from time import time,localtime,strftime,mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl') form = cgiforms.formClass() form.add( cgiforms.formSelectClass( 'operation', 'Operation', ['GetCACert','PKIOperation'] ) ) form.add( cgiforms.formInputClass( 'message', 'Message', 10000, (r'.*',re.M+re.S) ) )
policy_section = opensslcnf.data.get(ca.policy,{}) req_section = opensslcnf.data.get(ca.req,{}) if req_section and req_section.has_key('distinguished_name'): req_distinguished_name_section = opensslcnf.data.get(req_section['distinguished_name'],{}) req_distinguished_name_keys = opensslcnf.sectionkeys.get(req_section['distinguished_name'],[]) else: htmlbase.PrintErrorMsg('Request section for "%s" not found.' % ca_name) sys.exit(0) if not ca.isclientcert(): htmlbase.PrintErrorMsg('Certificate authority "%s" does not issue client certificates.' % ca_name) sys.exit(0) form = cgiforms.formClass(charset='iso-8859-1') alphanumregex = r'[0-9a-zA-Z\344\366\374\304\326\334\337�/\'"._ -]*' # telephoneregex = r'^\+[0-9][0-9]-[0-9]*-[0-9]*' # Check which browser is used http_browsertype,http_browserversion = BrowserType(os.environ.get('HTTP_USER_AGENT','')) key_gen_browsers = {'Microsoft Internet Explorer':('PKCS10','pem'),'Netscape Navigator':('SPKAC','spkac'),'Opera':('SPKAC','spkac')} if not known_browsers.get(http_browsertype,http_browsertype) in key_gen_browsers.keys(): http_browsertype='' form.add(cgiforms.formSelectClass('browsertype','Browser Software',key_gen_browsers.keys(),known_browsers.get(http_browsertype,''),required=1)) form.add(cgiforms.formPasswordClass('challenge','Initial Master Secret',30,alphanumregex,required=1)) # The form is build by looking at a [req] section in openssl.cnf
from time import time, localtime, strftime, mktime from pycacnf import opensslcnf, pyca_section from openssl.db import \ empty_DN_dict, \ DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \ DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \ dbtime2tuple,GetEntriesbyDN,SplitDN sys.stdin.close() # Path to openssl executable OpenSSLExec = pyca_section.get('OpenSSLExec', '/usr/bin/openssl') form = cgiforms.formClass() form.add( cgiforms.formSelectClass('operation', 'Operation', ['GetCACert', 'PKIOperation'])) form.add( cgiforms.formInputClass('message', 'Message', 10000, (r'.*', re.M + re.S))) form.getparams() scep_operation = form.field['operation'][0].content scep_message = form.field['message'][0].content if scep_operation in ['GetCACert', 'GetCACertChain']: # *** Check parameter message again for being valid FQDN.