Example #1
0
    print '<P>Key size: <SELECT NAME="KeySize"></SELECT></P><INPUT TYPE="hidden" NAME="PKCS10" VALUE="">'
    print '<INPUT TYPE="BUTTON" onClick="GenTheKeyPair()" VALUE="Generate key pair"></FORM>'
  else:
    print '<P>%s:%s</P><INPUT TYPE="submit" VALUE="Generate key pair"></FORM>' % ( \
      HelpURL(HelpUrlBase,form.field['SPKAC'][0].name,form.field['SPKAC'][0].text),\
      form.field['SPKAC'][0].inputfield(form.field['challenge'][0].content) \
    )
  htmlbase.PrintFooter()

########################################################################
# Main
########################################################################

# Read several parameters from config

MailRelay           = pyca_section.get('MailRelay','localhost')
TmpDir              = pyca_section.get('TmpDir','/tmp')

caCertReqMailAdr    = pyca_section.get('caCertReqMailAdr','')
caPendCertReqValid  = string.atoi(pyca_section.get('caPendCertReqValid','0'))

caInternalCertTypes = pyca_section.get('caInternalCertTypes',[])
if type(caInternalCertTypes)!=types.ListType:
  caInternalCertTypes = [caInternalCertTypes]

caInternalIPAdr     = pyca_section.get('caInternalIPAdr',['127.0.0.1/255.255.255.255'])
if type(caInternalIPAdr)!=types.ListType:
  caInternalIPAdr = [caInternalIPAdr]

caInternalDomains   = pyca_section.get('caInternalDomains','')
if type(caInternalDomains)!=types.ListType:
Example #2
0
import sys, os, string, re, pycacnf, htmlbase, cgihelper, certhelper, openssl

from time import time, localtime, strftime, mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

sys.stdin.close()

# Path to openssl executable
OpenSSLExec = pyca_section.get('OpenSSLExec', '/usr/bin/openssl')

request_method = os.environ.get('REQUEST_METHOD', '')
query_string = os.environ.get('QUERY_STRING', '')
path_info = os.environ.get('PATH_INFO', '')[1:]
browser_name, browser_version = cgihelper.BrowserType(
    os.environ.get('HTTP_USER_AGENT', ''))

if request_method != 'GET':
    htmlbase.PrintErrorMsg('Wrong method.')
    sys.exit(0)

try:
    ca_name, cert_typeandformat = string.split(path_info, '/', 1)
    cert_typeandformat = string.lower(cert_typeandformat)
except ValueError:
Example #3
0
__version__ = '0.6.6'

import sys, os, string, re, \
       pycacnf, cgiforms, htmlbase, charset

from time import time,localtime,strftime,mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

nsBaseUrl    = pyca_section.get('nsBaseUrl','/')
nsGetCertUrl = pyca_section.get('nsGetCertUrl','get-cert.py')
nsViewCertUrl = pyca_section.get('nsViewCertUrl','view-cert.py')
ScriptMethod = pyca_section.get('ScriptMethod','POST')
HelpUrl      = pyca_section.get('HelpUrl',nsBaseUrl)
searchkeys = ['CN','Email','L','O','OU','ST','C']
optionkeys = ['casesensitive','onlyvalid','emailcerts','servercerts']

def HelpURL(name,text):
  return '<A HREF="%sns-enroll-help.html#%s">%s</A>' % (HelpUrl,name,charset.iso2html4(text))

def PrintEmptyForm(form,method='POST'):

  print '<FORM ACTION="%s" METHOD="%s" ACCEPT-CHARSET="iso-8859-1">\n' % \
        (os.environ.get('SCRIPT_NAME','cert-query.py'),method)
  print '<TABLE NOBORDER><TR>'
Example #4
0
__version__ = '0.6.6'

import sys, os, string, re, \
       pycacnf, cgiforms, htmlbase, charset

from time import time, localtime, strftime, mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

