def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs):
"""Load a CA from one of the preloaded files."""
path = os.path.join(settings.FIXTURES_DIR, '%s.key' % name)
ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent,
**kwargs)
ca.x509 = x509 # calculates serial etc
ca.save()
return ca
def load_ca(cls, name, x509, enabled=True, parent=None, **kwargs):
"""Load a CA from one of the preloaded files."""
path = os.path.join(fixtures_dir, '%s.key' % name)
ca = CertificateAuthority(name=name, private_key_path=path, enabled=enabled, parent=parent,
**kwargs)
ca.x509 = x509 # calculates serial etc
ca.save()
return ca
def handle(self, name, key, pem, **options):
if not os.path.exists(ca_settings.CA_DIR): # pragma: no cover
os.makedirs(ca_settings.CA_DIR)
password = options['password']
import_password = options['import_password']
parent = options['parent']
pem_data = pem.read()
key_data = key.read()
crl_url = '\n'.join(options['crl_url'])
ca = CertificateAuthority(name=name,
parent=parent,
issuer_url=options['issuer_url'],
issuer_alt_name=options['issuer_alt_name'],
crl_url=crl_url)
# load public key
try:
pem_loaded = x509.load_pem_x509_certificate(
pem_data, default_backend())
except:
try:
pem_loaded = x509.load_der_x509_certificate(
pem_data, default_backend())
except:
raise CommandError('Unable to load public key.')
ca.x509 = pem_loaded
ca.private_key_path = os.path.join(ca_settings.CA_DIR,
'%s.key' % ca.serial)
# load private key
try:
key_loaded = serialization.load_pem_private_key(
key_data, import_password, default_backend())
except:
try:
key_loaded = serialization.load_der_private_key(
key_data, import_password, default_backend())
except:
raise CommandError('Unable to load private key.')
if password is None:
encryption = serialization.NoEncryption()
else:
encryption = serialization.BestAvailableEncryption(password)
# write private key to file
oldmask = os.umask(247)
pem = key_loaded.private_bytes(encoding=Encoding.PEM,
format=PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=encryption)
with open(ca.private_key_path, 'wb') as key_file:
key_file.write(pem)
os.umask(oldmask)
# Only save CA to database if we loaded all data and copied private key
ca.save()
with open(
os.path.join(ca_settings.CA_DIR,
cert_data["csr_filename"]), "r") as stream:
csr = stream.read()
profile = cert_data.get("profile", ca_settings.CA_DEFAULT_PROFILE)
c = Certificate(ca=loaded_cas[cert_data["ca"]],
csr=csr,
profile=profile)
with open(os.path.join(ca_settings.CA_DIR, cert_data["pub_filename"]),
"rb") as stream:
pem = stream.read()
c.update_certificate(
x509.load_pem_x509_certificate(pem, default_backend()))
c.save()
if cert_data["type"] == "ca":
password = cert_data.get("password")
if password is not None:
password = password.encode("utf-8")
c.generate_ocsp_key(password=password)
# create admin user for login
User.objects.create_superuser("user", "*****@*****.**", "nopass")
ok()
# create a chain file for the child
chain = loaded_cas["child"].pub.pem + loaded_cas["root"].pub.pem
chain_path = ca_storage.path(