def do(self, args):
args = self.parser.parse_args(args)
cert = None
if args.dn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.dn)
if not cert:
raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn)
if args.name != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(args.name)
if not cert:
raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name)
if not cert:
raise Exception(_("CLI_NO_DN_NAME_SET_ERROR"))
if cert.isSelfSigned():
if not cert.isCA():
raise Exception(_("CLI_RENEW_SELFSIGN_NOT_IMPLEMENTED"))
cert = cert.renew(cert)
else:
cert = cert.getIssuerCa().renewCertificate(cert, args.validity[0],
args.validity[1])
def do(self, args):
args = self.parser.parse_args(args)
if args.selfsigned:
self.printSelfSigned(args.verbose)
return
cert = None
if args.dn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.dn)
if not cert:
raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn)
if args.name != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(args.name)
if not cert:
raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name)
if cert:
self.printTreeCA(cert, 0, args.verbose)
else:
rootCAList = DBHelper.getInstance().getRootCAList()
if len(rootCAList) == 0:
print _("CLI_LIST_NO_AC_FOUND")
else:
for r in rootCAList:
self.printTreeCA(r, 0, args.verbose)
def do(self, args):
args = self.parser.parse_args(args)
cert = None
if args.dn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.dn)
if not cert:
raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn)
if args.name != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(args.name)
if not cert:
raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name)
if not cert:
raise Exception(_("CLI_NO_DN_NAME_SET_ERROR"))
der = cert.getX509CertDER()
tmpfile = "./%s_cert.der.tmp" % cert.getCacheDN()
f = open(tmpfile, "w")
f.write(der)
f.close()
#FIXME devrait être fait directement avec la libopenssl plutot que via un appel
out = subprocess.check_output(
"openssl x509 -inform der -text -noout -in %s" % tmpfile,
shell=True)
sys.stdout.write(out)
os.remove(tmpfile)
def parseSAN(string):
try:
san, sep, value = string.partition(":")
san = san.lower()
try:
return anssipki.SANFromStr(san), value
except Exception, e:
raise Exception(_("CLI_INVALID_SAN") % san)
except ValueError, e:
raise Exception(_("CLI_INVALID_SAN") % string)
def __init__(self, action=None):
super(CLIShowCertificate, self).__init__(action)
self.parser.add_argument("--name",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--dn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
def __init__(self, action):
super(CLIAttachCA, self).__init__(action)
self.parser.add_argument("--name",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--dn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--in", help=_("CLI_IMPORT_IN_OPTION_HELP"))
def __init__(self, action):
super(CLICreateCRL, self).__init__(action)
self.parser.add_argument("--issuername",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--issuerdn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--out",
help=_("CLI_CREATECRL_OUT_OPTION_HELP"))
def __init__(self, action):
super(CLIRevoke, self).__init__(action)
self.parser.add_argument("--name",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--dn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--reason",
type=str,
action=UniqueAppendAction,
help=_("CLI_REVOKE_REASON_OPTION_HELP")),
def __init__(self, action):
super(CLIRenewCertificate, self).__init__(action)
self.parser.add_argument("--name",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--dn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--validity",
type=parseValidity,
action=UniqueAppendAction,
help=_("CLI_VALIDITY_OPTION_HELP"))
def parseExtendedKeyUsage(string):
res = set()
for ku in string.split(':'):
try:
res.add(anssipki.extendedKeyUsageFromStr(ku))
except Exception, e:
raise Exception(_("CLI_INVALID_EKU") % ku)
