def PrintCertTypes(ca_names): htmlbase.PrintHeader('Start enrollment for certificate request') htmlbase.PrintHeading('Start enrollment for certificate request') print """This certificate authority issues several types of client certificates.<BR>Please choose the appropriate certificate type below:<P> <TABLE CELLSPACING=10%%>""" for ca_name in ca_names: ca = opensslcnf.getcadata(ca_name) if ca.isclientcert(): if ca.nsCaPolicyUrl: nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl) else: nsCaPolicyUrlStr = ' ' print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr) print '</TABLE>' htmlbase.PrintFooter()
form.add(cgiforms.formSelectClass(i,dn_attr[i]['comment'],dn_attr[i]['default'],required=policy_field=='supplied')) else: form.add(cgiforms.formInputClass(i,dn_attr[i]['comment'],imaxlength,dn_attr[i]['regex'],dn_attr[i]['default'],required=policy_field=='supplied',size=isize)) if not form.contentlength: import time if not ca.nsComment: ca.nsComment = 'No comment' if ca.nsCaPolicyUrl: nsCommentStr = '<A HREF="%s%s">%s</A>' % (ca.nsBaseUrl,ca.nsCaPolicyUrl,ca.nsComment) else: nsCommentStr = ca.nsComment htmlbase.PrintHeader('Input form for certificate request') htmlbase.PrintHeading('Input form for certificate request') if not http_browsertype: print '<P><STRONG>Your browser type could not be automatically determined.<BR>Please choose the browser you are using.</STRONG></P>' print """<TABLE> <TR><TD>Certificate authority:</TD><TD><STRONG>%s</STRONG></TD></TR> <TR><TD>Certificate type:</TD><TD><STRONG>%s</STRONG></TD></TR> <TR><TD>Certificate comment:</TD><TD><STRONG>%s</STRONG></TD></TR> </TABLE> <P> Certificates of this type will be valid for <STRONG>%d days</STRONG>, approximately until <STRONG>%s</STRONG>. </P> """ % (ca_name, ca.nsCertTypeStr,
command = '%s crl2pkcs7 -nocrl -certfile %s' % (OpenSSLExec, certfilename) for ca_certfilename in ca_certfilenames: command = command + ' -certfile %s ' % (ca_certfilename) cert = ReadCertFromFileObject(os.popen(command)) else: cert = open(certfilename, 'r').read() mimetype = 'application/x-x509-user-cert' else: htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type) sys.exit(0) if browser_name == 'MSIE' and cert_type == 'user': import vbs, charset htmlbase.PrintHeader('Install certificate') htmlbase.PrintHeading('Install certificate') print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name print 'Subject DN: %s<BR>Valid until: %s' % ( \ charset.asn12html4(entry[DB_name]), \ strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \ ) vbs.PrintVBSXenrollObject() print '<SCRIPT Language=VBSCRIPT>\n<!-- ' vbs.PrintVBSCertInstallCode( string.strip(entry[DB_name]), entry[DB_serial], strftime('%d.%m.%Y', localtime(mktime(dbtime2tuple(entry[DB_exp_date])))), cert) print ' -->\n</SCRIPT>' htmlbase.PrintFooter() else:
if not entry: htmlbase.PrintErrorMsg('Certificate not found.') sys.exit(0) certfilename = os.path.join(ca.certs, '%s.pem' % (entry[DB_serial])) else: htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type) sys.exit(0) # Does the certificate file exist? if not os.path.isfile(certfilename): htmlbase.PrintErrorMsg('Certificate file not found.') sys.exit(0) if cert_type == 'crl': htmlbase.PrintHeader('View CRL') htmlbase.PrintHeading('View CRL') crl = openssl.cert.CRLClass(certfilename) issuerdatalist = [] for attr in openssl.cert.X509v1_certattrlist: issuerdatalist.append( string.strip(charset.asn12html4(crl.issuer.get(attr, '')))) print """ <DL> <DT><STRONG>This CRL was issued by:</STRONG></DT> <DD>%s</DD> <DT><STRONG>last updated:</STRONG></DT> <DD>%s</DD> <DT><STRONG>next update:</STRONG></DT> <DD>%s</DD> </DL>
