def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore, crypto_Error, Connect_Error): flag_thread_start = False cert_name = cert CERT_FILE = os.path.join(path_to_cert, cert_name + '.crt') CERT_KEY = os.path.join(path_to_cert, cert_name + '.key') if not os.path.isfile(CERT_FILE) or not os.path.isfile(CERT_KEY): Connect_Error = 1 return (None, 1, crypto_Error, False, None) client = None bio = M2Crypto.BIO.openfile(CERT_KEY) rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: None) if not rsa: store_passwd = get_password_from_daemon(args.host, args.port, wait_thread) if 'store_passwd' in locals(): key_passwd = store_passwd else: key_passwd = None try: ca_certs = os.path.join(path_to_cert, 'ca/ca_root.crt') client = Client_suds(url, transport=HTTPSClientCertTransport \ (CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd, ca_certs = ca_certs, wait_thread = wait_thread)) if not wait_thread.isAlive(): wait_thread = StoppableThread() flag_thread_start = True wait_thread.start() client.wsdl.services[0].setlocation(url) client.set_parameters (path_to_cert, CERT_FILE, CERT_KEY) wait_thread.stop() client_post_cert(client, clVarsCore) Connect_Error = 0 except VerifyError, e: Connect_Error = 1
except WebFault, f: print _("Exception: %s") %f _print (f.fault) except TransportError, te: print _("Exception: %s") %te except KeyboardInterrupt: wait_thread.stop() red = '\n'+'\033[31m * \033[0m' print red + _("Manually interrupted") except Exception, e: print _("Exception: %s") %e tb.print_exc() wait_thread.stop() try: client = Client_suds(url, \ transport = HTTPSClientCertTransport(None,None, path_to_cert)) client.wsdl.services[0].setlocation(url) server_host_name = client.service.get_server_host_name() if not add_server_hostname(host, path_to_cert, server_host_name): print 'compliance_file write error!' del (client) except urllib2.URLError, e: wait_thread.stop() print '\b' + _('Failed to connect')+':', e return 1 except KeyboardInterrupt: wait_thread.stop() red = '\n'+'\033[31m * \033[0m' print red + _("Manually interrupted") try:
def get_CRL(path_to_cert): print 'update CRL' """ get new CRL (Certificate Revocation List) from all CA """ # local CRL CRL_path = os.path.join(path_to_cert, 'ca/crl/') if not os.path.exists(CRL_path): if not os.path.exists(os.path.join(path_to_cert, 'ca')): if not os.path.exists(path_to_cert): try: os.makedirs(path_to_cert) except OSError: print _("Failed to create directory %s") %path_to_cert raise Exception(1) try: os.makedirs(os.path.join(path_to_cert, 'ca')) except OSError: print _("Failed to create directory %s") \ %(os.path.join(path_to_cert, 'ca')) raise Exception(1) os.makedirs(CRL_path) clVars = DataVarsCore() clVars.importCore() clVars.flIniFile() # user and system ca and root certificates user_root_cert = clVars.Get('core.cl_user_root_cert') homePath = clVars.Get('ur_home_path') user_root_cert = user_root_cert.replace("~",homePath) glob_root_cert = clVars.Get('core.cl_glob_root_cert') if os.path.exists(user_root_cert): user_ca_certs = open(user_root_cert, 'r').read() else: user_ca_certs = '' if os.path.exists(glob_root_cert): glob_ca_certs = open(glob_root_cert, 'r').read() else: glob_ca_certs = '' # get certificates list fron text p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?') user_ca_certs_list = p.findall(user_ca_certs) glob_ca_certs_list = p.findall(glob_ca_certs) # association in one list all_ca_certs_list = user_ca_certs_list + glob_ca_certs_list for ca in all_ca_certs_list: certobj = OpenSSL.crypto.load_certificate \ (OpenSSL.SSL.FILETYPE_PEM, ca) # get url from certificates url = None CN = None Subject = certobj.get_subject().get_components() for subj in Subject: if subj[0] == 'L': url = "https://" + subj[1] +"/?wsdl" if subj[0] == 'CN': CN = subj[1] if url: from client_class import Client_suds from client_class import HTTPSClientCertTransport # connect to ca server (url get from certificates) try: client = Client_suds(url,\ transport = HTTPSClientCertTransport(None, None, \ path_to_cert)) client.set_parameters (path_to_cert, None, None) new_crl = client.service.get_crl() except VerifyError, e: _print (e.value) #rm_ca_from_trusted(ca) raise Exception(1) except: