Exemplo n.º 1
0
    a = AES.new(session_key)
    plaintext = a.decrypt(unhexlify(slcsResp))

    # remove AES padding
    n = ord(plaintext[-1]) # last byte contains number of padding bytes
    if n > AES.block_size or n > len(plaintext):
        raise Exception('invalid padding')
    print plaintext
    try:
        certificate = slcs_handler(StringIO(plaintext[:-n]))
        print "cert = " + str(certificate)
    except SLCSException, e:
        # TODO add error handling
        print "Exception: " + str(e)
        pass
        #return template(simple_page,title='Error - %s' % e.expression, body='<h1>%s</h1><pre>%s</pre>' % (e.expression, e.message))
    username = certificate.get_dn()
    passphrase = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(8)) # Create a passphrase of length = 8
    data = get_base_data(context, request)
    data['username'] = username
    data['passphrase'] = passphrase    
    c = MyProxyClient(hostname='myproxy2.arcs.org.au', port= 7512, serverDN='/C=AU/O=APACGrid/OU=VPAC/CN=myproxy2.arcs.org.au')
    c.put(username, passphrase, certificate, certificate.get_key()._key, lambda *a: '', retrievers='*')

    print "MYPROXY Username = "******"MYPROXY Passphrase  = " + passphrase

    print "URL = " + originURL
    return data

Exemplo n.º 2
0
def process_slcs_token(context, request):
    """
    Creates a SLCS certificate based on a shibboleth auth_token, request and url.
    Uploads SLCS certificate to specified MyProxy. If no such MyProxy exists, creates one with specified details before uploading.
    
    @param request: Data submitted via https POST.
    @requires request:  6 parameters
                            'auth_token'              Shibboleth authentication token as text
                            'dn'                      DN string of request
                            'reqURL'                  URL of SLCS server
                            'myproxy_username'        Desired MyProxy username
                            'myproxy_passphrase'      Desired MyProxy passphrase
                            'elements'                Any extensions to be applied to the certificate
                                                          NOTE: Must be in the the form of:
                                                              [{'name' : <String>, 'critical' : 0=true 1=false, 'value' : <String>}, ..., ...]
                        An example request is below...
                        
                        dn: DC=slcs,DC=bestgrid,DC=org,DC=nz,O=Organisation Name,CN=Contact Name rDJ6f5h1bqDAQ-tKnQx68LWsOjk

                        elements:  [{'critical': False, 'name': 'ExtendedKeyUsage', 'value': 'ClientAuth'}, 
                                    {'critical': True, 'name': 'KeyUsage', 'value': 'DigitalSignature,KeyEncipherment'}, 
                                    {'critical': False, 'name': 'CertificatePolicies', 'value': '1.3.6.1.4.1.31863.1.0.1'}, 
                                    {'critical': False, 'name': 'SubjectAltName', 'value': 'email:[email protected]'}]
                        
                        auth_token: 4F24CEA27F23A47927D92CA89D7F9756E89689A8968CDBB907A8611FB232A768
                        
                        myproxy_username: testuser
                        
                        myproxy_passphrase: pa55w0rd
                        
                        reqURL: https://slcs1.arcs.org.au:443/SLCS/certificate


    """
    post_data = request.POST
    if (post_data.has_key("auth_token") and post_data.has_key("dn") and \
            post_data.has_key("reqURL") and post_data.has_key("elements") and \
            post_data.has_key("myproxy_username") and post_data.has_key("myproxy_passphrase")):
        
        elements = eval(post_data['elements'])
        certreq = CertificateRequest(dn=str(post_data['dn']), extensions=elements)
        certreq.sign()        
        
        data = urlencode({'AuthorizationToken': str(post_data['auth_token']), 'CertificateSigningRequest': repr(certreq)})
        print "token:\n"+str(post_data['auth_token'])
        print "CertSigningRequest:\n"+repr(certreq)
        certResp = urllib2.urlopen(post_data['reqURL'], data)
        
        dom = xml.dom.minidom.parse(certResp)
        status = dom.getElementsByTagName("Status")[0].childNodes[0].data
        if status == 'Error':
            error = dom.getElementsByTagName("Error")[0].childNodes[0].data
            stack = dom.getElementsByTagName("StackTrace")[0].childNodes[0].data
            print stack
            print error
            #raise SLCSException(error, stack)
        
        cert = ''.join([i.data for i in dom.getElementsByTagName("Certificate")[0].childNodes])
        
        certificate = Certificate(str(cert), certreq.get_key())
        
        certFile = open('cert.pem', 'w')
        certFile.writelines(repr(certificate))
        certFile.close()
        
        keyFile = open('cert.key', 'w')
        keyFile.writelines(str(certificate.get_key()))
        keyFile.close()
        
        username = str(post_data['myproxy_username'])
        passphrase = str(post_data['myproxy_passphrase'])
        
        #Upload to MyProxy...
        c = MyProxyClient(hostname='myproxy2.arcs.org.au', port= 7512, serverDN='/C=AU/O=APACGrid/OU=VPAC/CN=myproxy2.arcs.org.au')
        c.put(username, passphrase, certificate, certificate.get_key()._key, lambda *a: '', retrievers='*')
        

        not_before, not_after = certificate.get_times()

        return Response(str(not_before)+"\n"+str(not_after))
    else:
        return Response("Incorrect parameters")