def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs):
"""Load a CA from one of the preloaded files."""
path = os.path.join(fixtures_dir, '%s.key' % name)
ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent,
**kwargs)
ca.x509 = x509 # calculates serial etc
ca.save()
return ca
def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs):
"""Load a CA from one of the preloaded files."""
path = os.path.join(settings.FIXTURES_DIR, '%s.key' % name)
ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent,
**kwargs)
ca.x509 = x509 # calculates serial etc
ca.save()
return ca
def handle(self, name, key, pem, **options):
if not os.path.exists(ca_settings.CA_DIR): # pragma: no cover
os.makedirs(ca_settings.CA_DIR)
password = options['password']
import_password = options['import_password']
parent = options['parent']
pem_data = pem.read()
key_data = key.read()
crl_url = '\n'.join(options['crl_url'])
ca = CertificateAuthority(name=name,
parent=parent,
issuer_url=options['issuer_url'],
issuer_alt_name=options['issuer_alt_name'],
crl_url=crl_url)
# load public key
try:
pem_loaded = x509.load_pem_x509_certificate(
pem_data, default_backend())
except:
try:
pem_loaded = x509.load_der_x509_certificate(
pem_data, default_backend())
except:
raise CommandError('Unable to load public key.')
ca.x509 = pem_loaded
ca.private_key_path = os.path.join(ca_settings.CA_DIR,
'%s.key' % ca.serial)
# load private key
try:
key_loaded = serialization.load_pem_private_key(
key_data, import_password, default_backend())
except:
try:
key_loaded = serialization.load_der_private_key(
key_data, import_password, default_backend())
except:
raise CommandError('Unable to load private key.')
if password is None:
encryption = serialization.NoEncryption()
else:
encryption = serialization.BestAvailableEncryption(password)
# write private key to file
oldmask = os.umask(247)
pem = key_loaded.private_bytes(encoding=Encoding.PEM,
format=PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=encryption)
with open(ca.private_key_path, 'wb') as key_file:
key_file.write(pem)
os.umask(oldmask)
# Only save CA to database if we loaded all data and copied private key
ca.save()
certs = fixture_data["certs"]
for cert_name, cert_data in sorted(certs.items(),
key=lambda t: (t[1]["type"], t[0])):
if cert_data["type"] == "ca":
if not cert_data["key_filename"]:
continue # CA without private key (e.g. real-world CA)
name = cert_data["name"]
path = "%s.key" % name
with open(
os.path.join(ca_settings.CA_DIR,
cert_data["key_filename"]), "rb") as stream:
pkey = stream.read()
c = CertificateAuthority(name=name, private_key_path=path)
loaded_cas[c.name] = c
else:
if cert_data["cat"] != "generated":
continue # Imported cert
with open(
os.path.join(ca_settings.CA_DIR,
cert_data["csr_filename"]), "r") as stream:
csr = stream.read()
profile = cert_data.get("profile", ca_settings.CA_DEFAULT_PROFILE)
c = Certificate(ca=loaded_cas[cert_data["ca"]],
csr=csr,
profile=profile)
with open(os.path.join(ca_settings.CA_DIR, cert_data["pub_filename"]),
"wb") as stream:
stream.write(nonce_req)
else:
# updating only contrib, so remove existing data
data = {}
# Load data from Sphinx files
if args.generate_contrib:
for filename in os.listdir(os.path.join(_sphinx_dir, "ca")):
name, _ext = os.path.splitext(filename)
with open(os.path.join(_sphinx_dir, "ca", filename), "rb") as stream:
pem = stream.read()
parsed = x509.load_pem_x509_certificate(pem, default_backend())
ca = CertificateAuthority(name=name)
ca.update_certificate(parsed)
update_contrib(data, ca, name, filename)
data[name]["type"] = "ca"
data[name]["pathlen"] = ca.pathlen
for filename in os.listdir(os.path.join(_sphinx_dir, "cert")):
name, _ext = os.path.splitext(filename)
contrib_ca = None
if name in data:
contrib_ca = name
name = "%s-cert" % name
'wb') as stream:
stream.write(nonce_req)
else:
# updating only contrib, so remove existing data
data = {}
# Load data from Sphinx files
if args.generate_contrib:
for filename in os.listdir(os.path.join(_sphinx_dir, 'ca')):
name, _ext = os.path.splitext(filename)
with open(os.path.join(_sphinx_dir, 'ca', filename), 'rb') as stream:
pem = stream.read()
parsed = x509.load_pem_x509_certificate(pem, default_backend())
ca = CertificateAuthority(name=name)
ca.x509 = parsed
update_contrib(data, ca, name, filename)
data[name]['type'] = 'ca'
data[name]['pathlen'] = ca.pathlen
for filename in os.listdir(os.path.join(_sphinx_dir, 'cert')):
name, _ext = os.path.splitext(filename)
contrib_ca = None
if name in data:
contrib_ca = name
name = '%s-cert' % name