def cert(self): certType = self.fields.get('type') certName = self.fields.get('name') # adjust the path for these cert types if 'ca' == certType: path = '/rbt/sport/ssl/state/ca/%s' % (certName) elif 'peering' == certType: path = '/rbt/sport/ssl/state/tunnel/ca/%s' % (certName) elif 'mobile' == certType: path = '/rbt/sport/ssl/state/tunnel/shm_ca/%s' % (certName) elif certType in ('black', 'gray', 'white'): path = '/rbt/sport/ssl/state/tunnel/%s_list/%s/cert' % (certType, certName) elif 'chain' == certType: sid = self.request().fields().get('sid') path = '/rbt/sport/ssl/state/server_certs/names/%s/chain_cert/%s' % (sid, certName) elif 'appliance' == certType: path = '/rbt/sport/ssl/state/tunnel/cert' else: raise 'unknown cert type ' + certType policyName = self.fields.get('policy') if policyName: # get the cert data for the CMC cert = Nodes.action(self.mgmt, '/rbt/sport/ssl/action/iterate_node', ('profile', 'string', policyName), ('node', 'string', path)) prefixLen = len(path) + 1 # remove the prefixes cert = dict([(k[prefixLen:], v) for k,v in cert.iteritems()]) else: # get the cert data for the SH or other cert = self.mgmt.getChildren(path) # tweakage for colors if certType in ('black', 'gray', 'white'): self.transaction().color_info = True cert['IP'] = certName # display cert self.transaction().cert = cert # Bug 33438 specified that we needed a way to move certs between "Peering" and "Mobile" # bins. Allow peering/mobile base64 PEM certs to be viewable in the popup. User can move # certs now by cutting and pasting. # TODO May want to extend this functionality to all popup certs in the future. if certType in ('peering', 'mobile', 'appliance'): self.application().includeURL(self.transaction(), '/Templates/presentCertWithPEM') else: self.application().includeURL(self.transaction(), '/Templates/presentCert')
def _respond(self, transaction): mgmt = transaction.session().value('mgmt') fields = transaction.request().fields() response = transaction.response() data = '' filename = '' try: if 'monitor' == mgmt.remoteUser.lower(): data = {'file_contents': 'Not permitted for monitor.'} filename='NotPermittedForMonitor.txt' elif 'exportBulkSSLData' == fields.get('action'): args = [('enc_password', 'string', fields.get('exportPassword', ''))] if 'true' == fields.get('exportIncludeServers'): args.append(('include_servers', 'bool', 'true')) if 'true' == fields.get('exportIncludeAltCfg'): args.append(('include_alt_cfg', 'bool', 'true')) data = Nodes.action(mgmt, '/rbt/sport/ssl/action/all/export', *args) filename = 'ssl_bulk_export.bin' elif 'exportPeeringSSLData' == fields.get('action'): args = [('enc_password', 'string', fields.get('exportPassword', ''))] if 'true' == fields.get('exportIncludeKey'): args.append(('include_key', 'bool', 'true')) data = Nodes.action(mgmt, '/rbt/sport/ssl/action/tunnel/export', *args) filename = 'ssl_peer_export.bin' elif 'generateCSRSSLData' == fields.get('action'): common_name = fields.get('common_name') org = fields.get('org') org_unit = fields.get('org_unit') locality = fields.get('locality') state = fields.get('state') country = fields.get('country') email = fields.get('email') data = Nodes.action(mgmt, '/rbt/sport/ssl/action/tunnel/generate_csr', ('common_name', 'string', common_name), ('org', 'string', org), ('org_unit', 'string', org_unit), ('locality', 'string', locality), ('state', 'string', state), ('country', 'string', country), ('email', 'string', email)) filename = 'ssl_peer.csr' elif 'generateCSRSSLDataWeb' == fields.get('action'): common_name = fields.get('common_name') org = fields.get('org') org_unit = fields.get('org_unit') locality = fields.get('locality') state = fields.get('state') country = fields.get('country') email = fields.get('email') data = Nodes.action(mgmt, '/web/action/httpd/ssl/cert/generate_csr', ('common_name', 'string', common_name), ('org', 'string', org), ('org_unit', 'string', org_unit), ('locality', 'string', locality), ('state', 'string', state), ('country', 'string', country), ('email', 'string', email)) filename = 'ssl_web.csr' elif 'exportSigningSSLData' == fields.get('action'): args = [('enc_password', 'string', fields.get('exportPassword', ''))] if 'true' == fields.get('exportIncludeKey'): args.append(('include_key', 'bool', 'true')) data = Nodes.action(mgmt, '/rbt/sport/ssl/action/signing/export', *args) filename = 'ssl_signing_export.bin' elif 'generateCSRSSLSigningData' == fields.get('action'): common_name = fields.get('common_name') org = fields.get('org') org_unit = fields.get('org_unit') locality = fields.get('locality') state = fields.get('state') country = fields.get('country') email = fields.get('email') data = Nodes.action(mgmt, '/rbt/sport/ssl/action/signing/generate_csr', ('common_name', 'string', common_name), ('org', 'string', org), ('org_unit', 'string', org_unit), ('locality', 'string', locality), ('state', 'string', state), ('country', 'string', country), ('email', 'string', email)) filename = 'ssl_signing.csr' elif 'serverCertCSR' == fields.get('_action_'): name = fields.get('serverCert_name') common_name = fields.get('csr_common_name') org = fields.get('csr_org') org_unit = fields.get('csr_org_unit') locality = fields.get('csr_locality') state = fields.get('csr_state') country = fields.get('csr_country') email = fields.get('csr_email') data = Nodes.action(mgmt, '/rbt/sport/ssl/action/server_certs/generate_csr', ('name', 'string', name), ('common_name', 'string', common_name), ('country', 'string', country), ('email', 'string', email), ('locality', 'string', locality), ('org', 'string', org), ('org_unit', 'string', org_unit), ('state', 'string', state)) filename = '%s.csr' % name elif 'exportServerCert' == fields.get('_action_'): name = fields.get('serverCert_name') includeKey = fields.get('export_includeKey', 'false') args = [('name', 'string', name), ('include_key', 'bool', includeKey)] if 'true' == includeKey: password = fields.get('export_password') args.append(('enc_password', 'string', password)) data = Nodes.action(mgmt, '/rbt/sport/ssl/action/server_certs/export', *args) filename = '%s.bin' % name response.setHeader('Content-type', 'application/octet-stream') response.setHeader('Content-Disposition', 'attachment; filename=' + filename) response.write(data['file_contents']) except NonZeroReturnCodeException, x: response.write('An error occurred: ' + str(x))