def PrintCertTypes(ca_names):
htmlbase.PrintHeader('Start enrollment for certificate request')
htmlbase.PrintHeading('Start enrollment for certificate request')
print """This certificate authority issues several types
of client certificates.<BR>Please choose the appropriate certificate
type below:<P>
<TABLE CELLSPACING=10%%>"""
for ca_name in ca_names:
ca = opensslcnf.getcadata(ca_name)
if ca.isclientcert():
if ca.nsCaPolicyUrl:
nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl)
else:
nsCaPolicyUrlStr = ' '
print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr)
print '</TABLE>'
htmlbase.PrintFooter()
def PrintKeygenForm(form,ca_name,ca,browsertype,scriptmethod='POST'):
print """Content-type: text/html\n
<HTML>
<HEAD>
<TITLE>Create key pair and certificate request</TITLE>
"""
if browsertype=='MSIE':
import vbs
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCryptoProvider()
vbs.PrintVBSKeyGenCode(form)
print ' -->\n</SCRIPT>'
print '</HEAD><BODY onLoad=KeySizeSelectList() %s>' % htmlbase.bodyPARAM
htmlbase.PrintHeading('Create key pair and certificate request')
print 'Your key pair and certificate request can be generated now.<BR>'
print 'Please have a look below to check if your input data was correct.<P>'
# Print input given by user as readable table and hidden input fields
PrintInput(form)
print '<FORM name="KeyGenForm" ACTION="%s/%s" METHOD=%s ACCEPT-CHARSET="iso-8859-1">' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,scriptmethod)
for i in form.inputkeys:
for j in form.field[i]:
print '<INPUT TYPE="hidden" NAME="%s" VALUE="%s">' % (j.name,j.content)
# Print hint about minimum key size
if ca.min_key_size>0:
print """Please note:<BR>
The certificate type <STRONG>%s</STRONG> requires a minimum key size of <STRONG>%d</STRONG> bits!
If you are not able to choose a key length equal or greater than <STRONG>%d</STRONG> the
certificate authority will refuse to issue a certificate for your certificate request!<P>
""" % (ca_name,ca.min_key_size,ca.min_key_size)
if browsertype=='MSIE':
print '<P>Key size: <SELECT NAME="KeySize"></SELECT></P><INPUT TYPE="hidden" NAME="PKCS10" VALUE="">'
print '<INPUT TYPE="BUTTON" onClick="GenTheKeyPair()" VALUE="Generate key pair"></FORM>'
else:
print '<P>%s:%s</P><INPUT TYPE="submit" VALUE="Generate key pair"></FORM>' % ( \
HelpURL(HelpUrlBase,form.field['SPKAC'][0].name,form.field['SPKAC'][0].text),\
form.field['SPKAC'][0].inputfield(form.field['challenge'][0].content) \
)
htmlbase.PrintFooter()
else:
form.add(cgiforms.formInputClass(i,dn_attr[i]['comment'],imaxlength,dn_attr[i]['regex'],dn_attr[i]['default'],required=policy_field=='supplied',size=isize))
if not form.contentlength:
import time
if not ca.nsComment:
ca.nsComment = 'No comment'
if ca.nsCaPolicyUrl:
nsCommentStr = '<A HREF="%s%s">%s</A>' % (ca.nsBaseUrl,ca.nsCaPolicyUrl,ca.nsComment)
else:
nsCommentStr = ca.nsComment
htmlbase.PrintHeader('Input form for certificate request')
htmlbase.PrintHeading('Input form for certificate request')
if not http_browsertype:
print '<P><STRONG>Your browser type could not be automatically determined.<BR>Please choose the browser you are using.</STRONG></P>'
print """<TABLE>
<TR><TD>Certificate authority:</TD><TD><STRONG>%s</STRONG></TD></TR>
<TR><TD>Certificate type:</TD><TD><STRONG>%s</STRONG></TD></TR>
<TR><TD>Certificate comment:</TD><TD><STRONG>%s</STRONG></TD></TR>
</TABLE>
<P>
Certificates of this type will be valid for <STRONG>%d days</STRONG>, approximately until <STRONG>%s</STRONG>.
