def _validate_input(self, ns=None, email=None, serial=None, slave_refresh=None, slave_retry=None, slave_expire=None, min_ttl=None): """Check and process inputs; return dictionary.""" ns = common.validate_domain(ns) email = common.validate_domain(email) if serial is None: serial = self.dns_serial_start serial = self._validate_number('serial', serial) if slave_refresh is None: slave_refresh = self.dns_slave_refresh slave_refresh = self._validate_number('slave_refresh', slave_refresh) if slave_retry is None: slave_retry = self.dns_slave_retry slave_retry = self._validate_number('slave_retry', slave_retry) if slave_expire is None: slave_expire = self.dns_slave_expire slave_expire = self._validate_number('slave_expire', slave_expire) if min_ttl is None: min_ttl = self.dns_min_ttl min_ttl = self._validate_number('min_ttl', min_ttl) return (ns, email, serial, slave_refresh, slave_retry, slave_expire, min_ttl)
def _validate_input(self, entry): """Check input and add trailing period.""" rdn = entry[0] hostname = entry[1] hostname = common.validate_domain(hostname) entry = [rdn, hostname + '.'] return entry
def create(self, alt_name=None): """Sign a certificate request; return a certificate.""" if alt_name: self.alt_name = common.validate_domain(alt_name) req = self._do_req() issuer = self.signca._gen_x509_name(self.signca.ca_cn) cert = X509.X509() cert.set_version(2) serialnumber = self.signca._increment_serial() cert.set_serial_number(serialnumber) cert.set_issuer_name(issuer) cert.set_subject(req.get_subject()) certpubkey = req.get_pubkey() cert.set_pubkey(certpubkey) pubkey_fprint = self._gen_pubkey_fingerprint(certpubkey) cert = self._set_duration(cert) # Create and add certificate extensions cert = self._add_extensions(cert, pubkey_fprint) # Sign the cert with the CA key cakey = RSA.load_key(self.signca.ca_key_file, callback = self.signca._pass_callback) capkey = EVP.PKey() capkey.assign_rsa(cakey, 1) cert.sign(capkey, 'sha1') self._save_cert(cert) result = self.get() return result
def create(self, alt_name=None): """Sign a certificate request; return a certificate.""" if alt_name: self.alt_name = common.validate_domain(alt_name) req = self._do_req() issuer = self.signca._gen_x509_name(self.signca.ca_cn) cert = X509.X509() cert.set_version(2) serialnumber = self.signca._increment_serial() cert.set_serial_number(serialnumber) cert.set_issuer_name(issuer) cert.set_subject(req.get_subject()) certpubkey = req.get_pubkey() cert.set_pubkey(certpubkey) pubkey_fprint = self._gen_pubkey_fingerprint(certpubkey) cert = self._set_duration(cert) # Create and add certificate extensions cert = self._add_extensions(cert, pubkey_fprint) # Sign the cert with the CA key cakey = RSA.load_key(self.signca.ca_key_file, callback=self.signca._pass_callback) capkey = EVP.PKey() capkey.assign_rsa(cakey, 1) cert.sign(capkey, 'sha1') self._save_cert(cert) result = self.get() return result
def __init__(self, cn, requester): self.cn = common.validate_domain(cn) SpokeCert.__init__(self, cn, requester) self.key_file = os.path.join(self.signca.ca_dir, '%s.key.pem' % self.cn) self.req_file = os.path.join(self.signca.ca_dir, '%s.req' % self.cn) self.cert_file = os.path.join(self.signca.ca_dir, '%s.cert.pem' % self.cn)
def __init__(self, org_name, domain_name): """Get config, setup logging and LDAP connection.""" SpokeLDAP.__init__(self) self.config = config.setup() self.log = logging.getLogger(__name__) self.base_dn = self.config.get('LDAP', 'basedn') self.search_scope = 2 # ldap.SUB self.retrieve_attr = None self.org_name = org_name self.org = self._get_org(self.org_name) self.org_dn = self.org['data'][0].__getitem__(0) self.org_attrs = self.org['data'][0].