def makeRequest(pubkey, pkey, serv_host, auto = False): """ create query to the signing on server """ req = X509.Request() # Seems to default to 0, but we can now set it as well, so just API test req.set_version(req.get_version()) req.set_pubkey(pkey) name = X509.X509_Name() if auto: c = 'n' else: c = raw_input (_("Enter the certificate data manually? y/[n]: ")) # Get HostName host_name = socket.getfqdn() list_host_name = host_name.split('.') result_host_name = list_host_name[0]+"@"+serv_host # Get username clVars = DataVars() clVars.flIniFile() username = clVars.Get('ur_fullname') # Get language lang = clVars.Get('os_locale_locale')[:2] if c.lower() in ['y', 'yes']: #if serv_host in host_name: #host_name = host_name.replace('.'+serv_host, '') #list_host_name = host_name.split('.') #result_host_name = \ #list_host_name[len(list_host_name)-1]+"@"+serv_host #else: #host_name = socket.getfqdn() name.CN = raw_input (_('Host Name [%s]: ') %result_host_name) if name.CN in ['', None]: name.CN = result_host_name name.OU = raw_input (_('User Name [%s]: ') %username) if name.OU in ['', None]: name.OU = username name.O = raw_input (_('Organization Name: ')) name.L = raw_input (_('Network address (hostname or IP) [%s]: ')\ %host_name) name.ST = raw_input (_('City: ')) name.C = raw_input (_('Country (2 characters): [%s]') %lang) if not name.C: name.C = lang else: name.CN = result_host_name # Имя сертификата (Common Name); name.OU = username # Название отдела (Organization Unit); name.O = 'My Company'# Название организации (Organization Name); name.L = host_name # Название города (Locality Name); name.ST = 'My State'# Название региона (State Name); name.C = lang # Двухсимвольный код страны (Country); req.set_subject_name(name) ext1 = X509.new_extension('Comment', 'Auto Generated') extstack = X509.X509_Extension_Stack() extstack.push(ext1) req.add_extensions(extstack) req.sign(pkey, 'md5') return req
def add_all_ca_cert(self, list_ca_certs): # so root cert be first, ca after clVarsCore = DataVarsCore() clVarsCore.importCore() clVarsCore.flIniFile() list_ca_certs.reverse() system_ca_db = clVarsCore.Get("core.cl_glob_root_cert") clVars = DataVars() clVars.flIniFile() homePath = clVars.Get("ur_home_path") cl_client_cert_dir = clVarsCore.Get("core.cl_client_cert_dir") cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath) root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list") user_root_cert = clVarsCore.Get("core.cl_user_root_cert") user_root_cert = user_root_cert.replace("~", homePath) for cert in list_ca_certs: if os.path.exists(system_ca_db): if cert in open(system_ca_db, "r").read(): continue if os.path.exists(user_root_cert): if cert in open(user_root_cert, "r").read(): continue md5 = hashlib.md5() md5.update(cert) md5sum = md5.hexdigest() print "\n=================================================" print "md5sum = ", md5sum if not os.path.exists(root_cert_md5): fc = open(root_cert_md5, "w") fc.close() filename = None with open(root_cert_md5) as fd: t = fd.read() # for each line for line in t.splitlines(): # Split string into a words list words = line.split(" ", 1) if words[0] == md5sum: filename = words[1] if not filename: certobj = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, cert) Issuer = certobj.get_issuer().get_components() for item in Issuer: if item[0] == "CN": filename = item[1] fc = open(root_cert_md5, "a") fc.write("%s %s\n" % (md5sum, filename)) fc.close() if not filename: print _('Field "CN" not found in the certificate!') return 1 fd = open(os.path.join(cl_client_cert_dir, "ca/", filename), "w") fd.write(cert) fd.close() fa = open(user_root_cert, "a") fa.write(cert) fa.close() print _("filename = "), filename print _("Certificate added") else: print _("The file containing the CA certificate now exists") get_CRL(cl_client_cert_dir)