</P>
""" % (ca_name,
ca.nsCertTypeStr,
nsCommentStr,
certfilename)
for ca_certfilename in ca_certfilenames:
command = command + ' -certfile %s ' % (ca_certfilename)
cert = ReadCertFromFileObject(os.popen(command))
else:
cert = open(certfilename, 'r').read()
mimetype = 'application/x-x509-user-cert'
else:
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
if browser_name == 'MSIE' and cert_type == 'user':
import vbs, charset
htmlbase.PrintHeader('Install certificate')
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(
string.strip(entry[DB_name]), entry[DB_serial],
strftime('%d.%m.%Y',
localtime(mktime(dbtime2tuple(entry[DB_exp_date])))), cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
htmlbase.PrintErrorMsg('Certificate not found.')
sys.exit(0)
certfilename = os.path.join(ca.certs, '%s.pem' % (entry[DB_serial]))
else:
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(certfilename):
htmlbase.PrintErrorMsg('Certificate file not found.')
sys.exit(0)
if cert_type == 'crl':
htmlbase.PrintHeader('View CRL')
htmlbase.PrintHeading('View CRL')
crl = openssl.cert.CRLClass(certfilename)
issuerdatalist = []
for attr in openssl.cert.X509v1_certattrlist:
issuerdatalist.append(
string.strip(charset.asn12html4(crl.issuer.get(attr, ''))))
print """
<DL>
<DT><STRONG>This CRL was issued by:</STRONG></DT>
<DD>%s</DD>
<DT><STRONG>last updated:</STRONG></DT>
<DD>%s</DD>
<DT><STRONG>next update:</STRONG></DT>
<DD>%s</DD>
</DL>
<P><A HREF="%s%s/%s/crl.crl">Download CRL</A></P>
form.add(
cgiforms.formCheckboxClass('servercerts', 'search server certificates',
'yes', 0))
form.add(cgiforms.formInputClass('CN', 'Common Name', 30, alphanumregex))
form.add(cgiforms.formInputClass('Email', 'E-Mail', 40, mailadrregex))
form.add(
cgiforms.formInputClass('OU', 'Organizational Unit', 30, alphanumregex))
form.add(cgiforms.formInputClass('O', 'Organization', 30, alphanumregex))
form.add(cgiforms.formInputClass('L', 'Location', 30, alphanumregex))
form.add(cgiforms.formInputClass('ST', 'State / Province', 30, alphanumregex))
form.add(cgiforms.formInputClass('C', 'Country', 2, '[a-zA-Z?]' * 2))
if not form.contentlength:
htmlbase.PrintHeader('Search certificates')
htmlbase.PrintHeading('Search certificates')
print """You can search for certificates in the
certificate database.<P>Just type in substrings or
regular expressions as search criteria."""
PrintEmptyForm(form)
htmlbase.PrintFooter()
sys.exit(0)
try:
form.getparams()
except cgiforms.formContentLengthException, e:
htmlbase.PrintErrorMsg('Content length invalid.')
sys.exit(0)
except cgiforms.formParamNameException, e:
htmlbase.PrintErrorMsg('Unknown parameter "%s".' % (e.name))
sys.exit(0)
]
########################################################################
# There's nothing to configure below this line
########################################################################
import sys, os, string, time, re, urllib
import pycacnf, htmlbase, charset
sys.stdin.close()
gmt = time.time() - 3600 * time.daylight + time.timezone
htmlbase.PrintHeader('Cryptographic Browser Check')
htmlbase.PrintHeading('Cryptographic Browser Check')
htmlbase.PrintHeading('SSL', 2)
if os.environ.has_key('HTTPS'):
htmlbase.PrintHeading('SSL symmetric cipher', 3)
print 'You connected with cipher <STRONG>%s</STRONG>, key size <STRONG>%s Bit</STRONG>, secret key size <STRONG>%s Bit</STRONG>.<P>' % (
os.environ['SSL_CIPHER'], os.environ['HTTPS_KEYSIZE'],
os.environ['HTTPS_SECRETKEYSIZE'])
htmlbase.PrintHeading('Client Certificate', 3)
ssl_client_dn = os.environ.get('SSL_CLIENT_DN', '')
if ssl_client_dn:
ssl_client_idn = os.environ.get('SSL_CLIENT_I_DN', '')
if not ssl_client_idn:
import os, sys, types, string, pycacnf, openssl, htmlbase
from pycacnf import opensslcnf, pyca_section
nsGetCertUrl = pyca_section.get('nsGetCertUrl', '')
nsViewCertUrl = pyca_section.get('nsViewCertUrl', '')
nsEnrollUrl = pyca_section.get('nsEnrollUrl', '')
ca_names = opensslcnf.sectionkeys.get('ca', [])
if not ca_names:
htmlbase.PrintErrorMsg('No certificate authorities found.')
sys.exit(0)
htmlbase.PrintHeader('Overview of certificate authorities')
htmlbase.PrintHeading('Overview of certificate authorities')
print """<TABLE BORDER WIDTH=100%>
<TR>
<TH>CA name</TH>
<TH COLSPAN=2>CA certificate</TH>
<TH COLSPAN=2>CRL</TH>
<TH>certificate<BR>types</TH>
<TH>Comment</TH>
<TH>View policy</TH>
</TR>
"""
for ca_name in ca_names:
ca = opensslcnf.getcadata(ca_name)
if nsEnrollUrl and ca.isclientcert():
nsCertTypeStr = '<A HREF="%s%s/%s">%s</A>' % (