__getitem__(1) self.org_classes = self.org_attrs['objectClass'] self.dns_cont_attr = self.config.get('DNS', 'dns_cont_attr', 'ou') self.dns_cont_name = self.config.get('DNS', 'dns_cont_name', 'dns') self.dns_cont_class = self.config.get('ATTR_MAP', \ 'container_class', 'organizationalUnit') self.dns_zone_name_attr = self.config.get('DNS', 'dns_zone_attr', 'zoneName') self.dns_zone_class = self.config.get('DNS', 'dns_zone_class', 'dNSZone') self.dns_resource_attr = self.config.get('DNS', 'dns_resource_attr', 'relativeDomainName') self.dns_record_class = self.config.get('DNS', 'dns_record_class', 'IN') self.dns_default_ttl = self.config.get('DNS', 'dns_default_ttl', '86400') self.dns_min_ttl = self.config.get('DNS', 'dns_min_ttl', '3600') self.dns_serial_start = self.config.get('DNS', 'dns_serial_start', '1') self.dns_slave_refresh = self.config.get('DNS', 'dns_slave_refresh', '3600') self.dns_slave_retry = self.config.get('DNS', 'dns_slave_retry', '600') self.dns_slave_expire = self.config.get('DNS', 'dns_slave_expire', '86400') self.dns_ns_attr = self.config.get('DNS', 'dns_ns_attr', 'nSRecord') self.dns_soa_attr = self.config.get('DNS', 'dns_soa_attr', 'sOARecord') self.dns_a_attr = self.config.get('DNS', 'dns_a_attr', 'aRecord') self.dns_cname_attr = self.config.get('DNS', 'dns_cname_attr', 'cNAMERecord') self.dns_mx_attr = self.config.get('DNS', 'dns_mx_attr', 'mXRecord') self.dns_txt_attr = self.config.get('TXT', 'dns_txt_attr', 'tXTRecord') self.dns_ptr_attr = self.config.get('PTR', 'dns_ptr_attr', 'pTRRecord') self.dns_type_attrs = { 'SOA': self.dns_soa_attr, 'NS': self.dns_ns_attr, 'A': self.dns_a_attr, 'CNAME': self.dns_cname_attr, 'MX': self.dns_mx_attr, 'TXT': self.dns_txt_attr, 'PTR': self.dns_ptr_attr } self.domain_name = common.validate_domain(domain_name) self.dns_dn = '%s=%s,%s' % (self.dns_cont_attr, self.dns_cont_name, \ self.org_dn) self.zone_dn = '%s=%s,%s' % (self.dns_zone_name_attr, \ self.domain_name, self.dns_dn)
def get(self, email_dom=None): """Find an email domain; return result list.""" if email_dom: email_dom = common.validate_domain(email_dom) filter = '%s=%s' % (self.smtp_domain, email_dom) else: filter = '%s=*' % self.smtp_domain dn = self.org_dn result = self._get_object(dn, self.search_scope, filter, attr=self.retrieve_attr) self.log.debug('Result: %s' % result) return result
def __init__(self, org_name, domain_name): """Get config, setup logging and LDAP connection.""" SpokeLDAP.__init__(self) self.config = config.setup() self.log = logger.setup(__name__) self.base_dn = self.config.get('LDAP', 'basedn') self.search_scope = 2 # ldap.SUB self.retrieve_attr = None self.org_name = org_name self.org = self._get_org(self.org_name) self.org_dn = self.org['data'][0].__getitem__(0) self.org_attrs = self.org['data'][0].__getitem__(1) self.org_classes = self.org_attrs['objectClass'] self.dns_cont_attr = self.config.get('DNS', 'dns_cont_attr', 'ou') self.dns_cont_name = self.config.get('DNS', 'dns_cont_name', 'dns') self.dns_cont_class = self.config.get('ATTR_MAP', \ 'container_class', 'organizationalUnit') self.dns_zone_name_attr = self.config.get('DNS', 'dns_zone_attr', 'zoneName') self.dns_zone_class = self.config.get('DNS', 'dns_zone_class', 'dNSZone') self.dns_resource_attr = self.config.get('DNS','dns_resource_attr', 'relativeDomainName') self.dns_record_class = self.config.get('DNS','dns_record_class', 'IN') self.dns_default_ttl = self.config.get('DNS', 'dns_default_ttl', '86400') self.dns_min_ttl = self.config.get('DNS', 'dns_min_ttl', '3600') self.dns_serial_start = self.config.get('DNS', 'dns_serial_start', '1') self.dns_slave_refresh = self.config.get('DNS','dns_slave_refresh', '3600') self.dns_slave_retry = self.config.get('DNS', 'dns_slave_retry', '600') self.dns_slave_expire = self.config.get('DNS', 'dns_slave_expire', '86400') self.dns_ns_attr = self.config.get('DNS', 'dns_ns_attr', 'nSRecord') self.dns_soa_attr = self.config.get('DNS', 'dns_soa_attr', 'sOARecord') self.dns_a_attr = self.config.get('DNS', 'dns_a_attr', 'aRecord') self.dns_cname_attr = self.config.get('DNS', 'dns_cname_attr', 