def __init__(self, certFile, keyFile, passArg): """Takes the names of a certificate file and private key file and an openssl-style password argument to unlock the key file""" # Validate and dump the certificate file into memory with invoke('x509', certFile) as (out, err): self.__cert = out.read() # Decrypt, validate, and dump the private key into memory with invoke('rsa', keyFile, passin=passArg) as (out, err): self.__key = out.read()
def revoke(self, request): secrets = Secrets.from_request(request) revoked = RevokeDB.from_request(request) with RawInput(self.cert) as toRevoke: with secrets.cert as certFile: with secrets.key as keyFile: with revoked.config as configFile: invoke('ca', None, revoke=toRevoke, keyfile=keyFile, cert=certFile, config=configFile, md='default') self.cert = 'REVOKED' invoke('ca', None, 'gencrl', keyfile=keyFile, cert=certFile, out=revoked.crlFile, config=configFile, md='default', crldays=30) return 'Certificate revoked'
def perform(self, request): secrets = Secrets.from_request(request) serial = b64decode(self.serial).encode('hex') with RawInput(self.csr) as inFile: with RawInput(serial) as sFile: with secrets.cert as certFile: with secrets.key as keyFile: with invoke('x509', inFile, 'req', days=365, CAserial=sFile, CA=certFile, CAkey=keyFile) as (out, err): self.cert = (out.read().replace('\r', '\n') .replace('\n\n', '\n')) return self.cert