def SendCertificateData(obj, request):
"""Send the zipped certificate data as email.
Verify that the given object has all the flags set, create a zipfile and mail it to the
email address from the certificate.
"""
## Check that email flag is set in the DB
if obj.email:
zip_f = build_zip_for_object(obj, request)
## Read ZIP content and remove it
try:
if os.path.exists(zip_f):
f = open(zip_f)
x = f.read()
f.close()
os.remove(zip_f)
except OSError,e:
logger.error( "Failed to read zipfile: %s" % e)
raise Exception( e )
## Build email obj and send it out
parent_name = 'self-signed'
if obj.parent:
parent_name = obj.parent.common_name
subj_msg = subject_for_object(obj)
body_msg = "Certificate data sent by django-pki:\n\n * subject: %s\n * parent: %s\n" % (subj_msg, parent_name)
email = EmailMessage( to=[obj.email,], subject="Certificate data for \"%s\"" % subj_msg, body=body_msg, )
email.attach( 'PKI_DATA_%s.zip' % obj.name, x, 'application/zip' )
email.send(fail_silently=False)
def __init__(self, instance):
"""Initialize shared varaibles and verify instance type"""
self.i = instance
self.subj = subject_for_object(self.i)
if self.i.name in PKI_CA_NAME_BLACKLIST:
logger.error("Instance name '%s' is blacklisted!" % self.i.name)
raise
if self.i.parent != None:
self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name, 'certs')
self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl', '%s.crl.pem' % self.i.parent.name)
else:
self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
self.crl = os.path.join(PKI_DIR, self.i.name, 'crl', '%s.crl.pem' % self.i.name)
if isinstance(instance, pki.models.CertificateAuthority):
self.ca_dir = os.path.join(PKI_DIR, self.i.name)
self.key = os.path.join(self.ca_dir, 'private', '%s.key.pem' % self.i.name)
self.pkcs12 = False
self.i.subjaltname = ''
elif isinstance(instance, pki.models.Certificate):
if self.i.parent:
self.ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
else:
self.ca_dir = os.path.join(PKI_DIR, "_SELF_SIGNED_CERTIFICATES")
if not os.path.exists(self.ca_dir):
try:
os.mkdir(self.ca_dir, 0o755)
os.mkdir(os.path.join(self.ca_dir, "certs"))
except OSError as e:
logger.exception("Failed to create directories for self-signed certificates %s" % self.ca_dir)
raise
self.key = os.path.join(self.ca_dir, 'certs', '%s.key.pem' % self.i.name)
self.pkcs12 = os.path.join(self.ca_dir, 'certs', '%s.cert.p12' % self.i.name)
if not self.i.subjaltname:
self.i.subjaltname = 'email:copy'
else:
raise Exception( "Given object type is unknown!" )
if not self.i.crl_dpoints:
self.i.crl_dpoints = ''
self.csr = os.path.join(self.ca_dir, 'certs', '%s.csr.pem' % self.i.name)
self.crt = os.path.join(self.ca_dir, 'certs', '%s.cert.pem' % self.i.name)
self.der = os.path.join(self.ca_dir, 'certs', '%s.cert.der' % self.i.name)
## Generate a random string as ENV variable name
self.env_pw = "".join(random.sample(string.letters+string.digits, 10))
def __init__(self, instance):
"""Initialize shared varaibles and verify instance type"""
self.i = instance
self.subj = subject_for_object(self.i)
if self.i.name in PKI_CA_NAME_BLACKLIST:
logger.error("Instance name '%s' is blacklisted!" % self.i.name)
raise
if self.i.parent != None:
self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name,
'certs')
self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl',
'%s.crl.pem' % self.i.parent.name)
else:
self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
self.crl = os.path.join(PKI_DIR, self.i.name, 'crl',
'%s.crl.pem' % self.i.name)
if isinstance(instance, pki.models.CertificateAuthority):
self.ca_dir = os.path.join(PKI_DIR, self.i.name)
self.key = os.path.join(self.ca_dir, 'private',
'%s.key.pem' % self.i.name)
self.pkcs12 = False
self.i.subjaltname = ''
elif isinstance(instance, pki.models.Certificate):
if self.i.parent:
self.ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
else:
self.ca_dir = os.path.join(PKI_DIR,
"_SELF_SIGNED_CERTIFICATES")
if not os.path.exists(self.ca_dir):
try:
os.mkdir(self.ca_dir, 0755)
os.mkdir(os.path.join(self.ca_dir, "certs"))
except OSError, e:
logger.exception(
"Failed to create directories for self-signed certificates %s"
% self.ca_dir)
raise
self.key = os.path.join(self.ca_dir, 'certs',
'%s.key.pem' % self.i.name)
self.pkcs12 = os.path.join(self.ca_dir, 'certs',
'%s.cert.p12' % self.i.name)
if not self.i.subjaltname:
self.i.subjaltname = 'email:copy'
def __init__(self, instance):
"""Initialize shared varaibles and verify instance type"""
self.i = instance
self.subj = subject_for_object(self.i)
if self.i.name in PKI_CA_NAME_BLACKLIST:
logger.error("Instance name '%s' is blacklisted!" % self.i.name)
raise
if self.i.parent != None:
self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name,
'certs')
self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl',
'%s.crl.pem' % self.i.parent.name)
else:
self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
self.crl = os.path.join(PKI_DIR, self.i.name, 'crl',
'%s.crl.pem' % self.i.name)
if isinstance(instance, pki.models.CertificateAuthority):
self.ca_dir = os.path.join(PKI_DIR, self.i.name)
self.key = os.path.join(self.ca_dir, 'private',
'%s.key.pem' % self.i.name)
self.pkcs12 = False
self.i.subjaltname = ''
elif isinstance(instance, pki.models.Certificate):
if self.i.parent:
self.ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
else:
self.ca_dir = os.path.join(PKI_DIR,
"_SELF_SIGNED_CERTIFICATES")
if not os.path.exists(self.ca_dir):
try:
os.mkdir(self.ca_dir, 0755)
os.mkdir(os.path.join(self.ca_dir, "certs"))
except OSError, e:
logger.exception("Failed to create directories for \
self-signed certificates %s" %
self.ca_dir)
raise
self.key = os.path.join(self.ca_dir, 'certs', '%s.key.pem' %
self.i.name)
self.pkcs12 = os.path.join(self.ca_dir, 'certs', '%s.cert.p12' %
self.i.name)
if not self.i.subjaltname:
self.i.subjaltname = 'email:copy'
def update_ca_chain_file(self):
"""Build/update the CA chain.
