sys.stdout.write('*** Processing %s ***\n\n' % (ca_name))
ca = opensslcnf.getcadata(ca_name)
if ca.isclientcert() and \
not ca.database in old_db_filenames and \
os.path.isfile(ca.database):
old_db_filenames.append(ca.database)
certs_found = openssl.db.GetEntriesbyDN(ca.database,certdnfilter,casesensitive=1,onlyvalid=0)
for cert_entry in certs_found:
certdn = charset.asn12iso(cert_entry[openssl.db.DB_name])
certdndict = openssl.db.SplitDN(charset.iso2utf(certdn))
ldap_filter = filtertemplate % certdndict
try:
ldap_result = l.search_s(
basedn,
ldap.SCOPE_SUBTREE,
ldap_filter,
['objectclass','userCertificate;binary','userSMIMECertificate;binary'],
0
)
except ldap.NO_SUCH_OBJECT:
sys.stdout.write('Certificate subject "%s" not found with filter "%s".\n' % (certdn,ldap_filter))
ldap_result=[]
except:
exc_obj,exc_value,exc_traceback = sys.exc_info()
sys.stderr.write('Unexpected error during searching with filter "%s":\n%s\n' % (ldap_filter,exc_value))
dntemplate = findoption(options,'--dntemplate')[1]
else:
dntemplate = r'cn=%(CN)s'
ca_names = opensslcnf.sectionkeys.get('ca',[])
ca_dn_dict = {}
for ca_name in ca_names:
ca = opensslcnf.getcadata(ca_name)
if os.path.isfile(ca.certificate):
cacert = openssl.cert.X509CertificateClass(ca.certificate)
ca_dn = charset.iso2utf(charset.t612iso(dntemplate % (cacert.subject)))
if ca_dn_dict.has_key(ca_dn):
sys.stderr.write('Warning: DN of %s conflicts with %s.\n' % (ca_name,ca_dn_dict[ca_dn]))
else:
ca_dn_dict[ca_dn]=ca_name
if ldapbase.dn_regex.match(ca_dn):
ca_entry = {'objectclass':['top','certificationAuthority']}
ca_entry['cACertificate;binary'] = [cacert.readcertfile('der')]
if create_crls:
if os.path.isfile(ca.crl):
cacrl = openssl.cert.CRLClass(ca.crl)
ca_entry['certificateRevocationList;binary'] = [cacrl.readcertfile('der')]
ca_entry['authorityRevocationList;binary'] = [cacrl.readcertfile('der')]
if basedn:
binddn = 'cn=root,%s' % basedn
else:
binddn = 'cn=root'
if findoption(options,'--bindpasswd')!=():
bindpasswd = findoption(options,'--bindpasswd')[1]
else:
if os.environ.has_key('LDAP_PASSWD'):
bindpasswd = os.environ.get['LDAP_PASSWD']
else:
from getpass import getpass
bindpasswd = getpass()
if findoption(options,'--searchfilter')!=():
searchfilter = charset.iso2utf(findoption(options,'--searchfilter')[1])
else:
searchfilter = '(usercertificate;binary=*)'
if findoption(options,'--replace')!=():
replace = 1
else:
replace = 0
sys.stderr.write('replace=%s\n' % replace)
rcc_filemode = {0:'a',1:'w'}
cert_filemode = {0:'w',1:'w'}
if findoption(options,'--rcc_filename')!=():
rcc_filename = findoption(options,'--rcc_filename')[1]
sys.stdout.write('rcc_filename=%s\n' % rcc_filename)
if ca.isclientcert() and \
not ca.database in old_db_filenames and \
os.path.isfile(ca.database):
old_db_filenames.append(ca.database)
certs_found = openssl.db.GetEntriesbyDN(ca.database,
certdnfilter,
casesensitive=1,
onlyvalid=0)
for cert_entry in certs_found:
certdn = charset.asn12iso(cert_entry[openssl.db.DB_name])
certdndict = openssl.db.SplitDN(charset.iso2utf(certdn))
ldap_filter = filtertemplate % certdndict
try:
ldap_result = l.search_s(
basedn, ldap.SCOPE_SUBTREE, ldap_filter, [
'objectclass', 'userCertificate;binary',
'userSMIMECertificate;binary'
], 0)
except ldap.NO_SUCH_OBJECT:
sys.stdout.write(
'Certificate subject "%s" not found with filter "%s".\n' %
(certdn, ldap_filter))
ldap_result = []
except:
exc_obj, exc_value, exc_traceback = sys.exc_info()
sys.stderr.write(