'cNAMERecord') self.dns_mx_attr = self.config.get('DNS', 'dns_mx_attr', 'mXRecord') self.dns_txt_attr = self.config.get('TXT', 'dns_txt_attr', 'tXTRecord') self.dns_ptr_attr = self.config.get('PTR', 'dns_ptr_attr', 'pTRRecord') self.dns_type_attrs = {'SOA':self.dns_soa_attr, 'NS':self.dns_ns_attr, 'A':self.dns_a_attr, 'CNAME':self.dns_cname_attr, 'MX': self.dns_mx_attr, 'TXT': self.dns_txt_attr, 'PTR': self.dns_ptr_attr} self.domain_name = common.validate_domain(domain_name) self.dns_dn = '%s=%s,%s' % (self.dns_cont_attr, self.dns_cont_name, \ self.org_dn) self.zone_dn = '%s=%s,%s' % (self.dns_zone_name_attr, \ self.domain_name, self.dns_dn)
def create(self, email_dom): """Create an email domain.""" email_dom = common.validate_domain(email_dom) dn = self.base_dn filter = '%s=%s' % (self.smtp_domain, email_dom) # Global search result = self._get_object(dn, self.search_scope, filter, unique=True) if result['data'] != []: self.log.info('Email domain %s already exists.' % email_dom) raise error.AlreadyExists(result) dn_info = [] if not self.smtp_class in self.org_classes: dn_info.append((0, 'objectClass', self.smtp_class)) dn_info.append((0, self.smtp_domain, email_dom)) self.log.debug('Adding email domain %s to org %s ' % (email_dom, self.org_name)) result = self._create_object(self.org_dn, dn_info) self.log.debug('Result: %s' % result) return result
def _validate_input(self, entry): """Check input and add trailing period to hostname.""" entry_list = entry.split(' ') if len(entry_list) > 2: msg = 'Too many entries: do you have a space somewhere?' self.log.error(msg) raise error.InputError(msg) if len(entry_list) < 2: msg = 'Too few entries: are you missing the priority?' self.log.error(msg) raise error.InputError(msg) priority = entry_list[0] hostname = entry_list[1] try: int(priority) except: msg = 'MX record priority:%s must be an integer.' % priority self.log.error(msg) raise error.InputError(msg) hostname = common.validate_domain(hostname) return priority + ' ' + hostname + '.'
def __init__(self, cn, requester=None, ca=None): """Get config, setup logging.""" self.config = config.setup() self.log = logger.log_to_console() if not requester: requester = self.config.get('CA', 'ca_default_ca') requester = common.is_shell_safe(requester) self.is_a_ca = ca self.reqca = SpokeCA(requester) if not self.reqca.get()['data']: msg = 'CA %s does not exist; please create' % requester raise error.NotFound(msg) if self.is_a_ca: self.cn = common.is_shell_safe(cn) self.req_file = self.reqca.ca_req_file self.key_file = self.reqca.ca_key_file else: # We're dealing with a host CSR self.cn = common.validate_domain(cn) key_name = '%s.key.pem' % cn req_name = '%s.req' % cn self.key_file = os.path.join(self.reqca.ca_dir, key_name) self.req_file = os.path.join(self.reqca.ca_dir, req_name)
def __init__(self, cn, requester=None, ca=None): """Get config, setup logging.""" self.config = config.setup() self.log = logger.setup(self.__module__) if not requester: requester = self.config.get('CA', 'ca_default_ca') requester = common.is_shell_safe(requester) self.is_a_ca = ca self.reqca = SpokeCA(requester) if not self.reqca.get()['data']: msg = 'CA %s does not exist; please create' % requester raise error.NotFound(msg) if self.is_a_ca: self.cn = common.is_shell_safe(cn) self.req_file = self.reqca.ca_req_file self.key_file = self.reqca.ca_key_file else: # We're dealing with a host CSR self.cn = common.validate_domain(cn) key_name = '%s.key.pem' % cn req_name = '%s.req' % cn self.key_file = os.path.join(self.reqca.ca_dir, key_name) self.req_file = os.path.join(self.reqca.ca_dir, req_name)
def _validate_input(self, entry): """Check input and add trailing period.""" entry = common.validate_domain(entry) return entry + '.'
def _validate_input(self, entry): """Check input and add trailing period.""" rdn = entry[0] value = common.validate_domain(entry[1]) + '.' return [rdn, value]