def PrintFound(form, found, cellpadding=2, width=100):
print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding, width)
print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
for i in searchkeys:
print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
print '</TR>'
for ca_name in found.keys():
ca = opensslcnf.getcadata(ca_name)
if ca.isservercert():
certtype = 'server'
else:
certtype = 'email'
for i in found[ca_name]:
print '<TR><TD>%s</TD>' % (ca_name)
if i[DB_type] == DB_TYPE_REV:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
)
elif i[DB_type] == DB_TYPE_EXP:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
elif i[DB_type] == DB_TYPE_VAL:
print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
else:
raise ValueError
dnfield = SplitDN(i[DB_name])
for j in searchkeys:
if dnfield.has_key(j) and dnfield[j]:
if j == "Email":
print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (
dnfield[j], dnfield[j])
else:
print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(
dnfield[j])
else:
print '<TD> </TD>'
print '</TR>'
print '</TABLE>'
return
def PrintFound(form,found,cellpadding=2,width=100):
print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding,width)
print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>'
for i in searchkeys:
print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text)
print '</TR>'
for ca_name in found.keys():
ca = opensslcnf.getcadata(ca_name)
if ca.isservercert():
certtype='server'
else:
certtype='email'
for i in found[ca_name]:
print '<TR><TD>%s</TD>' % (ca_name)
if i[DB_type]==DB_TYPE_REV:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date]))))
)
elif i[DB_type]==DB_TYPE_EXP:
print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
elif i[DB_type]==DB_TYPE_VAL:
print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \
i[DB_serial],
nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial],
nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date]))))
)
else:
raise ValueError
dnfield = SplitDN(i[DB_name])
for j in searchkeys:
if dnfield.has_key(j) and dnfield[j]:
if j=="Email":
print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (dnfield[j],dnfield[j])
else:
print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(dnfield[j])
else:
print '<TD> </TD>'
print '</TR>'
print '</TABLE>'
return
# Mark expired certificates in OpenSSL certificate database
expired_db_entries = ca_db.Expire()
if expired_db_entries:
sys.stdout.write('The following entries were marked as expired:\n')
for db_entry in expired_db_entries:
sys.stdout.write('%s\n' % (charset.asn12iso(db_entry[DB_name])))
# Mark expired certificates in OpenSSL certificate database
expire_treshold=7*86400
expired_db_entries = ca_db.ExpireWarning(expire_treshold)
if expired_db_entries:
sys.stdout.write('The following entries will expire soon:\n')
for db_entry in expired_db_entries:
sys.stdout.write('%s, %s, %s\n' % (
db_entry[DB_serial],
strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(db_entry[DB_exp_date])))),
charset.asn12iso(db_entry[DB_name])
)
)
else:
sys.stderr.write('Warning: CA database file %s not found.\n' % (ca.database))
######################################################################
# Move expired CRLs to archive
######################################################################
if not ca.crl in processed_ca_crls:
if os.path.isfile(ca.crl):
else:
cert = open(certfilename, 'r').read()
mimetype = 'application/x-x509-user-cert'
else:
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
if browser_name == 'MSIE' and cert_type == 'user':
import vbs, charset
htmlbase.PrintHeader('Install certificate')
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(
string.strip(entry[DB_name]), entry[DB_serial],
strftime('%d.%m.%Y',
localtime(mktime(dbtime2tuple(entry[DB_exp_date])))), cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
sys.stdout.flush()
sys.stdout.write('Content-type: %s\n\n' % mimetype)
if cert_format == 'der':
sys.stdout.write(certhelper.pem2der(cert))
sys.stdout.flush()
print '</PRE></FONT>'
htmlbase.PrintFooter()
elif cert_type in ['user', 'email', 'server']:
htmlbase.PrintHeader('View Certificate')
htmlbase.PrintHeading('View Certificate')
cert = openssl.cert.X509CertificateClass(certfilename)
if entry[DB_type] == openssl.db.DB_TYPE_VAL:
statusstr = 'Certificate is valid.'
elif entry[DB_type] == openssl.db.DB_TYPE_REV:
statusstr = 'Certificate revoked since %s.' % (strftime(
'%Y-%m-%d %H:%M',
localtime(mktime(dbtime2tuple(entry[DB_rev_date])))))
elif entry[DB_type] == openssl.db.DB_TYPE_EXP:
statusstr = 'Certificate expired.'