def parseTemplate(self, filename, parser, oldargs):
template_filepath = None
for template_dir in Conf.getValue("TEMPLATES_DIR"):
if os.path.exists(template_dir + "/" + filename + ".tpl"):
template_filepath = template_dir + "/" + filename + ".tpl"
if not template_filepath:
raise Exception(_("CLI_TEMPLATE_NOT_FOUND_ERROR") % filename)
args = []
template = ConfigParser.ConfigParser()
with open(template_filepath, "r") as fp:
template.readfp(fp)
if 'PARENT' in template.sections():
for (i, v) in template.items('PARENT'):
if i != 'template':
raise Exception("%s: Invalid key in PARENT section." %
filename)
oldargs = self.parseTemplate(v, parser, oldargs)
# Autorise les templates avec juste une section PARENT, sorte de template 'alias'
if 'CERTIFICATE' not in template.sections():
return args
else:
if 'CERTIFICATE' not in template.sections():
raise Exception(
"Can't find group [CERTIFICATE] in template file : %s" %
filename)
for (i, v) in template.items('CERTIFICATE'):
override = False
for arg in sys.argv:
if arg.find("--" + i) == 0:
override = True
break
if not override:
args.append("--" + i + "=" + v)
return parser.parse_args(args, oldargs)
def do(self, args):
args = self.parser.parse_args(args)
cert = None
if args.dn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.dn)
if not cert:
raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn)
if args.name != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(args.name)
if not cert:
raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name)
if not cert:
raise Exception(_("CLI_NO_DN_NAME_SET_ERROR"))
feedCard(cert)
def do(self, args):
args = self.parser.parse_args(args)
cert = None
if args.issuerdn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.issuerdn)
if not cert:
raise Exception(
_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.issuerdn)
if args.issuername != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(
args.issuername)
if not cert:
raise Exception(
_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.issuername)
if not cert:
raise Exception(_("CLI_NO_DN_NAME_SET_ERROR"))
if not cert.isCA():
raise Exception(_("CLI_DN_CERT_NOT_A_CA_ERROR") % args.issuerdn)
crl = cert.buildCRL()
if args.out != None:
outputFile = args.out
else:
outputFile = "./%s.crl" % cert.getName()
with open(outputFile, "w") as f:
f.write(crl)
print _("CLI_CRL_WRITTEN_TO") % outputFile
def do(self, args):
args = self.parser.parse_args(args)
cert = None
if args.dn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.dn)
if not cert:
raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn)
if args.name != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(args.name)
if not cert:
raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name)
if not cert.isCA():
raise Exception(_("CLI_DN_CERT_NOT_A_CA_ERROR") % cert.getName())
if not cert.isSelfSigned():
raise Exception(
_("CLI_DN_CERT_NOT_SELFSIGNED_ERROR") % cert.getName())
if vars(args)['in'] == None:
raise Exception(_("CLI_IMPORT_NO_IN_ERROR"))
with open(vars(args)['in'], "r") as fp:
der = fp.read()
if not cert.attachCA(der):
raise Exception(_("CLI_ATTACH_ERROR"))
def parseCertPolicy(string):
#FIXME add regex check
policies = {}
for pol in string.split("|"):
oid, sep, cps = pol.partition(":")
if oid in policies:
raise Exception(_("CLI_CERT_POL_OID_REDEFINITION"))
policies[oid] = cps
return policies
def __init__(self, action=None):
super(CLIListCertificates, self).__init__(action)
self.parser.add_argument("--dn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--name",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--verbose",
default=False,
action='store_true',
help="")
self.parser.add_argument("--selfsigned",
default=False,
action='store_true',
help="")
def do(self, args):
args = self.parser.parse_args(args)
# list sign algo
print _("CLI_AVAILABLE_SIGNALGO")
for sa in anssipki.P11Helper.getInstance().listAvailableSignAlgorithms(
