def do_generate(self, line):
if " " in line and len(line.split(" ")) == 4:
(proto, port, fqdn, certid) = line.split(" ")
if proto in ("tcp", "udp"):
if 1 < int(port) < 65535:
if SSL.check_cert_exist(certid):
hash = hashlib.sha256(SSL.get_asn_cert_raw(certid)).hexdigest()
print "_%s._%s.%s.\tIN\tTLSA\t3 0 1 ( %s )" % (port, proto, fqdn, hash)
else:
print "*** Certificate does not exist"
else:
print "*** Invalid port number"
else:
print "*** Invalid protocol"
else:
print "generate <proto> <port> <fqdn> <certid>"
def do_cert(self, line):
if SSL.check_cert_exist(line):
cert = SSL.get_cert(line)
keyusage = ["digitalSignature", "nonRepudiation", "keyEncipherment"]
extendedkeys = ["1.3.6.1.5.5.7.3.9"]
if SSL.cert_equal_to_key_and_extended_key(cert, keyusage, extendedkeys, strict=False):
Config().config.set("ocsp", "cert", line)
else:
print "Certificate is not valid to use with OCSP Responder"
else:
profile = Render.select_profile()
certid = Render.select_cert(profile=profile)
Config().config.set("ocsp", "cert", certid)
if Config().config.getboolean("ocsp", "enable") and len(Config().config.get("ocsp", "cert")) > 0:
Daemons.start_daemon("ocsp")
else:
print "OCSP must be enable and valid certificate for responder must be present"