print """
<P>
<DL>
<DT><STRONG>Current status</STRONG>:</DT>
<DD>%s</DD>
</DL>
</P>
%s
</PRE></FONT>
""" % (statusstr, cert.htmlprint())
print """
<P>
<A HREF="%s%s/%s/%s.crt?%s">Download certificate</A>
else:
cert = open(certfilename,'r').read()
mimetype = 'application/x-x509-user-cert'
else:
htmlbase.PrintErrorMsg('Invalid certificate type "%s"' % cert_type)
sys.exit(0)
if browser_name=='MSIE' and cert_type=='user':
import vbs, charset
htmlbase.PrintHeader('Install certificate')
htmlbase.PrintHeading('Install certificate')
print 'Certificate of type <STRONG>%s</STRONG>:<P>' % ca_name
print 'Subject DN: %s<BR>Valid until: %s' % ( \
charset.asn12html4(entry[DB_name]), \
strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))) \
)
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCertInstallCode(string.strip(entry[DB_name]),entry[DB_serial],strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(entry[DB_exp_date])))),cert)
print ' -->\n</SCRIPT>'
htmlbase.PrintFooter()
else:
# Simply write MIME-type and certificate data to stdout
sys.stdout.flush()
sys.stdout.write('Content-type: %s\n\n' % mimetype)
if cert_format=='der':
sys.stdout.write(certhelper.pem2der(cert))
elif cert_format=='pem':
pem_type = {0:'CERTIFICATE',1:'CRL'}[cert_type=='crl']
sys.stdout.write("""-----BEGIN %s-----
sys.stdout.flush()
os.system('%s x509 -inform PEM -in "%s" -noout -text' %(openssl.bin_filename,certfilename))
sys.stdout.flush()
print '</PRE></FONT>'
htmlbase.PrintFooter()
elif cert_type in ['user','email','server']:
htmlbase.PrintHeader('View Certificate')
htmlbase.PrintHeading('View Certificate')
cert = openssl.cert.X509CertificateClass(certfilename)
if entry[DB_type]==openssl.db.DB_TYPE_VAL:
statusstr = 'Certificate is valid.'
elif entry[DB_type]==openssl.db.DB_TYPE_REV:
statusstr = 'Certificate revoked since %s.' % (strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(entry[DB_rev_date])))))
elif entry[DB_type]==openssl.db.DB_TYPE_EXP:
statusstr = 'Certificate expired.'
print """
<P>
<DL>
<DT><STRONG>Current status</STRONG>:</DT>
<DD>%s</DD>
</DL>
</P>
%s
</PRE></FONT>
""" % (statusstr,cert.htmlprint())
print """
<P>
<A HREF="%s%s/%s/%s.crt?%s">Download certificate</A>
PrintUsage('You have to provide the serial number of the certificate you want to revoke.')
ca = opensslcnf.getcadata(ca_name)
sys.stdout.write('Searching database %s for certificate %x...\n' % (ca.database,serial))
ca_db = openssl.db.OpenSSLcaDatabaseClass(ca.database)
result = ca_db.GetEntrybySerial(serial)
if result:
sys.stdout.write("""Found the following certificate:
Serial number: %s
Distinguished Name: %s
""" % (result[DB_serial],charset.asn12iso(result[DB_name])))
if result[DB_type]==DB_TYPE_REV:
sys.stdout.write('Certificate already revoked since %s.\n' % strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(result[DB_rev_date])))))
sys.exit(0)
elif result[DB_type]==DB_TYPE_EXP:
sys.stdout.write('Certificate already expired since %s.\n' % strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(result[DB_exp_date])))))
sys.exit(0)
elif result[DB_type]==DB_TYPE_VAL:
sys.stdout.write('Valid until %s.\n\nRevoke the certificate? (y/n) ' % strftime('%d.%m.%Y',localtime(mktime(dbtime2tuple(result[DB_exp_date])))))
answer = sys.stdin.readline()
if string.lower(string.strip(answer))=='y':
ca_db.Revoke(serial)
sys.stdout.write('Certificate %x in %s marked as revoked.\n' % (serial,ca_name))
# CA's private key present <=> we are on the private CA system
if os.path.isfile(ca.certificate) and os.path.isfile(ca.private_key):
sys.stdout.write('Issue new CRL? (y/n) ')
answer = sys.stdin.readline()
if string.lower(string.strip(answer))=='y':
