def __init__(self, certFile, keyFile, passArg):
"""Takes the names of a certificate file and private key file and an
openssl-style password argument to unlock the key file"""
# Validate and dump the certificate file into memory
with invoke('x509', certFile) as (out, err):
self.__cert = out.read()
# Decrypt, validate, and dump the private key into memory
with invoke('rsa', keyFile, passin=passArg) as (out, err):
self.__key = out.read()
def revoke(self, request):
secrets = Secrets.from_request(request)
revoked = RevokeDB.from_request(request)
with RawInput(self.cert) as toRevoke:
with secrets.cert as certFile:
with secrets.key as keyFile:
with revoked.config as configFile:
invoke('ca', None, revoke=toRevoke,
keyfile=keyFile, cert=certFile,
config=configFile, md='default')
self.cert = 'REVOKED'
invoke('ca', None, 'gencrl', keyfile=keyFile,
cert=certFile, out=revoked.crlFile,
config=configFile, md='default', crldays=30)
return 'Certificate revoked'
def perform(self, request):
secrets = Secrets.from_request(request)
serial = b64decode(self.serial).encode('hex')
with RawInput(self.csr) as inFile:
with RawInput(serial) as sFile:
with secrets.cert as certFile:
with secrets.key as keyFile:
with invoke('x509', inFile, 'req', days=365,
CAserial=sFile, CA=certFile,
CAkey=keyFile) as (out, err):
self.cert = (out.read().replace('\r', '\n')
.replace('\n\n', '\n'))
return self.cert
