Пример #1
0
    def __init__(self):
        try:
            q = db_session.query(DBCertificate, DBPrivateKey).join(DBCertificate, DBPrivateKey.certificates).filter(DBCertificate.cert_type == 'mdm.cacert')

            # TODO: support more than one CA depending on MDM context
            cert, pk = q.one()

            # TODO: consider using an Identity?
            self.ca_privkey = RSAPrivateKey.load(str(pk.pem_key))
            self.ca_cert = Certificate.load(str(cert.pem_certificate))
        except NoResultFound:
            # no cacert, let's generate and store one

            self.ca_privkey = RSAPrivateKey()

            # generate csr
            ca_csr = mdm_cacert_csr = CertificateRequest(self.ca_privkey, CN=MDM_CA_CN)

            # create (and self-sign) the CA certificate request
            self.ca_cert = Certificate.cacert_from_req(ca_csr)

            # save CA private key in DB
            db_ca_privkey = DBPrivateKey()
            db_ca_privkey.pem_key = self.ca_privkey.get_pem()

            db_session.add(db_ca_privkey)

            # save certificate
            db_ca_cert = DBCertificate()
            db_ca_cert.cert_type = 'mdm.cacert'
            db_ca_cert.pem_certificate = self.ca_cert.get_pem()

            db_session.add(db_ca_cert)

            # add certificate to private key
            db_ca_privkey.certificates.append(db_ca_cert)

            db_session.commit()
Пример #2
0
    def gen_new_device_identity(self):
        '''Generate a new certificat and key intended for a new MDM payload

        Returns an m2certs.Identity instance.'''

        # TODO: increment CA serial

        # we don't persist the key as it should only be held and used by
        # the client device
        dev_key = RSAPrivateKey()

        dev_csr = CertificateRequest(dev_key, CN=MDM_DEVICE_CN)

        dev_crt = Certificate.cert_from_req_signed_by_cacert(dev_csr, self.ca_cert, self.ca_privkey)

        # save certificate in DB
        db_dev_crt = DBCertificate()
        db_dev_crt.cert_type = 'mdm.device'
        db_dev_crt.pem_certificate = dev_crt.get_pem()
        db_session.add(db_dev_crt)

        db_session.commit()

        return Identity(dev_key, dev_crt)
Пример #3
0
def get_or_generate_web_certificate(cn):
    try:
        q = db_session.query(DBCertificate, DBPrivateKey).join(DBCertificate, DBPrivateKey.certificates).filter(DBCertificate.cert_type == 'mdm.webcrt')
        res = q.first()
        if not res:
            res = q.one()
        db_web_crt, db_web_pk = res
        return (db_web_crt.pem_certificate, db_web_pk.pem_key)
    except NoResultFound:
        web_pk = RSAPrivateKey()

        # generate csr
        web_csr = CertificateRequest(web_pk, CN=cn)

        # create (and self-sign) the web certificate request
        web_crt = Certificate.cacert_from_req(web_csr)

        # save CA private key in DB
        db_web_pk = DBPrivateKey()
        db_web_pk.pem_key = web_pk.get_pem()

        db_session.add(db_web_pk)

        # save certificate
        db_web_crt = DBCertificate()
        db_web_crt.cert_type = 'mdm.webcrt'
        db_web_crt.pem_certificate = web_crt.get_pem()

        db_session.add(db_web_crt)

        # add certificate to private key
        db_web_pk.certificates.append(db_web_crt)

        db_session.commit()

        return (web_crt.get_pem(), web_pk.get_pem())