nsBaseUrl = pyca_section.get('nsBaseUrl', '/')
nsGetCertUrl = pyca_section.get('nsGetCertUrl', 'get-cert.py')
nsViewCertUrl = pyca_section.get('nsViewCertUrl', 'view-cert.py')
ScriptMethod = pyca_section.get('ScriptMethod', 'POST')
HelpUrl = pyca_section.get('HelpUrl', nsBaseUrl)
searchkeys = ['CN', 'Email', 'L', 'O', 'OU', 'ST', 'C']
optionkeys = ['casesensitive', 'onlyvalid', 'emailcerts', 'servercerts']


def HelpURL(name, text):
    return '<A HREF="%sns-enroll-help.html#%s">%s</A>' % (
        HelpUrl, name, charset.iso2html4(text))


def PrintEmptyForm(form, method='POST'):
Example #5
0
import sys, os, string, re, pycacnf, htmlbase, openssl, charset

from time import time, localtime, strftime, mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

sys.stdin.close()

# Path to openssl executable
openssl.bin_filename = pyca_section.get('OpenSSLExec', '/usr/bin/openssl')

request_method = os.environ.get('REQUEST_METHOD', '')
query_string = os.environ.get('QUERY_STRING', '')
path_info = os.environ.get('PATH_INFO', '')[1:]

nsBaseUrl = pyca_section.get('nsBaseUrl', '/')
nsGetCertUrl = pyca_section.get('nsGetCertUrl', 'get-cert.py')
nsViewCertUrl = pyca_section.get('nsViewCertUrl', 'view-cert.py')

if request_method != 'GET':
    htmlbase.PrintErrorMsg('Wrong method.')
    sys.exit(0)

try:
    ca_name, cert_typeandformat = string.split(path_info, '/', 1)
Example #6
0
import sys,os,string,re,pycacnf,htmlbase,cgihelper,certhelper,openssl

from time import time,localtime,strftime,mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

sys.stdin.close()

# Path to openssl executable
OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl')

request_method  = os.environ.get('REQUEST_METHOD','')
query_string    = os.environ.get('QUERY_STRING','')
path_info       = os.environ.get('PATH_INFO','')[1:]
browser_name,browser_version = cgihelper.BrowserType(os.environ.get('HTTP_USER_AGENT',''))


if request_method!='GET':
  htmlbase.PrintErrorMsg('Wrong method.')
  sys.exit(0)

try:
  ca_name, cert_typeandformat = string.split(path_info,'/',1)
  cert_typeandformat=string.lower(cert_typeandformat)
except ValueError:
Example #7
0
       pycacnf, htmlbase, cgiforms, cgihelper, certhelper, openssl

from time import time,localtime,strftime,mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

sys.stdin.close()

# Path to openssl executable
OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl')

form = cgiforms.formClass()
form.add(
  cgiforms.formSelectClass(
    'operation',
    'Operation',
    ['GetCACert','PKIOperation']
  )
)
form.add(
  cgiforms.formInputClass(
    'message',
    'Message',
    10000,
    (r'.*',re.M+re.S)
Example #8
0
import sys,os,string,re,pycacnf,htmlbase,openssl,charset

from time import time,localtime,strftime,mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

sys.stdin.close()

# Path to openssl executable
openssl.bin_filename = pyca_section.get('OpenSSLExec','/usr/bin/openssl')

request_method  = os.environ.get('REQUEST_METHOD','')
query_string    = os.environ.get('QUERY_STRING','')
path_info       = os.environ.get('PATH_INFO','')[1:]

nsBaseUrl    = pyca_section.get('nsBaseUrl','/')
nsGetCertUrl = pyca_section.get('nsGetCertUrl','get-cert.py')
nsViewCertUrl = pyca_section.get('nsViewCertUrl','view-cert.py')


if request_method!='GET':
  htmlbase.PrintErrorMsg('Wrong method.')
  sys.exit(0)

try:
Example #9
0
       pycacnf, htmlbase, cgiforms, cgihelper, certhelper, openssl

from time import time, localtime, strftime, mktime

from pycacnf import opensslcnf, pyca_section

from openssl.db import \
  empty_DN_dict, \
  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
  dbtime2tuple,GetEntriesbyDN,SplitDN

sys.stdin.close()