'yes', 1)) form.add( cgiforms.formCheckboxClass('servercerts', 'search server certificates', 'yes', 0)) form.add(cgiforms.formInputClass('CN', 'Common Name', 30, alphanumregex)) form.add(cgiforms.formInputClass('Email', 'E-Mail', 40, mailadrregex)) form.add( cgiforms.formInputClass('OU', 'Organizational Unit', 30, alphanumregex)) form.add(cgiforms.formInputClass('O', 'Organization', 30, alphanumregex)) form.add(cgiforms.formInputClass('L', 'Location', 30, alphanumregex)) form.add(cgiforms.formInputClass('ST', 'State / Province', 30, alphanumregex)) form.add(cgiforms.formInputClass('C', 'Country', 2, '[a-zA-Z?]' * 2)) if not form.contentlength: htmlbase.PrintHeader('Search certificates') htmlbase.PrintHeading('Search certificates') print """You can search for certificates in the certificate database.<P>Just type in substrings or regular expressions as search criteria.""" PrintEmptyForm(form) htmlbase.PrintFooter() sys.exit(0) try: form.getparams() except cgiforms.formContentLengthException, e: htmlbase.PrintErrorMsg('Content length invalid.') sys.exit(0) except cgiforms.formParamNameException, e: htmlbase.PrintErrorMsg('Unknown parameter "%s".' % (e.name))
'RC2-CBC-MD5', 'DES-CBC3-MD5' ] ######################################################################## # There's nothing to configure below this line ######################################################################## import sys, os, string, time, re, urllib import pycacnf, htmlbase, charset sys.stdin.close() gmt = time.time() - 3600 * time.daylight + time.timezone htmlbase.PrintHeader('Cryptographic Browser Check') htmlbase.PrintHeading('Cryptographic Browser Check') htmlbase.PrintHeading('SSL', 2) if os.environ.has_key('HTTPS'): htmlbase.PrintHeading('SSL symmetric cipher', 3) print 'You connected with cipher <STRONG>%s</STRONG>, key size <STRONG>%s Bit</STRONG>, secret key size <STRONG>%s Bit</STRONG>.<P>' % ( os.environ['SSL_CIPHER'], os.environ['HTTPS_KEYSIZE'], os.environ['HTTPS_SECRETKEYSIZE']) htmlbase.PrintHeading('Client Certificate', 3) ssl_client_dn = os.environ.get('SSL_CLIENT_DN', '') if ssl_client_dn: ssl_client_idn = os.environ.get('SSL_CLIENT_I_DN', '')
import os, sys, types, string, pycacnf, openssl, htmlbase from pycacnf import opensslcnf, pyca_section nsGetCertUrl = pyca_section.get('nsGetCertUrl', '') nsViewCertUrl = pyca_section.get('nsViewCertUrl', '') nsEnrollUrl = pyca_section.get('nsEnrollUrl', '') ca_names = opensslcnf.sectionkeys.get('ca', []) if not ca_names: htmlbase.PrintErrorMsg('No certificate authorities found.') sys.exit(0) htmlbase.PrintHeader('Overview of certificate authorities') htmlbase.PrintHeading('Overview of certificate authorities') print """<TABLE BORDER WIDTH=100%> <TR> <TH>CA name</TH> <TH COLSPAN=2>CA certificate</TH> <TH COLSPAN=2>CRL</TH> <TH>certificate<BR>types</TH> <TH>Comment</TH> <TH>View policy</TH> </TR> """ for ca_name in ca_names: ca = opensslcnf.getcadata(ca_name) if nsEnrollUrl and ca.isclientcert():