Example #1
0
 def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs):
     """Load a CA from one of the preloaded files."""
     path = os.path.join(fixtures_dir, '%s.key' % name)
     ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent,
                               **kwargs)
     ca.x509 = x509  # calculates serial etc
     ca.save()
     return ca
Example #2
0
 def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs):
     """Load a CA from one of the preloaded files."""
     path = os.path.join(settings.FIXTURES_DIR, '%s.key' % name)
     ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent,
                               **kwargs)
     ca.x509 = x509  # calculates serial etc
     ca.save()
     return ca
Example #3
0
    def handle(self, name, key, pem, **options):
        if not os.path.exists(ca_settings.CA_DIR):  # pragma: no cover
            os.makedirs(ca_settings.CA_DIR)

        password = options['password']
        import_password = options['import_password']
        parent = options['parent']
        pem_data = pem.read()
        key_data = key.read()
        crl_url = '\n'.join(options['crl_url'])

        ca = CertificateAuthority(name=name,
                                  parent=parent,
                                  issuer_url=options['issuer_url'],
                                  issuer_alt_name=options['issuer_alt_name'],
                                  crl_url=crl_url)

        # load public key
        try:
            pem_loaded = x509.load_pem_x509_certificate(
                pem_data, default_backend())
        except:
            try:
                pem_loaded = x509.load_der_x509_certificate(
                    pem_data, default_backend())
            except:
                raise CommandError('Unable to load public key.')
        ca.x509 = pem_loaded
        ca.private_key_path = os.path.join(ca_settings.CA_DIR,
                                           '%s.key' % ca.serial)

        # load private key
        try:
            key_loaded = serialization.load_pem_private_key(
                key_data, import_password, default_backend())
        except:
            try:
                key_loaded = serialization.load_der_private_key(
                    key_data, import_password, default_backend())
            except:
                raise CommandError('Unable to load private key.')

        if password is None:
            encryption = serialization.NoEncryption()
        else:
            encryption = serialization.BestAvailableEncryption(password)

        # write private key to file
        oldmask = os.umask(247)
        pem = key_loaded.private_bytes(encoding=Encoding.PEM,
                                       format=PrivateFormat.TraditionalOpenSSL,
                                       encryption_algorithm=encryption)
        with open(ca.private_key_path, 'wb') as key_file:
            key_file.write(pem)
        os.umask(oldmask)

        # Only save CA to database if we loaded all data and copied private key
        ca.save()
Example #4
0
    certs = fixture_data["certs"]
    for cert_name, cert_data in sorted(certs.items(),
                                       key=lambda t: (t[1]["type"], t[0])):
        if cert_data["type"] == "ca":
            if not cert_data["key_filename"]:
                continue  # CA without private key (e.g. real-world CA)

            name = cert_data["name"]
            path = "%s.key" % name

            with open(
                    os.path.join(ca_settings.CA_DIR,
                                 cert_data["key_filename"]), "rb") as stream:
                pkey = stream.read()

            c = CertificateAuthority(name=name, private_key_path=path)
            loaded_cas[c.name] = c
        else:
            if cert_data["cat"] != "generated":
                continue  # Imported cert

            with open(
                    os.path.join(ca_settings.CA_DIR,
                                 cert_data["csr_filename"]), "r") as stream:
                csr = stream.read()
            profile = cert_data.get("profile", ca_settings.CA_DEFAULT_PROFILE)
            c = Certificate(ca=loaded_cas[cert_data["ca"]],
                            csr=csr,
                            profile=profile)

        with open(os.path.join(ca_settings.CA_DIR, cert_data["pub_filename"]),
Example #5
0
                  "wb") as stream:
            stream.write(nonce_req)
else:
    # updating only contrib, so remove existing data
    data = {}

# Load data from Sphinx files
if args.generate_contrib:
    for filename in os.listdir(os.path.join(_sphinx_dir, "ca")):
        name, _ext = os.path.splitext(filename)

        with open(os.path.join(_sphinx_dir, "ca", filename), "rb") as stream:
            pem = stream.read()

        parsed = x509.load_pem_x509_certificate(pem, default_backend())
        ca = CertificateAuthority(name=name)
        ca.update_certificate(parsed)

        update_contrib(data, ca, name, filename)
        data[name]["type"] = "ca"
        data[name]["pathlen"] = ca.pathlen

    for filename in os.listdir(os.path.join(_sphinx_dir, "cert")):
        name, _ext = os.path.splitext(filename)

        contrib_ca = None
        if name in data:
            contrib_ca = name

        name = "%s-cert" % name
Example #6
0
                  'wb') as stream:
            stream.write(nonce_req)
else:
    # updating only contrib, so remove existing data
    data = {}

# Load data from Sphinx files
if args.generate_contrib:
    for filename in os.listdir(os.path.join(_sphinx_dir, 'ca')):
        name, _ext = os.path.splitext(filename)

        with open(os.path.join(_sphinx_dir, 'ca', filename), 'rb') as stream:
            pem = stream.read()

        parsed = x509.load_pem_x509_certificate(pem, default_backend())
        ca = CertificateAuthority(name=name)
        ca.x509 = parsed

        update_contrib(data, ca, name, filename)
        data[name]['type'] = 'ca'
        data[name]['pathlen'] = ca.pathlen

    for filename in os.listdir(os.path.join(_sphinx_dir, 'cert')):
        name, _ext = os.path.splitext(filename)

        contrib_ca = None
        if name in data:
            contrib_ca = name

        name = '%s-cert' % name