Generates a chain file containing all CA's required to verify the given certificate.
"""
## Build list of parents
chain = []
chain_str = ''
p = self.i.parent
if self.i.parent == None:
chain.append(self.i.name)
else:
chain.append(self.i.name)
while p != None:
chain.append(p.name)
p = p.parent
chain.reverse()
chain_file = os.path.join(PKI_DIR, self.i.name,
'%s-chain.cert.pem' % self.i.name)
try:
w = open(chain_file, 'w')
for c in chain:
cert_file = os.path.join(PKI_DIR, c, 'certs',
'%s.cert.pem' % c)
command = 'x509 -in %s' % cert_file
output = self.exec_openssl(command.split())
## Get the subject to print it first in the chain file
subj = subject_for_object(self.i)
w.write('%s\n' % subj)
w.write(output)
w.close()
except:
raise Exception('Failed to write chain file!')
def update_ca_chain_file(self):
"""Build/update the CA chain.
Generates a chain file containing all CA's required to verify
the given certificate.
"""
## Build list of parents
chain = []
chain_str = ''
p = self.i.parent
if self.i.parent == None:
chain.append(self.i.name)
else:
chain.append(self.i.name)
while p != None:
chain.append(p.name)
p = p.parent
chain.reverse()
chain_file = os.path.join(PKI_DIR, self.i.name, '%s-chain.cert.pem' %
self.i.name)
try:
w = open(chain_file, 'w')
for c in chain:
cert_file = os.path.join(PKI_DIR, c, 'certs',
'%s.cert.pem' % c)
command = 'x509 -in %s' % cert_file
output = self.exec_openssl(command.split())
## Get the subject to print it first in the chain file
subj = subject_for_object(self.i)
w.write('%s\n' % subj)
w.write(output)
w.close()
except:
raise Exception('Failed to write chain file!')
def SendCertificateData(obj, request):
"""Send the zipped certificate data as email.
Verify that the given object has all the flags set, create a zipfile and mail it to the
email address from the certificate.
"""
## Check that email flag is set in the DB
if obj.email:
zip_f = build_zip_for_object(obj, request)
## Read ZIP content and remove it
try:
if os.path.exists(zip_f):
f = open(zip_f)
x = f.read()
f.close()
os.remove(zip_f)
except OSError, e:
logger.error("Failed to read zipfile: %s" % e)
raise Exception(e)
## Build email obj and send it out
parent_name = 'self-signed'
if obj.parent:
parent_name = obj.parent.common_name
subj_msg = subject_for_object(obj)
body_msg = "Certificate data sent by django-pki:\n\n * subject: %s\n * parent: %s\n" % (
subj_msg, parent_name)
email = EmailMessage(
to=[
obj.email,
],
subject="Certificate data for \"%s\"" % subj_msg,
body=body_msg,
)
email.attach('PKI_DATA_%s.zip' % obj.name, x, 'application/zip')
email.send(fail_silently=False)
def __init__(self, instance):
"""Initialize shared varaibles and verify instance type"""
self.i = instance
self.subj = subject_for_object(self.i)
if self.i.parent != None:
self.parent_certs = os.path.join(PKI_DIR, self.i.parent.name, 'certs')
self.crl = os.path.join(PKI_DIR, self.i.parent.name, 'crl', '%s.crl.pem' % self.i.parent.name)
else:
self.parent_certs = os.path.join(PKI_DIR, self.i.name, 'certs')
self.crl = os.path.join(PKI_DIR, self.i.name, 'crl', '%s.crl.pem' % self.i.name)
if isinstance(instance, pki.models.CertificateAuthority):
ca_dir = os.path.join(PKI_DIR, self.i.name)
self.key = os.path.join(ca_dir, 'private', '%s.key.pem' % self.i.name)
self.ext = ''
self.pkcs12 = False
self.i.subjaltname = ''
elif isinstance(instance, pki.models.Certificate):
ca_dir = os.path.join(PKI_DIR, self.i.parent.name)
self.key = os.path.join(ca_dir, 'certs', '%s.key.pem' % self.i.name)
self.ext = '-extensions v3_cert'
self.pkcs12 = os.path.join(ca_dir, 'certs', '%s.cert.p12' % self.i.name)
if not self.i.subjaltname:
self.i.subjaltname = 'email:copy'
else:
raise Exception( "Given object type is unknown!" )
self.csr = os.path.join(ca_dir, 'certs', '%s.csr.pem' % self.i.name)
self.crt = os.path.join(ca_dir, 'certs', '%s.cert.pem' % self.i.name)
self.der = os.path.join(ca_dir, 'certs', '%s.cert.der' % self.i.name)
## Generate a random string as ENV variable name
self.env_pw = "".join(random.sample(string.letters+string.digits, 10))