = '0.6.6' import sys, os, string, re, \ pycacnf, cgiforms, htmlbase, charset from time import time,localtime,strftime,mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN nsBaseUrl = pyca_section.get('nsBaseUrl','/') nsGetCertUrl = pyca_section.get('nsGetCertUrl','get-cert.py') nsViewCertUrl = pyca_section.get('nsViewCertUrl','view-cert.py') ScriptMethod = pyca_section.get('ScriptMethod','POST') HelpUrl = pyca_section.get('HelpUrl',nsBaseUrl) searchkeys = ['CN','Email','L','O','OU','ST','C'] optionkeys = ['casesensitive','onlyvalid','emailcerts','servercerts'] def HelpURL(name,text): return '<A HREF="%sns-enroll-help.html#%s">%s</A>' % (HelpUrl,name,charset.iso2html4(text)) def PrintEmptyForm(form,method='POST'): print '<FORM ACTION="%s" METHOD="%s" ACCEPT-CHARSET="iso-8859-1">\n' % \ (os.environ.get('SCRIPT_NAME','cert-query.py'),method) print '<TABLE NOBORDER><TR>'
__version__ = '0.6.6' import sys, os, string, re, \ pycacnf, cgiforms, htmlbase, charset from time import time, localtime, strftime, mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN nsBaseUrl = pyca_section.get('nsBaseUrl', '/') nsGetCertUrl = pyca_section.get('nsGetCertUrl', 'get-cert.py') nsViewCertUrl = pyca_section.get('nsViewCertUrl', 'view-cert.py') ScriptMethod = pyca_section.get('ScriptMethod', 'POST') HelpUrl = pyca_section.get('HelpUrl', nsBaseUrl) searchkeys = ['CN', 'Email', 'L', 'O', 'OU', 'ST', 'C'] optionkeys = ['casesensitive', 'onlyvalid', 'emailcerts', 'servercerts'] def HelpURL(name, text): return '<A HREF="%sns-enroll-help.html#%s">%s</A>' % ( HelpUrl, name, charset.iso2html4(text)) def PrintEmptyForm(form, method='POST'):
import sys, os, string, re, pycacnf, htmlbase, openssl, charset from time import time, localtime, strftime, mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable openssl.bin_filename = pyca_section.get('OpenSSLExec', '/usr/bin/openssl') request_method = os.environ.get('REQUEST_METHOD', '') query_string = os.environ.get('QUERY_STRING', '') path_info = os.environ.get('PATH_INFO', '')[1:] nsBaseUrl = pyca_section.get('nsBaseUrl', '/') nsGetCertUrl = pyca_section.get('nsGetCertUrl', 'get-cert.py') nsViewCertUrl = pyca_section.get('nsViewCertUrl', 'view-cert.py') if request_method != 'GET': htmlbase.PrintErrorMsg('Wrong method.') sys.exit(0) try: ca_name, cert_typeandformat = string.split(path_info, '/', 1)
import sys,os,string,re,pycacnf,htmlbase,cgihelper,certhelper,openssl from time import time,localtime,strftime,mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl') request_method = os.environ.get('REQUEST_METHOD','') query_string = os.environ.get('QUERY_STRING','') path_info = os.environ.get('PATH_INFO','')[1:] browser_name,browser_version = cgihelper.BrowserType(os.environ.get('HTTP_USER_AGENT','')) if request_method!='GET': htmlbase.PrintErrorMsg('Wrong method.') sys.exit(0) try: ca_name, cert_typeandformat = string.split(path_info,'/',1) cert_typeandformat=string.lower(cert_typeandformat) except ValueError:
pycacnf, htmlbase, cgiforms, cgihelper, certhelper, openssl from time import time,localtime,strftime,mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl') form = cgiforms.formClass() form.add( cgiforms.formSelectClass( 'operation', 'Operation', ['GetCACert','PKIOperation'] ) ) form.add( cgiforms.formInputClass( 'message', 'Message', 10000, (r'.*',re.M+re.S)
import sys,os,string,re,pycacnf,htmlbase,openssl,charset from time import time,localtime,strftime,mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable openssl.bin_filename = pyca_section.get('OpenSSLExec','/usr/bin/openssl') request_method = os.environ.get('REQUEST_METHOD','') query_string = os.environ.get('QUERY_STRING','') path_info = os.environ.get('PATH_INFO','')[1:] nsBaseUrl = pyca_section.get('nsBaseUrl','/') nsGetCertUrl = pyca_section.get('nsGetCertUrl','get-cert.py') nsViewCertUrl = pyca_section.get('nsViewCertUrl','view-cert.py') if request_method!='GET': htmlbase.PrintErrorMsg('Wrong method.') sys.exit(0) try:
pycacnf, htmlbase, cgiforms, cgihelper, certhelper, openssl from time import time, localtime, strftime, mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable OpenSSLExec = pyca_section.get('OpenSSLExec', '/usr/bin/openssl') form = cgiforms.formClass() form.add( cgiforms.formSelectClass('operation', 'Operation', ['GetCACert', 'PKIOperation'])) form.add( cgiforms.formInputClass('message', 'Message', 10000, (r'.*', re.M + re.S))) form.getparams() scep_operation = form.field['operation'][0].content scep_message = form.field['message'][0].content if scep_operation in ['GetCACert', 'GetCACertChain']:
""" ca-index.py (c) by Joshua G. David, [email protected] This CGI-BIN program shows a pretty index of the CA definitions in OpenSSL's config file (e.g. named openssl.cnf) """ __version__ = '0.6.6' import os, sys, types, string, pycacnf, openssl, htmlbase from pycacnf import opensslcnf, pyca_section nsGetCertUrl = pyca_section.get('nsGetCertUrl','') nsViewCertUrl = pyca_section.get('nsViewCertUrl','') nsEnrollUrl = pyca_section.get('nsEnrollUrl','') ca_names = opensslcnf.sectionkeys.get('ca',[]) if not ca_names: htmlbase.PrintErrorMsg('No certificate authorities found.') sys.exit(0) htmlbase.PrintHeader('Overview of certificate authorities') htmlbase.PrintHeading('Overview of certificate authorities') print """<TABLE BORDER WIDTH=100%> <TR> <TH>CA name</TH> <TH COLSPAN=2>CA certificate</TH>
#!/usr/bin/python """ ca-index.py (c) by Joshua G. David, [email protected] This CGI-BIN program shows a pretty index of the CA definitions in OpenSSL's config file (e.g. named openssl.cnf) """ __version__ = '0.6.6' import os, sys, types, string, pycacnf, openssl, htmlbase from pycacnf import opensslcnf, pyca_section nsGetCertUrl = pyca_section.get('nsGetCertUrl', '') nsViewCertUrl = pyca_section.get('nsViewCertUrl', '') nsEnrollUrl = pyca_section.get('nsEnrollUrl', '') ca_names = opensslcnf.sectionkeys.get('ca', []) if not ca_names: htmlbase.PrintErrorMsg('No certificate authorities found.') sys.exit(0) htmlbase.PrintHeader('Overview of certificate authorities') htmlbase.PrintHeading('Overview of certificate authorities') print """<TABLE BORDER WIDTH=100%> <TR> <TH>CA name</TH> <TH COLSPAN=2>CA certificate</TH>
The following checks are made to avoid denial of service attacks: - The client software must provide the client certificate. - The issuer of the client and the server certificates must match """ Version='0.6.6' import sys, os, string, re, pycacnf, htmlbase, openssl, cgissl, certhelper from pycacnf import opensslcnf, pyca_section sys.stdin.close() # Path to openssl executable openssl.bin_filename = pyca_section.get('OpenSSLExec','/usr/bin/openssl') request_method = os.environ.get('REQUEST_METHOD','') query_string = os.environ.get('QUERY_STRING','') script_name = os.environ.get('SCRIPT_NAME','') path_info = os.environ.get('PATH_INFO','')[1:] rm = (re.compile('[0-9a-fA-F]+(&yes)*')).match(query_string) if request_method!='GET': htmlbase.PrintErrorMsg('Wrong method.') sys.exit(0) ca_name = os.environ.get('PATH_INFO','')[1:] if not ca_name: