Exemple #1
0
 def _call(self, cur_inst):
     _name = cur_inst.srv_com["server_key:ca_name"].text
     cur_ca = openssl_tools.CA(_name, cur_inst.log)
     if cur_ca.ca_ok:
         _certs = cur_ca.db
         cur_inst.srv_com.set_result("found {}: {}".format(
             logging_tools.get_plural("certificate", len(_certs)),
             ", ".join(sorted(cur_ca.db.keys())),
         ))
         _bldr = cur_inst.srv_com.builder()
         certs = _bldr.certificates()
         for _serial in cur_ca.db:
             _cert = cur_ca.db[_serial]
             certs.append(
                 _bldr.certificate(
                     type=_cert["type"],
                     name=_cert["name"],
                     serial=_cert["serial"],
                     exp_date=cur_ca.db.format_date(_cert["exp_date"]),
                     rev_date=cur_ca.db.format_date(_cert["rev_date"]),
                     rev_cause=_cert["rev_cause"],
                 ))
         cur_inst.srv_com[""] = certs
     else:
         cur_inst.srv_com.set_result(
             "CA '{}' is not valid".format(_name),
             server_command.SRV_REPLY_STATE_ERROR,
         )
Exemple #2
0
 def _call(self, cur_inst):
     _name = cur_inst.srv_com["server_key:ca_name"].text
     _cert_serial = cur_inst.srv_com["server_key:cert_serial"].text
     _revoke_cause = cur_inst.srv_com["server_key:revoke_cause"].text
     _CAUSES = [
         "unspecified",
         "keyCompromise",
         "CACompromise",
         "affiliationChanged",
         "superseded",
         "cessationOfOperation",
         "certificateHold",
         "removeFromCRL",
     ]
     if _revoke_cause not in _CAUSES:
         raise ValueError("revocation cause '{}' not in list {}".format(
             _revoke_cause,
             ", ".join(_CAUSES),
         ))
     cur_ca = openssl_tools.CA(_name, cur_inst.log)
     if not cur_ca.ca_ok:
         cur_inst.srv_com.set_result(
             "CA '{}' is not valid".format(_name),
             server_command.SRV_REPLY_STATE_ERROR,
         )
     else:
         if cur_ca.revoke_cert(_cert_serial, _revoke_cause):
             cur_inst.srv_com.set_result(
                 "certificate {} successfully revoked".format(_cert_serial),
             )
         else:
             cur_inst.srv_com.set_result(
                 "cannot revoke certificate, please check logs",
                 server_command.SRV_REPLY_STATE_ERROR,
             )
Exemple #3
0
 def _call(self, cur_inst):
     _name = cur_inst.srv_com["server_key:ca_name"].text
     _obj_dict = _build_obj(cur_inst,
                            cn="{}_ca".format(
                                global_config["SERVER_FULL_NAME"]))
     cur_ca = openssl_tools.CA(_name, cur_inst.log)
     if cur_ca.ca_ok:
         cur_inst.srv_com.set_result(
             "CA '{}' already present".format(_name),
             server_command.SRV_REPLY_STATE_WARN,
         )
     else:
         if cur_ca.create(_obj_dict):
             cur_inst.srv_com.set_result(
                 "CA '{}' successfully created in {}".format(
                     _name, cur_ca.ca_dir))
         else:
             cur_inst.srv_com.set_result(
                 "creation of CA went wrong, please check the logs",
                 server_command.SRV_REPLY_STATE_ERROR,
             )
Exemple #4
0
 def _call(self, cur_inst):
     _name = cur_inst.srv_com["server_key:ca_name"].text
     _file_name = cur_inst.srv_com["server_key:cert_file"].text
     _ca_mode = cur_inst.srv_com["server_key:ca_mode"].text
     if "server_key:cn" in cur_inst.srv_com:
         _cn = cur_inst.srv_com["server_key:cn"].text
     else:
         _cn = global_config["SERVER_FULL_NAME"]
     if "server_key:add_device" in cur_inst.srv_com:
         _dev_name = cur_inst.srv_com["server_key:add_device"].text
         if _dev_name.count("."):
             _dev = device.objects.get(
                 Q(name=_dev_name.split(".")[0])
                 & Q(domain_tree_node__full_name=_dev_name.split(".", 1)[1])
             )
         else:
             _dev = device.objects.get(Q(name=_dev_name))
     else:
         _dev = None
     _obj_dict = _build_obj(cur_inst, cn=_cn)
     cur_ca = openssl_tools.CA(_name, cur_inst.log)
     if not cur_ca.ca_ok:
         cur_inst.srv_com.set_result(
             "CA '{}' is not valid".format(_name),
             server_command.SRV_REPLY_STATE_ERROR,
         )
     else:
         additional_args = {}
         if _dev is not None:
             additional_args['device'] = _dev
         if cur_ca.new_cert(_obj_dict, _ca_mode, _file_name,
                            **additional_args):
             cur_inst.srv_com.set_result(
                 "certificate successfully created in {}".format(
                     _file_name))
         else:
             cur_inst.srv_com.set_result(
                 "cannot create new cert, please check logs",
                 server_command.SRV_REPLY_STATE_ERROR,
             )