def htmlprint(self):
# Convert character sets
subjectdatalist = []
issuerdatalist = []
for attr in X509v1_certattrlist:
subjectdatalist.append(
string.strip(charset.asn12html4(self.subject.get(attr, ''))))
issuerdatalist.append(
string.strip(charset.asn12html4(self.issuer.get(attr, ''))))
return """
<TABLE BORDER=1 WIDTH="100%%" CELLPADDING="5%%">
<TR>
<TD WIDTH="50%%">
<DL>
<DT><STRONG>This certificate belongs to:</STRONG></DT>
<DD>%s</DD>
</DL>
</TD>
<TD>
<DL>
<DT><STRONG>This certificate was issued by:</STRONG></DT>
<DD>%s</DD>
</DL>
</TD>
</TR>
<TR>
<TD COLSPAN=2>
<DL>
<DT><STRONG>Serial Number:</STRONG><DT>
<DD>%s</DD>
<DT><STRONG>This certificate is valid from %s until %s.</STRONG></DT>
<DT><STRONG>Certificate Fingerprint:</STRONG></DT>
<DD><PRE>SHA-1: %s<BR>MD5: %s</PRE></DD>
</DL>
</TD>
</TR>
</TABLE>
""" % ( \
string.join(subjectdatalist,'<BR>'),
string.join(issuerdatalist,'<BR>'),
self.serial,
self.notBefore,
self.notAfter,
self.getfingerprint('sha1'),
self.getfingerprint('md5'),
)
def htmlprint(self):
# Convert character sets
subjectdatalist = []
issuerdatalist = []
for attr in X509v1_certattrlist:
subjectdatalist.append(string.strip(charset.asn12html4(self.subject.get(attr,''))))
issuerdatalist.append(string.strip(charset.asn12html4(self.issuer.get(attr,''))))
return """
<TABLE BORDER=1 WIDTH="100%%" CELLPADDING="5%%">
<TR>
<TD WIDTH="50%%">
<DL>
<DT><STRONG>This certificate belongs to:</STRONG></DT>
<DD>%s</DD>
</DL>
</TD>
<TD>
<DL>
<DT><STRONG>This certificate was issued by:</STRONG></DT>
<DD>%s</DD>
</DL>
</TD>
</TR>
<TR>
<TD COLSPAN=2>
<DL>
<DT><STRONG>Serial Number:</STRONG><DT>
<DD>%s</DD>
<DT><STRONG>This certificate is valid from %s until %s.</STRONG></DT>
<DT><STRONG>Certificate Fingerprint:</STRONG></DT>
<DD><PRE>SHA-1: %s<BR>MD5: %s</PRE></DD>
</DL>
</TD>
</TR>
</TABLE>
""" % ( \
string.join(subjectdatalist,'<BR>'),
string.join(issuerdatalist,'<BR>'),
self.serial,
self.notBefore,
self.notAfter,
self.getfingerprint('sha1'),
self.getfingerprint('md5'),
)
def PrintFound(form, found, cellpadding=2, width=100):
print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding, width)
print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
for i in searchkeys:
print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
print '</TR>'
for ca_name in found.keys():
ca = opensslcnf.getcadata(ca_name)
if ca.isservercert():
certtype = 'server'
else:
certtype = 'email'
for i in found[ca_name]:
print '<TR><TD>%s</TD>' % (ca_name)
if i[DB_type] == DB_TYPE_REV:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
)
elif i[DB_type] == DB_TYPE_EXP:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
elif i[DB_type] == DB_TYPE_VAL:
print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
else:
raise ValueError
dnfield = SplitDN(i[DB_name])
for j in searchkeys:
if dnfield.has_key(j) and dnfield[j]:
if j == "Email":
print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (
dnfield[j], dnfield[j])
else:
print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(
dnfield[j])
else:
print '<TD> </TD>'
print '</TR>'
print '</TABLE>'
return
def PrintFound(form,found,cellpadding=2,width=100):
print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding,width)
print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
for i in searchkeys:
print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
print '</TR>'
for ca_name in found.keys():
ca = opensslcnf.getcadata(ca_name)
if ca.isservercert():
certtype='server'
else:
certtype='email'
for i in found[ca_name]:
print '<TR><TD>%s</TD>' % (ca_name)
if i[DB_type]==DB_TYPE_REV:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
)
elif i[DB_type]==DB_TYPE_EXP:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
elif i[DB_type]==DB_TYPE_VAL:
print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
else:
raise ValueError
dnfield = SplitDN(i[DB_name])
for j in searchkeys:
if dnfield.has_key(j) and dnfield[j]:
if j=="Email":
print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (dnfield[j],dnfield[j])
else:
print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(dnfield[j])
else:
print '<TD> </TD>'
print '</TR>'
print '</TABLE>'
return
cert = ReadCertFromFileObject(os.popen(command))
else:
cert = open(certfilename, 'r').read()
mimetype = 'application/x-x509-user-cert'
else:
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
if browser_name == 'MSIE' and cert_type == 'user':
import vbs, charset
htmlbase.PrintHeader('Install certificate')
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(
string.strip(entry[DB_name]), entry[DB_serial],
strftime('%d.%m.%Y',
localtime(mktime(dbtime2tuple(entry[DB_exp_date])))), cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
sys.stdout.flush()
sys.stdout.write('Content-type: %s\n\n' % mimetype)
if cert_format == 'der':
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(certfilename):
htmlbase.PrintErrorMsg('Certificate file not found.')
sys.exit(0)
if cert_type == 'crl':
htmlbase.PrintHeader('View CRL')
htmlbase.PrintHeading('View CRL')
crl = openssl.cert.CRLClass(certfilename)
issuerdatalist = []
for attr in openssl.cert.X509v1_certattrlist:
issuerdatalist.append(
string.strip(charset.asn12html4(crl.issuer.get(attr, ''))))
print """
<DL>
<DT><STRONG>This CRL was issued by:</STRONG></DT>
<DD>%s</DD>
<DT><STRONG>last updated:</STRONG></DT>
<DD>%s</DD>
<DT><STRONG>next update:</STRONG></DT>
<DD>%s</DD>
</DL>
<P><A HREF="%s%s/%s/crl.crl">Download CRL</A></P>
<HR><FONT SIZE=-1><PRE>
""" % ( \
string.join(issuerdatalist,'<BR>'),
crl.lastUpdate,crl.nextUpdate,
nsBaseUrl,nsGetCertUrl,ca_name
cert = ReadCertFromFileObject(os.popen(command))
else:
cert = open(certfilename,'r').read()
mimetype = 'application/x-x509-user-cert'
else:
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
if browser_name=='MSIE' and cert_type=='user':
import vbs, charset
htmlbase.PrintHeader('Install certificate')
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(string.strip(entry[DB_name]),entry[DB_serial],strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))),cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
sys.stdout.flush()
sys.stdout.write('Content-type: %s\n\n' % mimetype)
if cert_format=='der':
sys.stdout.write(certhelper.pem2der(cert))
elif cert_format=='pem':
pem_type = {0:'CERTIFICATE',1:'CRL'}[cert_type=='crl']
def PrintSecInfo(acceptedciphers,
valid_dn_regex='',
valid_idn_regex='',
f=sys.stdout):
seclevel = SecLevel(acceptedciphers, valid_dn_regex, valid_idn_regex)
f.write(
