def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=',
'append', 'no-trust-flags', 'no-key', 'no-chain',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
nicknames = args
instance_name = 'pki-tomcat'
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if not pkcs12_file:
logger.error('missing output file')
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ')
nssdb = instance.open_nssdb()
try:
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain)
finally:
nssdb.close()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=',
'pkcs12-password='******'pkcs12-password-file=', 'append',
'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug',
'help'
])
except getopt.GetoptError as e:
print('ERROR: ' + str(e))
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
cert_file = None
csr_file = None
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
debug = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--cert-file':
cert_file = a
elif o == '--csr-file':
csr_file = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o in ('-v', '--verbose'):
self.set_verbose(True)
elif o == '--debug':
debug = True
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option ' + o)
self.print_help()
sys.exit(1)
if len(args) < 1:
print('ERROR: missing subsystem ID')
self.print_help()
sys.exit(1)
subsystem_name = args[0]
if not (cert_file or csr_file or pkcs12_file):
print('ERROR: missing output file')
self.print_help()
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
if not instance.is_valid():
print('ERROR: Invalid instance %s.' % instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
print('ERROR: No %s subsystem in instance '
'%s.' % (subsystem_name, instance_name))
sys.exit(1)
subsystem_cert = None
if len(args) >= 2:
cert_id = args[1]
subsystem_cert = subsystem.get_subsystem_cert(cert_id)
if (cert_file or csr_file) and not subsystem_cert:
print('ERROR: missing cert ID')
self.print_help()
sys.exit(1)
if cert_file:
cert_data = subsystem_cert.get('data', None)
if cert_data is None:
print("ERROR: Unable to find certificate data for %s" %
cert_id)
sys.exit(1)
cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem')
with open(cert_file, 'w') as f:
f.write(cert_data)
if csr_file:
cert_request = subsystem_cert.get('request', None)
if cert_request is None:
print("ERROR: Unable to find certificate request for %s" %
cert_id)
sys.exit(1)
csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem')
with open(csr_file, 'w') as f:
f.write(csr_data)
if pkcs12_file:
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(
prompt='Enter password for PKCS #12 file: ')
nicknames = []
if subsystem_cert:
nicknames.append(subsystem_cert['nickname'])
else:
subsystem_certs = subsystem.find_system_certs()
for subsystem_cert in subsystem_certs:
nicknames.append(subsystem_cert['nickname'])
nssdb = instance.open_nssdb()
try:
nssdb.export_pkcs12(pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain,
debug=debug)
finally:
nssdb.close()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=',
'pkcs12-password='******'pkcs12-password-file=', 'append',
'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug',
'help'
])
except getopt.GetoptError as e:
print('ERROR: ' + str(e))
self.usage()
sys.exit(1)
instance_name = 'pki-tomcat'
cert_file = None
csr_file = None
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
debug = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--cert-file':
cert_file = a
elif o == '--csr-file':
csr_file = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o in ('-v', '--verbose'):
self.set_verbose(True)
elif o == '--debug':
debug = True
elif o == '--help':
self.usage()
sys.exit()
else:
self.print_message('ERROR: unknown option ' + o)
self.usage()
sys.exit(1)
if len(args) < 1:
print('ERROR: missing cert ID')
self.usage()
sys.exit(1)
cert_id = args[0]
if not (cert_file or csr_file or pkcs12_file):
print('ERROR: missing output file')
self.usage()
sys.exit(1)
instance = server.PKIInstance(instance_name)
if not instance.is_valid():
print('ERROR: Invalid instance %s.' % instance_name)
sys.exit(1)
instance.load()
subsystem_name = None
cert_tag = cert_id
if cert_id != 'sslserver' and cert_id != 'subsystem':
# To avoid ambiguity where cert ID can contain more than 1 _, we limit to one split
temp_cert_identify = cert_id.split('_', 1)
subsystem_name = temp_cert_identify[0]
cert_tag = temp_cert_identify[1]
# If cert ID is instance specific, get it from first subsystem
if not subsystem_name:
subsystem_name = instance.subsystems[0].name
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
print('ERROR: No %s subsystem in instance.'
'%s.' % (subsystem_name, instance_name))
sys.exit(1)
nssdb = instance.open_nssdb()
try:
cert = subsystem.get_subsystem_cert(cert_tag)
if not cert:
print('ERROR: missing %s certificate' % cert_id)
self.usage()
sys.exit(1)
if cert_file:
if self.verbose:
print('Exporting %s certificate into %s.' %
(cert_id, cert_file))
cert_data = cert.get('data', None)
if cert_data is None:
print("ERROR: Unable to find certificate data for %s" %
cert_id)
sys.exit(1)
cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem')
with open(cert_file, 'w') as f:
f.write(cert_data)
if csr_file:
if self.verbose:
print('Exporting %s CSR into %s.' % (cert_id, csr_file))
cert_request = cert.get('request', None)
if cert_request is None:
print("ERROR: Unable to find certificate request for %s" %
cert_id)
sys.exit(1)
csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem')
with open(csr_file, 'w') as f:
f.write(csr_data)
if pkcs12_file:
if self.verbose:
print('Exporting %s certificate and key into %s.' %
(cert_id, pkcs12_file))
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(
prompt='Enter password for PKCS #12 file: ')
nicknames = []
nicknames.append(cert['nickname'])
nssdb.export_pkcs12(pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain,
debug=debug)
finally:
nssdb.close()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=',
'append', 'no-trust-flags', 'no-key', 'no-chain',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: ' + str(e))
self.print_help()
sys.exit(1)
nicknames = args
instance_name = 'pki-tomcat'
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
debug = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o in ('-v', '--verbose'):
self.set_verbose(True)
elif o == '--debug':
debug = True
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option ' + o)
self.print_help()
sys.exit(1)
if not pkcs12_file:
print('ERROR: missing output file')
self.print_help()
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
if not instance.is_valid():
print('ERROR: Invalid instance %s.' % instance_name)
sys.exit(1)
instance.load()
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ')
nssdb = instance.open_nssdb()
try:
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain,
debug=debug)
finally:
nssdb.close()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'cert-file=', 'csr-file=',
'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=',
'append', 'no-trust-flags', 'no-key', 'no-chain',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: ' + str(e))
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
cert_file = None
csr_file = None
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
debug = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--cert-file':
cert_file = a
elif o == '--csr-file':
csr_file = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o in ('-v', '--verbose'):
self.set_verbose(True)
elif o == '--debug':
debug = True
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option ' + o)
self.print_help()
sys.exit(1)
if len(args) < 1:
print('ERROR: missing subsystem ID')
self.print_help()
sys.exit(1)
subsystem_name = args[0]
if not (cert_file or csr_file or pkcs12_file):
print('ERROR: missing output file')
self.print_help()
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
if not instance.is_valid():
print('ERROR: Invalid instance %s.' % instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
print('ERROR: No %s subsystem in instance '
'%s.' % (subsystem_name, instance_name))
sys.exit(1)
subsystem_cert = None
if len(args) >= 2:
cert_id = args[1]
subsystem_cert = subsystem.get_subsystem_cert(cert_id)
if (cert_file or csr_file) and not subsystem_cert:
print('ERROR: missing cert ID')
self.print_help()
sys.exit(1)
if cert_file:
cert_data = subsystem_cert.get('data', None)
if cert_data is None:
print("ERROR: Unable to find certificate data for %s" % cert_id)
sys.exit(1)
cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem')
with open(cert_file, 'w') as f:
f.write(cert_data)
if csr_file:
cert_request = subsystem_cert.get('request', None)
if cert_request is None:
print("ERROR: Unable to find certificate request for %s" % cert_id)
sys.exit(1)
csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem')
with open(csr_file, 'w') as f:
f.write(csr_data)
if pkcs12_file:
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ')
nicknames = []
if subsystem_cert:
nicknames.append(subsystem_cert['nickname'])
else:
subsystem_certs = subsystem.find_system_certs()
for subsystem_cert in subsystem_certs:
nicknames.append(subsystem_cert['nickname'])
nssdb = instance.open_nssdb()
try:
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain,
debug=debug)
finally:
nssdb.close()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'cert-file=', 'csr-file=',
'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=',
'append', 'no-trust-flags', 'no-key', 'no-chain',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
cert_file = None
csr_file = None
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--cert-file':
cert_file = a
elif o == '--csr-file':
csr_file = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) < 1:
logger.error('Missing subsystem ID')
self.print_help()
sys.exit(1)
subsystem_name = args[0]
if not (cert_file or csr_file or pkcs12_file):
logger.error('Missing output file')
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.exists():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logger.error('No %s subsystem in instance %s.',
subsystem_name, instance_name)
sys.exit(1)
subsystem_cert = None
if len(args) >= 2:
cert_id = args[1]
subsystem_cert = subsystem.get_subsystem_cert(cert_id)
if (cert_file or csr_file) and not subsystem_cert:
logger.error('Missing cert ID')
self.print_help()
sys.exit(1)
if cert_file:
cert_data = subsystem_cert.get('data')
if cert_data is None:
logger.error("Unable to find certificate data for %s", cert_id)
sys.exit(1)
cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem')
with open(cert_file, 'w', encoding='utf-8') as f:
f.write(cert_data)
if csr_file:
cert_request = subsystem_cert.get('request')
if cert_request is None:
logger.error('Unable to find certificate request for %s', cert_id)
sys.exit(1)
csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem')
with open(csr_file, 'w', encoding='utf-8') as f:
f.write(csr_data)
if pkcs12_file:
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ')
nicknames = []
if subsystem_cert:
nicknames.append(subsystem_cert['nickname'])
else:
subsystem_certs = subsystem.find_system_certs()
for subsystem_cert in subsystem_certs:
nicknames.append(subsystem_cert['nickname'])
nssdb = instance.open_nssdb()
try:
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain)
finally:
nssdb.close()
