Exemple #1
0
def enroll():
    """Generate an enrollment profile."""

    ca = get_ca()
    key, csr = ca.create_device_csr('device-identity')
    device_certificate = ca.sign(csr)

    pkcs12_payload = identity_payload(key, device_certificate, 'sekret')
    profile = generate_enroll_profile(pkcs12_payload)

    schema = profile_schema.ProfileSchema()
    result = schema.dump(profile)
    plist_data = dumps_none(result.data, skipkeys=True)

    return plist_data, 200, {'Content-Type': PROFILE_CONTENT_TYPE}
Exemple #2
0
def certificate_download():
    """Create a new key/certificate to upload to the DEP/ASM/ABM portal.

    The private key generated for this certificate will be the key recipient of the DEP S/MIME payload.
    """

    try:
        certificate_model = db.session.query(
            DEPServerTokenCertificate).filter_by(
                x509_cn='COMMANDMENT-DEP').one()
    except sqlalchemy.orm.exc.NoResultFound:
        ca = get_ca()
        private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend(),
        )
        private_key_model = RSAPrivateKey.from_crypto(private_key)
        db.session.add(private_key_model)

        name = x509.Name([
            x509.NameAttribute(NameOID.COMMON_NAME, 'COMMANDMENT-DEP'),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment')
        ])

        builder = x509.CertificateSigningRequestBuilder()
        builder = builder.subject_name(name)
        builder = builder.add_extension(x509.BasicConstraints(
            ca=False, path_length=None),
                                        critical=True)

        request = builder.sign(private_key, hashes.SHA256(), default_backend())
        request_model = CertificateSigningRequest.from_crypto(request)
        request_model.rsa_private_key = private_key_model
        db.session.add(request_model)

        certificate = ca.sign(request)
        certificate_model = DEPServerTokenCertificate.from_crypto(certificate)
        certificate_model.rsa_private_key = private_key_model
        db.session.add(certificate_model)

        db.session.commit()

    return certificate_model.pem_data, 200, {
        'Content-Type': 'application/x-x509-ca-cert',
        'Content-Disposition': 'attachment; filename="commandment-dep.cer"'
    }
Exemple #3
0
def generate_ca(app: Flask):
    """Generate internal CA certificate for sandbox setups."""
    with app.app_context():
        app.logger.info('Generating Internal CA if necessary...')
        ca = get_ca()  # Implicit creation of `certificate_authority` row and certificates