def handle(self, *args, **options):
role = options['role']
if role not in ROLES:
self.stdout.write(self.style.ERROR('Invalid role: %s' % role))
self.stdout.write('Valid roles: %s' % ', '.join(ROLES))
return
alt_names = []
for alt_name in options['altNames']:
kind, sep, value = alt_name.partition(':')
if sep != ':' or kind not in dict(ALT_TYPES):
self.stdout.write(
self.style.ERROR(
'Altname %s must be of form KIND:VALUE with KIND one of %s'
% (alt_name, ', '.join(ALT_TYPES))))
return
alt_names.append((kind, value))
for key in 'cert', 'key', 'ssh', 'ca', 'pubssh', 'pubkey':
if not options[key]:
continue
try:
with open(options[key], 'wb') as fd:
fd.write(b'')
except OSError:
self.stdout.write(
self.style.ERROR('Unable to write file: %s' %
options[key]))
return
entry = CertificateEntry(
options['commonName'],
organizationalUnitName=options['organizationalUnitName'],
emailAddress=options['emailAddress'],
localityName=options['localityName'],
countryName=options['countryName'],
stateOrProvinceName=options['stateOrProvinceName'],
altNames=alt_names,
role=role)
pki = PKI()
pki.initialize()
if options['initialize']:
pki.ensure_ca(entry)
else:
pki.ensure_certificate(entry)
ca_crt_path, ca_key_path = pki.get_subca_infos(entry)
for key, attr in (
('cert', 'crt_filename'),
('key', 'key_filename'),
('ssh', 'key_filename'),
('ca', 'ca_filename'),
('pubssh', 'ssh_filename'),
('pubkey', 'pub_filename'),
):
dst_filename = options[key]
if not dst_filename:
continue
if key == 'ca':
open(dst_filename, 'ab').write(open(ca_crt_path, 'rb').read())
src_filename = getattr(entry, attr)
open(dst_filename, 'ab').write(open(src_filename, 'rb').read())
self.stdout.write('File %s written' % dst_filename)
def setUpClass(cls):
TestCase.setUpClass()
pki = PKI()
pki.initialize()
entry = CertificateEntry(cls.domain_name, organizationalUnitName='certificates', emailAddress=settings.PENATES_EMAIL_ADDRESS,
localityName=settings.PENATES_LOCALITY, countryName=settings.PENATES_COUNTRY, stateOrProvinceName=settings.PENATES_STATE,
altNames=[], role=CA)
pki.ensure_ca(entry)
def setUpClass(cls):
TestCase.setUpClass()
pki = PKI()
pki.initialize()
entry = CertificateEntry(cls.domain_name,
organizationalUnitName='certificates',
emailAddress=settings.PENATES_EMAIL_ADDRESS,
localityName=settings.PENATES_LOCALITY,
countryName=settings.PENATES_COUNTRY,
stateOrProvinceName=settings.PENATES_STATE,
altNames=[],
role=CA)
pki.ensure_ca(entry)
def handle(self, *args, **options):
role = options['role']
if role not in ROLES:
self.stdout.write(self.style.ERROR('Invalid role: %s' % role))
self.stdout.write('Valid roles: %s' % ', '.join(ROLES))
return
alt_names = []
for alt_name in options['altNames']:
kind, sep, value = alt_name.partition(':')
if sep != ':' or kind not in dict(ALT_TYPES):
self.stdout.write(self.style.ERROR('Altname %s must be of form KIND:VALUE with KIND one of %s' % (alt_name, ', '.join(ALT_TYPES))))
return
alt_names.append((kind, value))
for key in 'cert', 'key', 'ssh', 'ca', 'pubssh', 'pubkey':
if not options[key]:
continue
try:
with open(options[key], 'wb') as fd:
fd.write(b'')
except OSError:
self.stdout.write(self.style.ERROR('Unable to write file: %s' % options[key]))
return
entry = CertificateEntry(options['commonName'],
organizationalUnitName=options['organizationalUnitName'],
emailAddress=options['emailAddress'],
localityName=options['localityName'],
countryName=options['countryName'],
stateOrProvinceName=options['stateOrProvinceName'],
altNames=alt_names,
role=role)
pki = PKI()
pki.initialize()
if options['initialize']:
pki.ensure_ca(entry)
else:
pki.ensure_certificate(entry)
ca_crt_path, ca_key_path = pki.get_subca_infos(entry)
for key, attr in (('cert', 'crt_filename'), ('key', 'key_filename'), ('ssh', 'key_filename'),
('ca', 'ca_filename'), ('pubssh', 'ssh_filename'), ('pubkey', 'pub_filename'), ):
dst_filename = options[key]
if not dst_filename:
continue
if key == 'ca':
open(dst_filename, 'ab').write(open(ca_crt_path, 'rb').read())
src_filename = getattr(entry, attr)
open(dst_filename, 'ab').write(open(src_filename, 'rb').read())
self.stdout.write('File %s written' % dst_filename)