def getfingerprint(self, digest='md5', delimiter=':'):
digest = string.upper(digest)
if not digest in ['MD2', 'MD5', 'MDC2', 'RMD160', 'SHA', 'SHA1']:
raise ValueError, 'Illegal parameter for digest: %s' % digest
elif self.fingerprint.has_key(digest):
result = self.fingerprint[digest]
elif digest == 'MD5':
return certhelper.MD5Fingerprint(
certhelper.pem2der(open(self.filename, 'r').read()), delimiter)
elif digest == 'SHA1':
return certhelper.SHA1Fingerprint(
certhelper.pem2der(open(self.filename, 'r').read()), delimiter)
else:
opensslcommand = '%s x509 -in %s -inform %s -outform DER | %s %s' % (
openssl.bin_filename, self.filename, self.format,
openssl.bin_filename, string.lower(digest))
f = os.popen(opensslcommand)
rawdigest = string.strip(f.read())
rc = f.close()
if rc and rc != 256:
raise IOError, "Error %s: %s" % (rc, opensslcommand)
result = []
for i in range(len(rawdigest) / 2):
result.append(rawdigest[2 * i:2 * (i + 1)])
self.fingerprint[digest] = result
return string.upper(string.join(result, delimiter))
def getfingerprint(self,digest='md5',delimiter=':'):
digest = string.upper(digest)
if not digest in ['MD2','MD5','MDC2','RMD160','SHA','SHA1']:
raise ValueError, 'Illegal parameter for digest: %s' % digest
elif self.fingerprint.has_key(digest):
result = self.fingerprint[digest]
elif digest=='MD5':
return certhelper.MD5Fingerprint(certhelper.pem2der(open(self.filename,'r').read()),delimiter)
elif digest=='SHA1':
return certhelper.SHA1Fingerprint(certhelper.pem2der(open(self.filename,'r').read()),delimiter)
else:
opensslcommand = '%s x509 -in %s -inform %s -outform DER | %s %s' % (
openssl.bin_filename,
self.filename,
self.format,
openssl.bin_filename,
string.lower(digest)
)
f = os.popen(opensslcommand)
rawdigest = string.strip(f.read())
rc = f.close()
if rc and rc!=256:
raise IOError,"Error %s: %s" % (rc,opensslcommand)
result = []
for i in range(len(rawdigest)/2):
result.append(rawdigest[2*i:2*(i+1)])
self.fingerprint[digest] = result
return string.upper(string.join(result,delimiter))
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(
string.strip(entry[DB_name]), entry[DB_serial],
strftime('%d.%m.%Y',
localtime(mktime(dbtime2tuple(entry[DB_exp_date])))), cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
sys.stdout.flush()
sys.stdout.write('Content-type: %s\n\n' % mimetype)
if cert_format == 'der':
sys.stdout.write(certhelper.pem2der(cert))
elif cert_format == 'pem':
pem_type = {0: 'CERTIFICATE', 1: 'CRL'}[cert_type == 'crl']
sys.stdout.write("""-----BEGIN %s-----
%s
-----END %s-----
""" % (pem_type, certhelper.extract_pem(cert)[0][1], pem_type))
elif cert_format == 'b64':
sys.stdout.write(certhelper.extract_pem(cert)[0][1])
sys.exit(0)
if scep_operation in ['GetCACert','GetCACertChain']:
# *** Check parameter message again for being valid FQDN.
# *** Set to pre-configured SCEP CA
scep_message = 'SCEP'
ca = opensslcnf.getcadata(scep_message)
if not opensslcnf.data['ca'].has_key(scep_message):
htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message)
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(ca.certificate):
htmlbase.PrintErrorMsg('CA Certificate of file not found.')
sys.exit(0)
cert = certhelper.pem2der(open(ca.certificate,'r').read())
sys.stderr.write('%s' % repr(cert))
# Simply write MIME-type and certificate data to stdout
sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')
sys.stdout.write(cert)
sys.stdout.flush()
elif scep_operation=='PKIOperation':
open('/tmp/scep_message','wb').write(scep_message)
sys.exit(0)
if browser_name=='MSIE' and cert_type=='user':
import vbs, charset
htmlbase.PrintHeader('Install certificate')
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(string.strip(entry[DB_name]),entry[DB_serial],strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))),cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
sys.stdout.flush()
sys.stdout.write('Content-type: %s\n\n' % mimetype)
if cert_format=='der':
sys.stdout.write(certhelper.pem2der(cert))
elif cert_format=='pem':
pem_type = {0:'CERTIFICATE',1:'CRL'}[cert_type=='crl']
sys.stdout.write("""-----BEGIN %s-----
%s
-----END %s-----
""" % (pem_type,certhelper.extract_pem(cert)[0][1],pem_type))
elif cert_format=='b64':
sys.stdout.write(certhelper.extract_pem(cert)[0][1])
sys.exit(0)
# *** Check parameter message again for being valid FQDN.
# *** Set to pre-configured SCEP CA
scep_message = 'SCEP'
ca = opensslcnf.getcadata(scep_message)
if not opensslcnf.data['ca'].has_key(scep_message):
htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' %
scep_message)
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(ca.certificate):
htmlbase.PrintErrorMsg('CA Certificate of file not found.')
sys.exit(0)
cert = certhelper.pem2der(open(ca.certificate, 'r').read())
sys.stderr.write('%s' % repr(cert))
# Simply write MIME-type and certificate data to stdout
sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')
sys.stdout.write(cert)
sys.stdout.flush()
elif scep_operation == 'PKIOperation':
open('/tmp/scep_message', 'wb').write(scep_message)
sys.exit(0)