):
print "\t", sa
# list templates
print _("CLI_AVAILABLE_TEMPLATES")
for tmpDir in Conf.getValue('TEMPLATES_DIR'):
for tmp in [
f for f in listdir(tmpDir)
if (isfile(join(tmpDir, f)) and f.endswith(".tpl"))
]:
print "\t", tmp[:-4]
template = parseTemplate(tmp[:-4])['values']
for i in template:
print "\t ", i, "=", template[i]
def do(self, args):
args = self.parser.parse_args(args)
cert = None
if args.dn != None:
cert = DBHelper.getInstance().getCertificateFromDN(args.dn)
if not cert:
raise Exception(_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.dn)
if args.name != None:
if cert:
raise Exception(_("CLI_DN_AND_NAME_SET_ERROR"))
cert = DBHelper.getInstance().getCertificateFromName(args.name)
if not cert:
raise Exception(_("CLI_NAME_CERT_NOT_FOUND_ERROR") % args.name)
if cert:
logs = DBHelper.getInstance().getCertLogActions(cert.getDbCertID())
else:
logs = DBHelper.getInstance().getLogActions()
for l in logs:
print l
def __init__(self, action):
super(CLIExportCertificate, self).__init__(action)
self.parser.add_argument("--name", type=parseName, action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--dn", type=parseDN, action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--out",
help=_("CLI_EXPORT_OUT_OPTION_HELP"))
if action == "exportp12" or action == "exportcert":
self.parser.add_argument("--chain", default=False, action='store_true',
help=_("CLI_EXPORT_CHAIN_OPTION_HELP"))
if action == "exportp12":
self.parser.add_argument("--password", action=UniqueAppendAction,
help=_("CLI_EXPORT_PASSWORD_OPTION_HELP"))
self.parser.add_argument("--randpass", default=False, action='store_true',
help=_("CLI_EXPORT_RANDPASS_OPTION_HELP"))
def usage():
print "\t" + ', '.join(
CLICreateCRL.actions) + ": " + _("CLI_CREATECRL_USAGE")
def usage():
print "\t" + ', '.join(
CLIRevoke.actions) + ": " + _("CLI_REVOKE_USAGE")
def parseSignAlgo(string):
if anssipki.SignAlgoStrToP11Mech(string) == 0:
raise Exception(_("CLI_INVALID_SIGN_ALGO") % string)
return string
def parseKeyUsage(string):
res = set()
for ku in string.split(':'):
try:
res.add(anssipki.keyUsageFromStr(ku))
except Exception, e:
raise Exception(_("CLI_INVALID_KU") % ku)
if len(res) == 0: raise Exception(_("CLI_INVALID_KU") % string)
return res
def parseExtendedKeyUsage(string):
res = set()
for ku in string.split(':'):
try:
res.add(anssipki.extendedKeyUsageFromStr(ku))
except Exception, e:
raise Exception(_("CLI_INVALID_EKU") % ku)
if len(res) == 0: raise Exception(_("CLI_INVALID_EKU") % string)
return res
def parseSAN(string):
def __init__(self, action):
super(CLICreateCertificate, self).__init__(action)
self.parser.add_argument("--name",
type=parseName,
action=UniqueAppendAction,
help=_("CLI_NAME_OPTION_HELP"))
self.parser.add_argument("--template",
action=UniqueAppendAction,
help=_("CLI_CREATE_CERT_TEMPLATE_HELP")),
self.parser.add_argument("--dn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_DN_OPTION_HELP"))
self.parser.add_argument("--validity",
type=parseValidity,
action=UniqueAppendAction,
help=_("CLI_VALIDITY_OPTION_HELP"))
self.parser.add_argument("--keysize",
type=int,
action=UniqueAppendAction,
help=_("CLI_KEYSIZE_OPTION_HELP")),
self.parser.add_argument("--keyalgo",
type=parseKeyAlgo,
action=UniqueAppendAction,
help=_("CLI_KEYALGO_OPTION_HELP")),
self.parser.add_argument("--signalgo",
type=parseSignAlgo,
action=UniqueAppendAction,
help=_("CLI_SIGNALGO_OPTION_HELP")),
if action == "createsubca" or action == "createcert":
self.parser.add_argument("--issuerdn",
type=parseDN,
action=UniqueAppendAction,
help=_("CLI_ISSUERDN_OPTION_HELP")),
if action == "createcert":
self.parser.add_argument("--smartcard",
default=False,
action='store_true',
help=_("CLI_SMARTCARD_OPTION_HELP"))
self.parser.add_argument("--selfsigned",
default=False,
action='store_true',
help=_("CLI_SELFSIGNED_OPTION_HELP")),
