def makeRequest(pubkey, pkey, serv_host, auto = False):
""" create query to the signing on server """
req = X509.Request()
# Seems to default to 0, but we can now set it as well, so just API test
req.set_version(req.get_version())
req.set_pubkey(pkey)
name = X509.X509_Name()
if auto:
c = 'n'
else:
c = raw_input (_("Enter the certificate data manually? y/[n]: "))
# Get HostName
host_name = socket.getfqdn()
list_host_name = host_name.split('.')
result_host_name = list_host_name[0]+"@"+serv_host
# Get username
clVars = DataVars()
clVars.flIniFile()
username = clVars.Get('ur_fullname')
# Get language
lang = clVars.Get('os_locale_locale')[:2]
if c.lower() in ['y', 'yes']:
#if serv_host in host_name:
#host_name = host_name.replace('.'+serv_host, '')
#list_host_name = host_name.split('.')
#result_host_name = \
#list_host_name[len(list_host_name)-1]+"@"+serv_host
#else:
#host_name = socket.getfqdn()
name.CN = raw_input (_('Host Name [%s]: ') %result_host_name)
if name.CN in ['', None]:
name.CN = result_host_name
name.OU = raw_input (_('User Name [%s]: ') %username)
if name.OU in ['', None]:
name.OU = username
name.O = raw_input (_('Organization Name: '))
name.L = raw_input (_('Network address (hostname or IP) [%s]: ')\
%host_name)
name.ST = raw_input (_('City: '))
name.C = raw_input (_('Country (2 characters): [%s]') %lang)
if not name.C:
name.C = lang
else:
name.CN = result_host_name # Имя сертификата (Common Name);
name.OU = username # Название отдела (Organization Unit);
name.O = 'My Company'# Название организации (Organization Name);
name.L = host_name # Название города (Locality Name);
name.ST = 'My State'# Название региона (State Name);
name.C = lang # Двухсимвольный код страны (Country);
req.set_subject_name(name)
ext1 = X509.new_extension('Comment', 'Auto Generated')
extstack = X509.X509_Extension_Stack()
extstack.push(ext1)
req.add_extensions(extstack)
req.sign(pkey, 'md5')
return req
def add_all_ca_cert(self, list_ca_certs):
# so root cert be first, ca after
clVarsCore = DataVarsCore()
clVarsCore.importCore()
clVarsCore.flIniFile()
list_ca_certs.reverse()
system_ca_db = clVarsCore.Get("core.cl_glob_root_cert")
clVars = DataVars()
clVars.flIniFile()
homePath = clVars.Get("ur_home_path")
cl_client_cert_dir = clVarsCore.Get("core.cl_client_cert_dir")
cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath)
root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list")
user_root_cert = clVarsCore.Get("core.cl_user_root_cert")
user_root_cert = user_root_cert.replace("~", homePath)
for cert in list_ca_certs:
if os.path.exists(system_ca_db):
if cert in open(system_ca_db, "r").read():
continue
if os.path.exists(user_root_cert):
if cert in open(user_root_cert, "r").read():
continue
md5 = hashlib.md5()
md5.update(cert)
md5sum = md5.hexdigest()
print "\n================================================="
print "md5sum = ", md5sum
if not os.path.exists(root_cert_md5):
fc = open(root_cert_md5, "w")
fc.close()
filename = None
with open(root_cert_md5) as fd:
t = fd.read()
# for each line
for line in t.splitlines():
# Split string into a words list
words = line.split(" ", 1)
if words[0] == md5sum:
filename = words[1]
if not filename:
certobj = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, cert)
Issuer = certobj.get_issuer().get_components()
for item in Issuer:
if item[0] == "CN":
filename = item[1]
fc = open(root_cert_md5, "a")
fc.write("%s %s\n" % (md5sum, filename))
fc.close()
if not filename:
print _('Field "CN" not found in the certificate!')
return 1
fd = open(os.path.join(cl_client_cert_dir, "ca/", filename), "w")
fd.write(cert)
fd.close()
fa = open(user_root_cert, "a")
fa.write(cert)
fa.close()
print _("filename = "), filename
print _("Certificate added")
else:
print _("The file containing the CA certificate now exists")
get_CRL(cl_client_cert_dir)