"""<h3>Security level</h3><p>Current security level is: <strong>%d</strong></p>
<table cellspacing=5%%>
<tr>
<td align=center width=10%%>0</td>
<td>no encryption at all</td>
</tr>
<tr>
<td align=center>1</td>
<td>Session is encrypted with SSL and cipher is accepted</td>
</tr>
<tr>
<td align=center>2</td>
<td>Client presented valid certificate,<br>
the DN of the certified object matches "<CODE>%s</CODE>"<br>
and the DN of the certifier matches "<CODE>%s</CODE>"</td>
</tr>
</table>
""" % (seclevel, valid_dn_regex, valid_idn_regex))
if seclevel >= 1:
SSL_CIPHER_ALGKEYSIZE = os.environ.get(
'SSL_CIPHER_ALGKEYSIZE',
os.environ.get(
'HTTPS_KEYSIZE',
os.environ.get('SSL_KEYSIZE',
os.environ.get('SSL_SERVER_KEY_SIZE', ''))))
SSL_CIPHER_EXPORT = os.environ.get(
'SSL_CIPHER_EXPORT',
os.environ.get('HTTPS_EXPORT', os.environ.get('SSL_EXPORT', '')))
SSL_CIPHER = os.environ.get('SSL_CIPHER',
os.environ.get('HTTPS_CIPHER', ''))
SSL_CIPHER_USEKEYSIZE = os.environ.get(
'SSL_CIPHER_USEKEYSIZE',
os.environ.get('HTTPS_SECRETKEYSIZE',
os.environ.get('SSL_SECKEYSIZE', '')))
SSL_SERVER_S_DN = os.environ.get('SSL_SERVER_S_DN',
os.environ.get('SSL_SERVER_DN', ''))
SSL_SERVER_I_DN = os.environ.get('SSL_SERVER_I_DN',
os.environ.get('SSL_SERVER_IDN', ''))
f.write(
"""You connected with cipher <strong>%s</strong>, key size <strong>%s Bit</strong>, actually used key size <strong>%s Bit</strong>.<p>
<h3>Server certificate</h3>
<table summary="Server certificate">
<tr>
<td>
<dl>
<dt>This certificate belongs to:</dt>
<dd>%s</dd>
</dl>
</td>
<td>
<dl>
<dt>This certificate was issued by:</dt>
<dd>%s</dd>
</dl>
</td>
</tr>
</table>
""" % (SSL_CIPHER, SSL_CIPHER_ALGKEYSIZE, SSL_CIPHER_USEKEYSIZE,
string.join(string.split(charset.asn12html4(SSL_SERVER_S_DN), '/'),
'<br>'),
string.join(string.split(charset.asn12html4(SSL_SERVER_I_DN), '/'),
'<br>')))
if seclevel >= 2:
SSL_CLIENT_I_DN = os.environ.get('SSL_CLIENT_I_DN',
os.environ.get('SSL_CLIENT_IDN', ''))
SSL_CLIENT_S_DN = os.environ.get('SSL_CLIENT_S_DN',
os.environ.get('SSL_CLIENT_DN', ''))
f.write("""<h3>Your client certificate</h3>
<table summary="Client certificate">
<tr>
<td>
<dl>
<dt>This certificate belongs to:</dt>
<dd>%s</dd>
</dl>
</td>
<td>
<dl>
<dt>This certificate was issued by:</dt>
<dd>%s</dd>
</dl>
</td>
</tr>
</table>
""" % (string.join(string.split(charset.asn12html4(SSL_CLIENT_S_DN), '/'),
'<br>'),
string.join(string.split(charset.asn12html4(SSL_CLIENT_I_DN), '/'),
'<br>')))
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
# Does the certificate file exist?
if not os.path.isfile(certfilename):
htmlbase.PrintErrorMsg('Certificate file not found.')
sys.exit(0)
if cert_type=='crl':
htmlbase.PrintHeader('View CRL')
htmlbase.PrintHeading('View CRL')
crl = openssl.cert.CRLClass(certfilename)
issuerdatalist = []
for attr in openssl.cert.X509v1_certattrlist:
issuerdatalist.append(string.strip(charset.asn12html4(crl.issuer.get(attr,''))))
print """
<DL>
<DT><STRONG>This CRL was issued by:</STRONG></DT>
<DD>%s</DD>
<DT><STRONG>last updated:</STRONG></DT>
<DD>%s</DD>
<DT><STRONG>next update:</STRONG></DT>
<DD>%s</DD>
</DL>
<P><A HREF="%s%s/%s/crl.crl">Download CRL</A></P>
<HR><FONT SIZE=-1><PRE>
""" % ( \
string.join(issuerdatalist,'<BR>'),
crl.lastUpdate,crl.nextUpdate,
nsBaseUrl,nsGetCertUrl,ca_name