def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs): """Load a CA from one of the preloaded files.""" path = os.path.join(fixtures_dir, '%s.key' % name) ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent, **kwargs) ca.x509 = x509 # calculates serial etc ca.save() return ca
def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs): """Load a CA from one of the preloaded files.""" path = os.path.join(settings.FIXTURES_DIR, '%s.key' % name) ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent, **kwargs) ca.x509 = x509 # calculates serial etc ca.save() return ca
def handle(self, name, key, pem, **options): if not os.path.exists(ca_settings.CA_DIR): # pragma: no cover os.makedirs(ca_settings.CA_DIR) password = options['password'] import_password = options['import_password'] parent = options['parent'] pem_data = pem.read() key_data = key.read() crl_url = '\n'.join(options['crl_url']) ca = CertificateAuthority(name=name, parent=parent, issuer_url=options['issuer_url'], issuer_alt_name=options['issuer_alt_name'], crl_url=crl_url) # load public key try: pem_loaded = x509.load_pem_x509_certificate( pem_data, default_backend()) except: try: pem_loaded = x509.load_der_x509_certificate( pem_data, default_backend()) except: raise CommandError('Unable to load public key.') ca.x509 = pem_loaded ca.private_key_path = os.path.join(ca_settings.CA_DIR, '%s.key' % ca.serial) # load private key try: key_loaded = serialization.load_pem_private_key( key_data, import_password, default_backend()) except: try: key_loaded = serialization.load_der_private_key( key_data, import_password, default_backend()) except: raise CommandError('Unable to load private key.') if password is None: encryption = serialization.NoEncryption() else: encryption = serialization.BestAvailableEncryption(password) # write private key to file oldmask = os.umask(247) pem = key_loaded.private_bytes(encoding=Encoding.PEM, format=PrivateFormat.TraditionalOpenSSL, encryption_algorithm=encryption) with open(ca.private_key_path, 'wb') as key_file: key_file.write(pem) os.umask(oldmask) # Only save CA to database if we loaded all data and copied private key ca.save()
certs = fixture_data["certs"] for cert_name, cert_data in sorted(certs.items(), key=lambda t: (t[1]["type"], t[0])): if cert_data["type"] == "ca": if not cert_data["key_filename"]: continue # CA without private key (e.g. real-world CA) name = cert_data["name"] path = "%s.key" % name with open( os.path.join(ca_settings.CA_DIR, cert_data["key_filename"]), "rb") as stream: pkey = stream.read() c = CertificateAuthority(name=name, private_key_path=path) loaded_cas[c.name] = c else: if cert_data["cat"] != "generated": continue # Imported cert with open( os.path.join(ca_settings.CA_DIR, cert_data["csr_filename"]), "r") as stream: csr = stream.read() profile = cert_data.get("profile", ca_settings.CA_DEFAULT_PROFILE) c = Certificate(ca=loaded_cas[cert_data["ca"]], csr=csr, profile=profile) with open(os.path.join(ca_settings.CA_DIR, cert_data["pub_filename"]),
"wb") as stream: stream.write(nonce_req) else: # updating only contrib, so remove existing data data = {} # Load data from Sphinx files if args.generate_contrib: for filename in os.listdir(os.path.join(_sphinx_dir, "ca")): name, _ext = os.path.splitext(filename) with open(os.path.join(_sphinx_dir, "ca", filename), "rb") as stream: pem = stream.read() parsed = x509.load_pem_x509_certificate(pem, default_backend()) ca = CertificateAuthority(name=name) ca.update_certificate(parsed) update_contrib(data, ca, name, filename) data[name]["type"] = "ca" data[name]["pathlen"] = ca.pathlen for filename in os.listdir(os.path.join(_sphinx_dir, "cert")): name, _ext = os.path.splitext(filename) contrib_ca = None if name in data: contrib_ca = name name = "%s-cert" % name
'wb') as stream: stream.write(nonce_req) else: # updating only contrib, so remove existing data data = {} # Load data from Sphinx files if args.generate_contrib: for filename in os.listdir(os.path.join(_sphinx_dir, 'ca')): name, _ext = os.path.splitext(filename) with open(os.path.join(_sphinx_dir, 'ca', filename), 'rb') as stream: pem = stream.read() parsed = x509.load_pem_x509_certificate(pem, default_backend()) ca = CertificateAuthority(name=name) ca.x509 = parsed update_contrib(data, ca, name, filename) data[name]['type'] = 'ca' data[name]['pathlen'] = ca.pathlen for filename in os.listdir(os.path.join(_sphinx_dir, 'cert')): name, _ext = os.path.splitext(filename) contrib_ca = None if name in data: contrib_ca = name name = '%s-cert' % name