Exemple #1
0
def SendCertificateData(obj, request):
    """Send the zipped certificate data as email.
    
    Verify that the given object has all the flags set, create a zipfile and mail it to the
    email address from the certificate.
    """
    
    ## Check that email flag is set in the DB
    if obj.email:
        zip_f = build_zip_for_object(obj, request)
        
        ## Read ZIP content and remove it
        try:
            if os.path.exists(zip_f):
                f = open(zip_f)
                x = f.read()
                f.close()
                
                os.remove(zip_f)
        except OSError,e:
            logger.error( "Failed to read zipfile: %s" % e)
            raise Exception( e )
        
        ## Build email obj and send it out
        parent_name = 'self-signed'
        if obj.parent:
            parent_name = obj.parent.common_name
        
        subj_msg = subject_for_object(obj)
        body_msg = "Certificate data sent by django-pki:\n\n  * subject: %s\n  * parent: %s\n" % (subj_msg, parent_name)
        
        email = EmailMessage( to=[obj.email,], subject="Certificate data for \"%s\"" % subj_msg, body=body_msg,  )
        email.attach( 'PKI_DATA_%s.zip' % obj.name, x, 'application/zip' )
        email.send(fail_silently=False)
Exemple #2
0
 def __init__(self, instance):
     """Initialize shared varaibles and verify instance type"""
     
     self.i    = instance
     self.subj = subject_for_object(self.i)
     
     if self.i.name in PKI_CA_NAME_BLACKLIST:
         logger.error("Instance name '%s' is blacklisted!" % self.i.name)
         raise
     
     if self.i.parent != None:
         self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name, 'certs')
         self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl', '%s.crl.pem' % self.i.parent.name)
     else:
         self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
         self.crl = os.path.join(PKI_DIR, self.i.name, 'crl', '%s.crl.pem' % self.i.name)
     
     if isinstance(instance, pki.models.CertificateAuthority):
         self.ca_dir = os.path.join(PKI_DIR, self.i.name)
         self.key    = os.path.join(self.ca_dir, 'private', '%s.key.pem' % self.i.name)
         self.pkcs12 = False
         self.i.subjaltname = ''
     elif isinstance(instance, pki.models.Certificate):
         if self.i.parent:
             self.ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
         else:
             self.ca_dir = os.path.join(PKI_DIR, "_SELF_SIGNED_CERTIFICATES")
             if not os.path.exists(self.ca_dir):
                 try:
                     os.mkdir(self.ca_dir, 0o755)
                     os.mkdir(os.path.join(self.ca_dir, "certs"))
                 except OSError as e:
                     logger.exception("Failed to create directories for self-signed certificates %s" % self.ca_dir)
                     raise
         
         self.key    = os.path.join(self.ca_dir, 'certs', '%s.key.pem' % self.i.name)
         self.pkcs12 = os.path.join(self.ca_dir, 'certs', '%s.cert.p12' % self.i.name)
         
         if not self.i.subjaltname:
             self.i.subjaltname = 'email:copy'            
     else:
         raise Exception( "Given object type is unknown!" )
     
     if not self.i.crl_dpoints:
         self.i.crl_dpoints = ''
     
     self.csr  = os.path.join(self.ca_dir, 'certs', '%s.csr.pem'  % self.i.name)
     self.crt  = os.path.join(self.ca_dir, 'certs', '%s.cert.pem' % self.i.name)
     self.der  = os.path.join(self.ca_dir, 'certs', '%s.cert.der' % self.i.name)
     
     ## Generate a random string as ENV variable name
     self.env_pw = "".join(random.sample(string.letters+string.digits, 10))
Exemple #3
0
    def __init__(self, instance):
        """Initialize shared varaibles and verify instance type"""

        self.i = instance
        self.subj = subject_for_object(self.i)

        if self.i.name in PKI_CA_NAME_BLACKLIST:
            logger.error("Instance name '%s' is blacklisted!" % self.i.name)
            raise

        if self.i.parent != None:
            self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name,
                                             'certs')
            self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl',
                                    '%s.crl.pem' % self.i.parent.name)
        else:
            self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
            self.crl = os.path.join(PKI_DIR, self.i.name, 'crl',
                                    '%s.crl.pem' % self.i.name)

        if isinstance(instance, pki.models.CertificateAuthority):
            self.ca_dir = os.path.join(PKI_DIR, self.i.name)
            self.key = os.path.join(self.ca_dir, 'private',
                                    '%s.key.pem' % self.i.name)
            self.pkcs12 = False
            self.i.subjaltname = ''
        elif isinstance(instance, pki.models.Certificate):
            if self.i.parent:
                self.ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
            else:
                self.ca_dir = os.path.join(PKI_DIR,
                                           "_SELF_SIGNED_CERTIFICATES")
                if not os.path.exists(self.ca_dir):
                    try:
                        os.mkdir(self.ca_dir, 0755)
                        os.mkdir(os.path.join(self.ca_dir, "certs"))
                    except OSError, e:
                        logger.exception(
                            "Failed to create directories for self-signed certificates %s"
                            % self.ca_dir)
                        raise

            self.key = os.path.join(self.ca_dir, 'certs',
                                    '%s.key.pem' % self.i.name)
            self.pkcs12 = os.path.join(self.ca_dir, 'certs',
                                       '%s.cert.p12' % self.i.name)

            if not self.i.subjaltname:
                self.i.subjaltname = 'email:copy'
Exemple #4
0
 def __init__(self, instance):
     """Initialize shared varaibles and verify instance type"""
     self.i = instance
     self.subj = subject_for_object(self.i)
     
     if self.i.name in PKI_CA_NAME_BLACKLIST:
         logger.error("Instance name '%s' is blacklisted!" % self.i.name)
         raise
     
     if self.i.parent != None:
         self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name,
                                          'certs')
         self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl',
                                 '%s.crl.pem' % self.i.parent.name)
     else:
         self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
         self.crl = os.path.join(PKI_DIR, self.i.name, 'crl',
                                 '%s.crl.pem' % self.i.name)
     
     if isinstance(instance, pki.models.CertificateAuthority):
         self.ca_dir = os.path.join(PKI_DIR, self.i.name)
         self.key = os.path.join(self.ca_dir, 'private',
                                 '%s.key.pem' % self.i.name)
         self.pkcs12 = False
         self.i.subjaltname = ''
     elif isinstance(instance, pki.models.Certificate):
         if self.i.parent:
             self.ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
         else:
             self.ca_dir = os.path.join(PKI_DIR,
                                        "_SELF_SIGNED_CERTIFICATES")
             if not os.path.exists(self.ca_dir):
                 try:
                     os.mkdir(self.ca_dir, 0755)
                     os.mkdir(os.path.join(self.ca_dir, "certs"))
                 except OSError, e:
                     logger.exception("Failed to create directories for \
                                      self-signed certificates %s" %
                                      self.ca_dir)
                     raise
         
         self.key = os.path.join(self.ca_dir, 'certs', '%s.key.pem' %
                                 self.i.name)
         self.pkcs12 = os.path.join(self.ca_dir, 'certs', '%s.cert.p12' %
                                    self.i.name)
         
         if not self.i.subjaltname:
             self.i.subjaltname = 'email:copy'
Exemple #5
0
    def update_ca_chain_file(self):
        """Build/update the CA chain.
        
        Generates a chain file containing all CA's required to verify the given certificate.
        """

        ## Build list of parents
        chain = []
        chain_str = ''

        p = self.i.parent

        if self.i.parent == None:
            chain.append(self.i.name)
        else:
            chain.append(self.i.name)
            while p != None:
                chain.append(p.name)
                p = p.parent

        chain.reverse()

        chain_file = os.path.join(PKI_DIR, self.i.name,
                                  '%s-chain.cert.pem' % self.i.name)

        try:
            w = open(chain_file, 'w')

            for c in chain:
                cert_file = os.path.join(PKI_DIR, c, 'certs',
                                         '%s.cert.pem' % c)
                command = 'x509 -in %s' % cert_file
                output = self.exec_openssl(command.split())

