Exemplo n.º 1
0
 def do_generate(self, line):
     if " " in line and len(line.split(" ")) == 4:
         (proto, port, fqdn, certid) = line.split(" ")
         if proto in ("tcp", "udp"):
             if 1 < int(port) < 65535:
                 if SSL.check_cert_exist(certid):
                     hash = hashlib.sha256(SSL.get_asn_cert_raw(certid)).hexdigest()
                     print "_%s._%s.%s.\tIN\tTLSA\t3 0 1 ( %s )" % (port, proto, fqdn, hash)
                 else:
                     print "*** Certificate does not exist"
             else:
                 print "*** Invalid port number"
         else:
             print "*** Invalid protocol"
     else:
         print "generate <proto> <port> <fqdn> <certid>"
Exemplo n.º 2
0
 def do_cert(self, line):
     if SSL.check_cert_exist(line):
         cert = SSL.get_cert(line)
         keyusage = ["digitalSignature", "nonRepudiation", "keyEncipherment"]
         extendedkeys = ["1.3.6.1.5.5.7.3.9"]
         if SSL.cert_equal_to_key_and_extended_key(cert, keyusage, extendedkeys, strict=False):
             Config().config.set("ocsp", "cert", line)
         else:
             print "Certificate is not valid to use with OCSP Responder"
     else:
         profile = Render.select_profile()
         certid = Render.select_cert(profile=profile)
         Config().config.set("ocsp", "cert", certid)
     if Config().config.getboolean("ocsp", "enable") and len(Config().config.get("ocsp", "cert")) > 0:
         Daemons.start_daemon("ocsp")
     else:
         print "OCSP must be enable and valid certificate for responder must be present"