self.parser.add_argument("--keyusage",
type=parseKeyUsage,
action=UniqueAppendAction,
help=_("CLI_KU_OPTION_HELP")),
self.parser.add_argument("--extkeyusage",
type=parseExtendedKeyUsage,
action=UniqueAppendAction,
help=_("CLI_EKU_OPTION_HELP"))
self.parser.add_argument("--san",
type=parseSAN,
action='append',
help=_("CLI_SAN_OPTION_HELP"))
self.parser.add_argument("--OSSLextension",
type=str,
action='append',
help=_("CLI_OSSLEXT_OPTION_HELP"))
self.parser.add_argument("--certpolicies",
type=parseCertPolicy,
action=UniqueAppendAction,
help=_("CLI_CERTPOL_OPTION_HELP"))
def usage():
print "\t" + ', '.join(
CLIListCertificates.actions) + ": " + _("CLI_LIST_USAGE")
def parseSignAlgo(string):
if anssipki.SignAlgoStrToP11Mech(string) == 0:
raise Exception(_("CLI_INVALID_SIGN_ALGO") % string)
return string
def do(self, args):
args = self.parser.parse_args(args)
createCA = self.action == 'createca'
createSubCA = self.action == 'createsubca'
createCert = self.action == 'createcert'
selfsigned = False
useSmartcard = False
sanOpt = None
osslExtOpt = None
if createCA:
selfsigned = True
if createSubCA:
selfsigned = False
if createCert:
selfsigned = args.selfsigned
useSmartcard = args.smartcard
sanOpt = args.san
osslExtOpt = args.OSSLextension
if args.template:
args = self.parseTemplate(args.template, self.parser, args)
if args.dn == None:
raise Exception(_("CLI_DN_NOT_SET_ERROR"))
if args.validity == None:
raise Exception(_("CLI_VALIDITY_NOT_SET_ERROR"))
if createCert and args.keyusage == None:
raise Exception(_("CLI_KU_NOT_SET_ERROR"))
if (selfsigned or createCA) and args.signalgo == None:
raise Exception(_("CLI_SA_NOT_SET_ERROR"))
if createCert and selfsigned and args.issuerdn != None:
raise Exception(_("CLI_ISSUER_AND_SS_SET_ERROR"))
if not createCA and not selfsigned and args.issuerdn == None:
raise Exception(_("CLI_NO_ISSUER_SET_ERROR"))
if args.keysize == None:
raise Exception(_("CLI_KS_NOT_SET_ERROR"))
if args.keyalgo == None:
raise Exception(_("CLI_KA_NOT_SET_ERROR"))
if createCert and anssipki.KeyCertSign in args.keyusage:
raise Exception(_("CLI_CREATECERT_KCS_KU_SET_ERROR"))
if DBHelper.getInstance().getCertificateFromDN(args.dn) != None:
raise Exception(_("CLI_CERT_DN_ALREADY_EXISTS") % args.dn)
csr = CSR(args.dn, createCA or createSubCA)
csr.setKeyOptions(args.keyalgo, args.keysize, useSmartcard)
if not createCA and not createSubCA and args.keyusage:
for ku in args.keyusage:
csr.setKeyUsage(ku)
if not createCA and not createSubCA and args.extkeyusage:
for ku in args.extkeyusage:
csr.setExtendedKeyUsage(ku)
if sanOpt:
for s, v in sanOpt:
csr.addSubjectAltName(s, v)
if args.certpolicies:
for oid in args.certpolicies:
csr.addCertificatePolicy(oid, args.certpolicies[oid])
if osslExtOpt:
for OSSLextension in osslExtOpt:
csr.addOSSLextension(OSSLextension)
certificate = None
if selfsigned:
certificate = csr.selfSign(args.validity[0], args.validity[1],
args.signalgo)
else:
issuer = DBHelper.getInstance().getCertificateFromDN(args.issuerdn)
if not issuer:
raise Exception(
_("CLI_DN_CERT_NOT_FOUND_ERROR") % args.issuerdn)
if not issuer.isCA():
raise Exception(
_("CLI_DN_CERT_NOT_A_CA_ERROR") % args.issuerdn)
certificate = issuer.signCSR(csr, args.validity[0],
args.validity[1], args.signalgo)
if args.name != None:
DBHelper.getInstance().changeCertificateInternalName(
certificate, args.name)
if not certificate:
raise Exception(_("CLI_CERT_CREATION_ERROR"))
def usage():
print "\t" + "feedcard: %s" % _("CLI_FEEDCARD_USAGE")
def usage():
print "\t" + ', '.join(
CLIRenewCertificate.actions) + ": " + _("CLI_RENEW_USAGE")
def parseKeyAlgo(string):
try:
return anssipki.keyPairAlgoFromStr(string)
except Exception, e:
raise Exception(_("CLI_INVALID_KEY_ALGO") % string)
def usage():
print "\t" + "createca: " + _("CLI_CREATECA_USAGE")
print "\t" + "createsubca: " + _("CLI_CREATESUBCA_USAGE")
print "\t" + "createcert: " + _("CLI_CREATECERT_USAGE")