                ## Get the subject to print it first in the chain file
                subj = subject_for_object(self.i)

                w.write('%s\n' % subj)
                w.write(output)

            w.close()
        except:
            raise Exception('Failed to write chain file!')
Exemple #6
0
 def update_ca_chain_file(self):
     """Build/update the CA chain.
     Generates a chain file containing all CA's required to verify
     the given certificate.
     """
     
     ## Build list of parents
     chain = []
     chain_str = ''
     p = self.i.parent
     
     if self.i.parent == None:
         chain.append(self.i.name)
     else:
         chain.append(self.i.name)
         while p != None:
             chain.append(p.name)
             p = p.parent
     
     chain.reverse()
     
     chain_file = os.path.join(PKI_DIR, self.i.name, '%s-chain.cert.pem' %
                               self.i.name)
     
     try:
         w = open(chain_file, 'w')
         
         for c in chain:
             cert_file = os.path.join(PKI_DIR, c, 'certs',
                                      '%s.cert.pem' % c)
             command = 'x509 -in %s' % cert_file
             output = self.exec_openssl(command.split())
             
             ## Get the subject to print it first in the chain file
             subj = subject_for_object(self.i)
             
             w.write('%s\n' % subj)
             w.write(output)
         
         w.close()
     except:
         raise Exception('Failed to write chain file!')
Exemple #7
0
def SendCertificateData(obj, request):
    """Send the zipped certificate data as email.
    
    Verify that the given object has all the flags set, create a zipfile and mail it to the
    email address from the certificate.
    """

    ## Check that email flag is set in the DB
    if obj.email:
        zip_f = build_zip_for_object(obj, request)

        ## Read ZIP content and remove it
        try:
            if os.path.exists(zip_f):
                f = open(zip_f)
                x = f.read()
                f.close()

                os.remove(zip_f)
        except OSError, e:
            logger.error("Failed to read zipfile: %s" % e)
            raise Exception(e)

        ## Build email obj and send it out
        parent_name = 'self-signed'
        if obj.parent:
            parent_name = obj.parent.common_name

        subj_msg = subject_for_object(obj)
        body_msg = "Certificate data sent by django-pki:\n\n  * subject: %s\n  * parent: %s\n" % (
            subj_msg, parent_name)

        email = EmailMessage(
            to=[
                obj.email,
            ],
            subject="Certificate data for \"%s\"" % subj_msg,
            body=body_msg,
        )
        email.attach('PKI_DATA_%s.zip' % obj.name, x, 'application/zip')
        email.send(fail_silently=False)
Exemple #8
0
 def __init__(self, instance):
     """Initialize shared varaibles and verify instance type"""
     
     self.i    = instance
     self.subj = subject_for_object(self.i)
     
     if self.i.parent != None:
         self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name, 'certs')
         self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl', '%s.crl.pem' % self.i.parent.name)
     else:
         self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
         self.crl = os.path.join(PKI_DIR, self.i.name, 'crl', '%s.crl.pem' % self.i.name)
     
     if isinstance(instance, pki.models.CertificateAuthority):
         ca_dir      = os.path.join(PKI_DIR, self.i.name)
         self.key    = os.path.join(ca_dir, 'private', '%s.key.pem' % self.i.name)
         self.ext    = ''
         self.pkcs12 = False
         self.i.subjaltname = ''
     elif isinstance(instance, pki.models.Certificate):
         ca_dir      = os.path.join(PKI_DIR, self.i.parent.name)
         self.key    = os.path.join(ca_dir, 'certs', '%s.key.pem' % self.i.name)
         self.ext    = '-extensions v3_cert'
         self.pkcs12 = os.path.join(ca_dir, 'certs', '%s.cert.p12' % self.i.name)
         
         if not self.i.subjaltname:
             self.i.subjaltname = 'email:copy'
     else:
         raise Exception( "Given object type is unknown!" )
     
     self.csr  = os.path.join(ca_dir, 'certs', '%s.csr.pem'  % self.i.name)
     self.crt  = os.path.join(ca_dir, 'certs', '%s.cert.pem' % self.i.name)
     self.der  = os.path.join(ca_dir, 'certs', '%s.cert.der' % self.i.name)
     
     ## Generate a random string as ENV variable name
     self.env_pw = "".join(random.sample(string.letters+string.digits, 10))