# Path to openssl executable
OpenSSLExec = pyca_section.get('OpenSSLExec', '/usr/bin/openssl')

form = cgiforms.formClass()
form.add(
    cgiforms.formSelectClass('operation', 'Operation',
                             ['GetCACert', 'PKIOperation']))
form.add(
    cgiforms.formInputClass('message', 'Message', 10000, (r'.*', re.M + re.S)))

form.getparams()

scep_operation = form.field['operation'][0].content
scep_message = form.field['message'][0].content

if scep_operation in ['GetCACert', 'GetCACertChain']:
Example #10
0
"""
ca-index.py
(c) by Joshua G. David, [email protected]

This CGI-BIN program shows a pretty index of the CA definitions in
OpenSSL's config file (e.g. named openssl.cnf)
"""

__version__ = '0.6.6'

import os, sys, types, string, pycacnf, openssl, htmlbase

from pycacnf import opensslcnf, pyca_section

nsGetCertUrl = pyca_section.get('nsGetCertUrl','')
nsViewCertUrl = pyca_section.get('nsViewCertUrl','')
nsEnrollUrl  = pyca_section.get('nsEnrollUrl','')

ca_names = opensslcnf.sectionkeys.get('ca',[])

if not ca_names:
  htmlbase.PrintErrorMsg('No certificate authorities found.')
  sys.exit(0)

htmlbase.PrintHeader('Overview of certificate authorities')
htmlbase.PrintHeading('Overview of certificate authorities')
print """<TABLE BORDER WIDTH=100%>
<TR>
  <TH>CA name</TH>
  <TH COLSPAN=2>CA certificate</TH>
Example #11
0
#!/usr/bin/python
"""
ca-index.py
(c) by Joshua G. David, [email protected]

This CGI-BIN program shows a pretty index of the CA definitions in
OpenSSL's config file (e.g. named openssl.cnf)
"""

__version__ = '0.6.6'

import os, sys, types, string, pycacnf, openssl, htmlbase

from pycacnf import opensslcnf, pyca_section

nsGetCertUrl = pyca_section.get('nsGetCertUrl', '')
nsViewCertUrl = pyca_section.get('nsViewCertUrl', '')
nsEnrollUrl = pyca_section.get('nsEnrollUrl', '')

ca_names = opensslcnf.sectionkeys.get('ca', [])

if not ca_names:
    htmlbase.PrintErrorMsg('No certificate authorities found.')
    sys.exit(0)

htmlbase.PrintHeader('Overview of certificate authorities')
htmlbase.PrintHeading('Overview of certificate authorities')
print """<TABLE BORDER WIDTH=100%>
<TR>
  <TH>CA name</TH>
  <TH COLSPAN=2>CA certificate</TH>
Example #12
0
The following checks are made to avoid denial of service attacks:
- The client software must provide the client certificate.
- The issuer of the client and the server certificates must match
"""

Version='0.6.6'

import sys, os, string, re, pycacnf, htmlbase, openssl, cgissl, certhelper

from pycacnf import opensslcnf, pyca_section

sys.stdin.close()

# Path to openssl executable
openssl.bin_filename = pyca_section.get('OpenSSLExec','/usr/bin/openssl')

request_method  = os.environ.get('REQUEST_METHOD','')
query_string    = os.environ.get('QUERY_STRING','')
script_name    = os.environ.get('SCRIPT_NAME','')
path_info       = os.environ.get('PATH_INFO','')[1:]

rm = (re.compile('[0-9a-fA-F]+(&yes)*')).match(query_string)

if request_method!='GET':
  htmlbase.PrintErrorMsg('Wrong method.')
  sys.exit(0)

ca_name = os.environ.get('PATH_INFO','')[1:]

if not ca_name: