def _validate_input(self, ns=None, email=None, serial=None,
slave_refresh=None, slave_retry=None,
slave_expire=None, min_ttl=None):
"""Check and process inputs; return dictionary."""
ns = common.validate_domain(ns)
email = common.validate_domain(email)
if serial is None:
serial = self.dns_serial_start
serial = self._validate_number('serial', serial)
if slave_refresh is None:
slave_refresh = self.dns_slave_refresh
slave_refresh = self._validate_number('slave_refresh', slave_refresh)
if slave_retry is None:
slave_retry = self.dns_slave_retry
slave_retry = self._validate_number('slave_retry', slave_retry)
if slave_expire is None:
slave_expire = self.dns_slave_expire
slave_expire = self._validate_number('slave_expire', slave_expire)
if min_ttl is None:
min_ttl = self.dns_min_ttl
min_ttl = self._validate_number('min_ttl', min_ttl)
return (ns, email, serial, slave_refresh, slave_retry, slave_expire,
min_ttl)
def _validate_input(self,
ns=None,
email=None,
serial=None,
slave_refresh=None,
slave_retry=None,
slave_expire=None,
min_ttl=None):
"""Check and process inputs; return dictionary."""
ns = common.validate_domain(ns)
email = common.validate_domain(email)
if serial is None:
serial = self.dns_serial_start
serial = self._validate_number('serial', serial)
if slave_refresh is None:
slave_refresh = self.dns_slave_refresh
slave_refresh = self._validate_number('slave_refresh', slave_refresh)
if slave_retry is None:
slave_retry = self.dns_slave_retry
slave_retry = self._validate_number('slave_retry', slave_retry)
if slave_expire is None:
slave_expire = self.dns_slave_expire
slave_expire = self._validate_number('slave_expire', slave_expire)
if min_ttl is None:
min_ttl = self.dns_min_ttl
min_ttl = self._validate_number('min_ttl', min_ttl)
return (ns, email, serial, slave_refresh, slave_retry, slave_expire,
min_ttl)
def _validate_input(self, entry):
"""Check input and add trailing period."""
rdn = entry[0]
hostname = entry[1]
hostname = common.validate_domain(hostname)
entry = [rdn, hostname + '.']
return entry
def _validate_input(self, entry):
"""Check input and add trailing period."""
rdn = entry[0]
hostname = entry[1]
hostname = common.validate_domain(hostname)
entry = [rdn, hostname + '.']
return entry
def create(self, alt_name=None):
"""Sign a certificate request; return a certificate."""
if alt_name:
self.alt_name = common.validate_domain(alt_name)
req = self._do_req()
issuer = self.signca._gen_x509_name(self.signca.ca_cn)
cert = X509.X509()
cert.set_version(2)
serialnumber = self.signca._increment_serial()
cert.set_serial_number(serialnumber)
cert.set_issuer_name(issuer)
cert.set_subject(req.get_subject())
certpubkey = req.get_pubkey()
cert.set_pubkey(certpubkey)
pubkey_fprint = self._gen_pubkey_fingerprint(certpubkey)
cert = self._set_duration(cert)
# Create and add certificate extensions
cert = self._add_extensions(cert, pubkey_fprint)
# Sign the cert with the CA key
cakey = RSA.load_key(self.signca.ca_key_file,
callback = self.signca._pass_callback)
capkey = EVP.PKey()
capkey.assign_rsa(cakey, 1)
cert.sign(capkey, 'sha1')
self._save_cert(cert)
result = self.get()
return result
def create(self, alt_name=None):
"""Sign a certificate request; return a certificate."""
if alt_name:
self.alt_name = common.validate_domain(alt_name)
req = self._do_req()
issuer = self.signca._gen_x509_name(self.signca.ca_cn)
cert = X509.X509()
cert.set_version(2)
serialnumber = self.signca._increment_serial()
cert.set_serial_number(serialnumber)
cert.set_issuer_name(issuer)
cert.set_subject(req.get_subject())
certpubkey = req.get_pubkey()
cert.set_pubkey(certpubkey)
pubkey_fprint = self._gen_pubkey_fingerprint(certpubkey)
cert = self._set_duration(cert)
# Create and add certificate extensions
cert = self._add_extensions(cert, pubkey_fprint)
# Sign the cert with the CA key
cakey = RSA.load_key(self.signca.ca_key_file,
callback=self.signca._pass_callback)
capkey = EVP.PKey()
capkey.assign_rsa(cakey, 1)
cert.sign(capkey, 'sha1')
self._save_cert(cert)
result = self.get()
return result
def __init__(self, cn, requester):
self.cn = common.validate_domain(cn)
SpokeCert.__init__(self, cn, requester)
self.key_file = os.path.join(self.signca.ca_dir,
'%s.key.pem' % self.cn)
self.req_file = os.path.join(self.signca.ca_dir, '%s.req' % self.cn)
self.cert_file = os.path.join(self.signca.ca_dir,
'%s.cert.pem' % self.cn)
def __init__(self, org_name, domain_name):
"""Get config, setup logging and LDAP connection."""
SpokeLDAP.__init__(self)
self.config = config.setup()
self.log = logging.getLogger(__name__)
self.base_dn = self.config.get('LDAP', 'basedn')
self.search_scope = 2 # ldap.SUB
self.retrieve_attr = None
self.org_name = org_name
self.org = self._get_org(self.org_name)
self.org_dn = self.org['data'][0].__getitem__(0)
self.org_attrs = self.org['data'][0].__getitem__(1)
self.org_classes = self.org_attrs['objectClass']
self.dns_cont_attr = self.config.get('DNS', 'dns_cont_attr', 'ou')
self.dns_cont_name = self.config.get('DNS', 'dns_cont_name', 'dns')
self.dns_cont_class = self.config.get('ATTR_MAP', \
'container_class', 'organizationalUnit')
self.dns_zone_name_attr = self.config.get('DNS', 'dns_zone_attr',
'zoneName')
self.dns_zone_class = self.config.get('DNS', 'dns_zone_class',
'dNSZone')
self.dns_resource_attr = self.config.get('DNS', 'dns_resource_attr',
'relativeDomainName')
self.dns_record_class = self.config.get('DNS', 'dns_record_class',
'IN')
self.dns_default_ttl = self.config.get('DNS', 'dns_default_ttl',
'86400')
self.dns_min_ttl = self.config.get('DNS', 'dns_min_ttl', '3600')
self.dns_serial_start = self.config.get('DNS', 'dns_serial_start', '1')
self.dns_slave_refresh = self.config.get('DNS', 'dns_slave_refresh',
'3600')
self.dns_slave_retry = self.config.get('DNS', 'dns_slave_retry', '600')
self.dns_slave_expire = self.config.get('DNS', 'dns_slave_expire',
'86400')
self.dns_ns_attr = self.config.get('DNS', 'dns_ns_attr', 'nSRecord')
self.dns_soa_attr = self.config.get('DNS', 'dns_soa_attr', 'sOARecord')
self.dns_a_attr = self.config.get('DNS', 'dns_a_attr', 'aRecord')
self.dns_cname_attr = self.config.get('DNS', 'dns_cname_attr',
'cNAMERecord')
self.dns_mx_attr = self.config.get('DNS', 'dns_mx_attr', 'mXRecord')
self.dns_txt_attr = self.config.get('TXT', 'dns_txt_attr', 'tXTRecord')
self.dns_ptr_attr = self.config.get('PTR', 'dns_ptr_attr', 'pTRRecord')
self.dns_type_attrs = {
'SOA': self.dns_soa_attr,
'NS': self.dns_ns_attr,
'A': self.dns_a_attr,
'CNAME': self.dns_cname_attr,
'MX': self.dns_mx_attr,
'TXT': self.dns_txt_attr,
'PTR': self.dns_ptr_attr
}
self.domain_name = common.validate_domain(domain_name)
self.dns_dn = '%s=%s,%s' % (self.dns_cont_attr, self.dns_cont_name, \
self.org_dn)
self.zone_dn = '%s=%s,%s' % (self.dns_zone_name_attr, \
self.domain_name, self.dns_dn)
def get(self, email_dom=None):
"""Find an email domain; return result list."""
if email_dom:
email_dom = common.validate_domain(email_dom)
filter = '%s=%s' % (self.smtp_domain, email_dom)
else:
filter = '%s=*' % self.smtp_domain
dn = self.org_dn
result = self._get_object(dn, self.search_scope, filter,
attr=self.retrieve_attr)
self.log.debug('Result: %s' % result)
return result
def get(self, email_dom=None):
"""Find an email domain; return result list."""
if email_dom:
email_dom = common.validate_domain(email_dom)
filter = '%s=%s' % (self.smtp_domain, email_dom)
else:
filter = '%s=*' % self.smtp_domain
dn = self.org_dn
result = self._get_object(dn, self.search_scope, filter,
attr=self.retrieve_attr)
self.log.debug('Result: %s' % result)
return result
def __init__(self, org_name, domain_name):
"""Get config, setup logging and LDAP connection."""
SpokeLDAP.__init__(self)
self.config = config.setup()
self.log = logger.setup(__name__)
self.base_dn = self.config.get('LDAP', 'basedn')
self.search_scope = 2 # ldap.SUB
self.retrieve_attr = None
self.org_name = org_name
self.org = self._get_org(self.org_name)
self.org_dn = self.org['data'][0].__getitem__(0)
self.org_attrs = self.org['data'][0].__getitem__(1)
self.org_classes = self.org_attrs['objectClass']
self.dns_cont_attr = self.config.get('DNS', 'dns_cont_attr', 'ou')
self.dns_cont_name = self.config.get('DNS', 'dns_cont_name', 'dns')
self.dns_cont_class = self.config.get('ATTR_MAP', \
'container_class', 'organizationalUnit')
self.dns_zone_name_attr = self.config.get('DNS', 'dns_zone_attr', 'zoneName')
self.dns_zone_class = self.config.get('DNS', 'dns_zone_class', 'dNSZone')
self.dns_resource_attr = self.config.get('DNS','dns_resource_attr', 'relativeDomainName')
self.dns_record_class = self.config.get('DNS','dns_record_class', 'IN')
self.dns_default_ttl = self.config.get('DNS', 'dns_default_ttl', '86400')
self.dns_min_ttl = self.config.get('DNS', 'dns_min_ttl', '3600')
self.dns_serial_start = self.config.get('DNS', 'dns_serial_start', '1')
self.dns_slave_refresh = self.config.get('DNS','dns_slave_refresh', '3600')
self.dns_slave_retry = self.config.get('DNS', 'dns_slave_retry', '600')
self.dns_slave_expire = self.config.get('DNS', 'dns_slave_expire', '86400')
self.dns_ns_attr = self.config.get('DNS', 'dns_ns_attr', 'nSRecord')
self.dns_soa_attr = self.config.get('DNS', 'dns_soa_attr', 'sOARecord')
self.dns_a_attr = self.config.get('DNS', 'dns_a_attr', 'aRecord')
self.dns_cname_attr = self.config.get('DNS', 'dns_cname_attr', 'cNAMERecord')
self.dns_mx_attr = self.config.get('DNS', 'dns_mx_attr', 'mXRecord')
self.dns_txt_attr = self.config.get('TXT', 'dns_txt_attr', 'tXTRecord')
self.dns_ptr_attr = self.config.get('PTR', 'dns_ptr_attr', 'pTRRecord')
self.dns_type_attrs = {'SOA':self.dns_soa_attr,
'NS':self.dns_ns_attr,
'A':self.dns_a_attr,
'CNAME':self.dns_cname_attr,
'MX': self.dns_mx_attr,
'TXT': self.dns_txt_attr,
'PTR': self.dns_ptr_attr}
self.domain_name = common.validate_domain(domain_name)
self.dns_dn = '%s=%s,%s' % (self.dns_cont_attr, self.dns_cont_name, \
self.org_dn)
self.zone_dn = '%s=%s,%s' % (self.dns_zone_name_attr, \
self.domain_name, self.dns_dn)
def create(self, email_dom):
"""Create an email domain."""
email_dom = common.validate_domain(email_dom)
dn = self.base_dn
filter = '%s=%s' % (self.smtp_domain, email_dom)
# Global search
result = self._get_object(dn, self.search_scope, filter, unique=True)
if result['data'] != []:
self.log.info('Email domain %s already exists.' % email_dom)
raise error.AlreadyExists(result)
dn_info = []
if not self.smtp_class in self.org_classes:
dn_info.append((0, 'objectClass', self.smtp_class))
dn_info.append((0, self.smtp_domain, email_dom))
self.log.debug('Adding email domain %s to org %s ' %
(email_dom, self.org_name))
result = self._create_object(self.org_dn, dn_info)
self.log.debug('Result: %s' % result)
return result
def create(self, email_dom):
"""Create an email domain."""
email_dom = common.validate_domain(email_dom)
dn = self.base_dn
filter = '%s=%s' % (self.smtp_domain, email_dom)
# Global search
result = self._get_object(dn, self.search_scope, filter, unique=True)
if result['data'] != []:
self.log.info('Email domain %s already exists.' % email_dom)
raise error.AlreadyExists(result)
dn_info = []
if not self.smtp_class in self.org_classes:
dn_info.append((0, 'objectClass', self.smtp_class))
dn_info.append((0, self.smtp_domain, email_dom))
self.log.debug('Adding email domain %s to org %s ' %
(email_dom, self.org_name))
result = self._create_object(self.org_dn, dn_info)
self.log.debug('Result: %s' % result)
return result
def _validate_input(self, entry):
"""Check input and add trailing period to hostname."""
entry_list = entry.split(' ')
if len(entry_list) > 2:
msg = 'Too many entries: do you have a space somewhere?'
self.log.error(msg)
raise error.InputError(msg)
if len(entry_list) < 2:
msg = 'Too few entries: are you missing the priority?'
self.log.error(msg)
raise error.InputError(msg)
priority = entry_list[0]
hostname = entry_list[1]
try:
int(priority)
except:
msg = 'MX record priority:%s must be an integer.' % priority
self.log.error(msg)
raise error.InputError(msg)
hostname = common.validate_domain(hostname)
return priority + ' ' + hostname + '.'
def _validate_input(self, entry):
"""Check input and add trailing period to hostname."""
entry_list = entry.split(' ')
if len(entry_list) > 2:
msg = 'Too many entries: do you have a space somewhere?'
self.log.error(msg)
raise error.InputError(msg)
if len(entry_list) < 2:
msg = 'Too few entries: are you missing the priority?'
self.log.error(msg)
raise error.InputError(msg)
priority = entry_list[0]
hostname = entry_list[1]
try:
int(priority)
except:
msg = 'MX record priority:%s must be an integer.' % priority
self.log.error(msg)
raise error.InputError(msg)
hostname = common.validate_domain(hostname)
return priority + ' ' + hostname + '.'
def __init__(self, cn, requester=None, ca=None):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logger.log_to_console()
if not requester:
requester = self.config.get('CA', 'ca_default_ca')
requester = common.is_shell_safe(requester)
self.is_a_ca = ca
self.reqca = SpokeCA(requester)
if not self.reqca.get()['data']:
msg = 'CA %s does not exist; please create' % requester
raise error.NotFound(msg)
if self.is_a_ca:
self.cn = common.is_shell_safe(cn)
self.req_file = self.reqca.ca_req_file
self.key_file = self.reqca.ca_key_file
else: # We're dealing with a host CSR
self.cn = common.validate_domain(cn)
key_name = '%s.key.pem' % cn
req_name = '%s.req' % cn
self.key_file = os.path.join(self.reqca.ca_dir, key_name)
self.req_file = os.path.join(self.reqca.ca_dir, req_name)
def __init__(self, cn, requester=None, ca=None):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logger.setup(self.__module__)
if not requester:
requester = self.config.get('CA', 'ca_default_ca')
requester = common.is_shell_safe(requester)
self.is_a_ca = ca
self.reqca = SpokeCA(requester)
if not self.reqca.get()['data']:
msg = 'CA %s does not exist; please create' % requester
raise error.NotFound(msg)
if self.is_a_ca:
self.cn = common.is_shell_safe(cn)
self.req_file = self.reqca.ca_req_file
self.key_file = self.reqca.ca_key_file
else: # We're dealing with a host CSR
self.cn = common.validate_domain(cn)
key_name = '%s.key.pem' % cn
req_name = '%s.req' % cn
self.key_file = os.path.join(self.reqca.ca_dir, key_name)
self.req_file = os.path.join(self.reqca.ca_dir, req_name)
def __init__(self, cn, requester):
self.cn = common.validate_domain(cn)
SpokeCert.__init__(self, cn, requester)
self.key_file = os.path.join(self.signca.ca_dir, '%s.key.pem' % self.cn)
self.req_file = os.path.join(self.signca.ca_dir, '%s.req' % self.cn)
self.cert_file = os.path.join(self.signca.ca_dir, '%s.cert.pem' % self.cn)
def _validate_input(self, entry):
"""Check input and add trailing period."""
entry = common.validate_domain(entry)
return entry + '.'
def _validate_input(self, entry):
"""Check input and add trailing period."""
rdn = entry[0]
value = common.validate_domain(entry[1]) + '.'
return [rdn, value]
def _validate_input(self, entry):
"""Check input and add trailing period."""
rdn = entry[0]
value = common.validate_domain(entry[1]) + '.'
return [rdn, value]
def _validate_input(self, entry):
"""Check input and add trailing period."""
entry = common.validate_domain(entry)
return entry + '.'
