def execute(self, argv): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=', 'append', 'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: logger.error(e) self.print_help() sys.exit(1) nicknames = args instance_name = 'pki-tomcat' pkcs12_file = None pkcs12_password = None pkcs12_password_file = None append = False include_trust_flags = True include_key = True include_chain = True for o, a in opts: if o in ('-i', '--instance'): instance_name = a elif o == '--pkcs12-file': pkcs12_file = a elif o == '--pkcs12-password': pkcs12_password = a elif o == '--pkcs12-password-file': pkcs12_password_file = a elif o == '--append': append = True elif o == '--no-trust-flags': include_trust_flags = False elif o == '--no-key': include_key = False elif o == '--no-chain': include_chain = False elif o == '--debug': logging.getLogger().setLevel(logging.DEBUG) elif o in ('-v', '--verbose'): logging.getLogger().setLevel(logging.INFO) elif o == '--help': self.print_help() sys.exit() else: logger.error('Unknown option: %s', o) self.print_help() sys.exit(1) if not pkcs12_file: logger.error('missing output file') self.print_help() sys.exit(1) instance = pki.server.instance.PKIInstance(instance_name) if not instance.is_valid(): logger.error('Invalid instance %s.', instance_name) sys.exit(1) instance.load() if not pkcs12_password and not pkcs12_password_file: pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ') nssdb = instance.open_nssdb() try: nssdb.export_pkcs12( pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, nicknames=nicknames, append=append, include_trust_flags=include_trust_flags, include_key=include_key, include_chain=include_chain) finally: nssdb.close()
def execute(self, argv): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=', 'append', 'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug', 'help' ]) except getopt.GetoptError as e: print('ERROR: ' + str(e)) self.print_help() sys.exit(1) instance_name = 'pki-tomcat' cert_file = None csr_file = None pkcs12_file = None pkcs12_password = None pkcs12_password_file = None append = False include_trust_flags = True include_key = True include_chain = True debug = False for o, a in opts: if o in ('-i', '--instance'): instance_name = a elif o == '--cert-file': cert_file = a elif o == '--csr-file': csr_file = a elif o == '--pkcs12-file': pkcs12_file = a elif o == '--pkcs12-password': pkcs12_password = a elif o == '--pkcs12-password-file': pkcs12_password_file = a elif o == '--append': append = True elif o == '--no-trust-flags': include_trust_flags = False elif o == '--no-key': include_key = False elif o == '--no-chain': include_chain = False elif o in ('-v', '--verbose'): self.set_verbose(True) elif o == '--debug': debug = True elif o == '--help': self.print_help() sys.exit() else: print('ERROR: unknown option ' + o) self.print_help() sys.exit(1) if len(args) < 1: print('ERROR: missing subsystem ID') self.print_help() sys.exit(1) subsystem_name = args[0] if not (cert_file or csr_file or pkcs12_file): print('ERROR: missing output file') self.print_help() sys.exit(1) instance = pki.server.PKIInstance(instance_name) if not instance.is_valid(): print('ERROR: Invalid instance %s.' % instance_name) sys.exit(1) instance.load() subsystem = instance.get_subsystem(subsystem_name) if not subsystem: print('ERROR: No %s subsystem in instance ' '%s.' % (subsystem_name, instance_name)) sys.exit(1) subsystem_cert = None if len(args) >= 2: cert_id = args[1] subsystem_cert = subsystem.get_subsystem_cert(cert_id) if (cert_file or csr_file) and not subsystem_cert: print('ERROR: missing cert ID') self.print_help() sys.exit(1) if cert_file: cert_data = subsystem_cert.get('data', None) if cert_data is None: print("ERROR: Unable to find certificate data for %s" % cert_id) sys.exit(1) cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem') with open(cert_file, 'w') as f: f.write(cert_data) if csr_file: cert_request = subsystem_cert.get('request', None) if cert_request is None: print("ERROR: Unable to find certificate request for %s" % cert_id) sys.exit(1) csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem') with open(csr_file, 'w') as f: f.write(csr_data) if pkcs12_file: if not pkcs12_password and not pkcs12_password_file: pkcs12_password = getpass.getpass( prompt='Enter password for PKCS #12 file: ') nicknames = [] if subsystem_cert: nicknames.append(subsystem_cert['nickname']) else: subsystem_certs = subsystem.find_system_certs() for subsystem_cert in subsystem_certs: nicknames.append(subsystem_cert['nickname']) nssdb = instance.open_nssdb() try: nssdb.export_pkcs12(pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, nicknames=nicknames, append=append, include_trust_flags=include_trust_flags, include_key=include_key, include_chain=include_chain, debug=debug) finally: nssdb.close()
def execute(self, argv): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=', 'append', 'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug', 'help' ]) except getopt.GetoptError as e: print('ERROR: ' + str(e)) self.usage() sys.exit(1) instance_name = 'pki-tomcat' cert_file = None csr_file = None pkcs12_file = None pkcs12_password = None pkcs12_password_file = None append = False include_trust_flags = True include_key = True include_chain = True debug = False for o, a in opts: if o in ('-i', '--instance'): instance_name = a elif o == '--cert-file': cert_file = a elif o == '--csr-file': csr_file = a elif o == '--pkcs12-file': pkcs12_file = a elif o == '--pkcs12-password': pkcs12_password = a elif o == '--pkcs12-password-file': pkcs12_password_file = a elif o == '--append': append = True elif o == '--no-trust-flags': include_trust_flags = False elif o == '--no-key': include_key = False elif o == '--no-chain': include_chain = False elif o in ('-v', '--verbose'): self.set_verbose(True) elif o == '--debug': debug = True elif o == '--help': self.usage() sys.exit() else: self.print_message('ERROR: unknown option ' + o) self.usage() sys.exit(1) if len(args) < 1: print('ERROR: missing cert ID') self.usage() sys.exit(1) cert_id = args[0] if not (cert_file or csr_file or pkcs12_file): print('ERROR: missing output file') self.usage() sys.exit(1) instance = server.PKIInstance(instance_name) if not instance.is_valid(): print('ERROR: Invalid instance %s.' % instance_name) sys.exit(1) instance.load() subsystem_name = None cert_tag = cert_id if cert_id != 'sslserver' and cert_id != 'subsystem': # To avoid ambiguity where cert ID can contain more than 1 _, we limit to one split temp_cert_identify = cert_id.split('_', 1) subsystem_name = temp_cert_identify[0] cert_tag = temp_cert_identify[1] # If cert ID is instance specific, get it from first subsystem if not subsystem_name: subsystem_name = instance.subsystems[0].name subsystem = instance.get_subsystem(subsystem_name) if not subsystem: print('ERROR: No %s subsystem in instance.' '%s.' % (subsystem_name, instance_name)) sys.exit(1) nssdb = instance.open_nssdb() try: cert = subsystem.get_subsystem_cert(cert_tag) if not cert: print('ERROR: missing %s certificate' % cert_id) self.usage() sys.exit(1) if cert_file: if self.verbose: print('Exporting %s certificate into %s.' % (cert_id, cert_file)) cert_data = cert.get('data', None) if cert_data is None: print("ERROR: Unable to find certificate data for %s" % cert_id) sys.exit(1) cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem') with open(cert_file, 'w') as f: f.write(cert_data) if csr_file: if self.verbose: print('Exporting %s CSR into %s.' % (cert_id, csr_file)) cert_request = cert.get('request', None) if cert_request is None: print("ERROR: Unable to find certificate request for %s" % cert_id) sys.exit(1) csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem') with open(csr_file, 'w') as f: f.write(csr_data) if pkcs12_file: if self.verbose: print('Exporting %s certificate and key into %s.' % (cert_id, pkcs12_file)) if not pkcs12_password and not pkcs12_password_file: pkcs12_password = getpass.getpass( prompt='Enter password for PKCS #12 file: ') nicknames = [] nicknames.append(cert['nickname']) nssdb.export_pkcs12(pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, nicknames=nicknames, append=append, include_trust_flags=include_trust_flags, include_key=include_key, include_chain=include_chain, debug=debug) finally: nssdb.close()
def execute(self, argv): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=', 'append', 'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) self.print_help() sys.exit(1) nicknames = args instance_name = 'pki-tomcat' pkcs12_file = None pkcs12_password = None pkcs12_password_file = None append = False include_trust_flags = True include_key = True include_chain = True debug = False for o, a in opts: if o in ('-i', '--instance'): instance_name = a elif o == '--pkcs12-file': pkcs12_file = a elif o == '--pkcs12-password': pkcs12_password = a elif o == '--pkcs12-password-file': pkcs12_password_file = a elif o == '--append': append = True elif o == '--no-trust-flags': include_trust_flags = False elif o == '--no-key': include_key = False elif o == '--no-chain': include_chain = False elif o in ('-v', '--verbose'): self.set_verbose(True) elif o == '--debug': debug = True elif o == '--help': self.print_help() sys.exit() else: print('ERROR: unknown option ' + o) self.print_help() sys.exit(1) if not pkcs12_file: print('ERROR: missing output file') self.print_help() sys.exit(1) instance = pki.server.PKIInstance(instance_name) if not instance.is_valid(): print('ERROR: Invalid instance %s.' % instance_name) sys.exit(1) instance.load() if not pkcs12_password and not pkcs12_password_file: pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ') nssdb = instance.open_nssdb() try: nssdb.export_pkcs12( pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, nicknames=nicknames, append=append, include_trust_flags=include_trust_flags, include_key=include_key, include_chain=include_chain, debug=debug) finally: nssdb.close()
def execute(self, argv): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=', 'append', 'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) self.print_help() sys.exit(1) instance_name = 'pki-tomcat' cert_file = None csr_file = None pkcs12_file = None pkcs12_password = None pkcs12_password_file = None append = False include_trust_flags = True include_key = True include_chain = True debug = False for o, a in opts: if o in ('-i', '--instance'): instance_name = a elif o == '--cert-file': cert_file = a elif o == '--csr-file': csr_file = a elif o == '--pkcs12-file': pkcs12_file = a elif o == '--pkcs12-password': pkcs12_password = a elif o == '--pkcs12-password-file': pkcs12_password_file = a elif o == '--append': append = True elif o == '--no-trust-flags': include_trust_flags = False elif o == '--no-key': include_key = False elif o == '--no-chain': include_chain = False elif o in ('-v', '--verbose'): self.set_verbose(True) elif o == '--debug': debug = True elif o == '--help': self.print_help() sys.exit() else: print('ERROR: unknown option ' + o) self.print_help() sys.exit(1) if len(args) < 1: print('ERROR: missing subsystem ID') self.print_help() sys.exit(1) subsystem_name = args[0] if not (cert_file or csr_file or pkcs12_file): print('ERROR: missing output file') self.print_help() sys.exit(1) instance = pki.server.PKIInstance(instance_name) if not instance.is_valid(): print('ERROR: Invalid instance %s.' % instance_name) sys.exit(1) instance.load() subsystem = instance.get_subsystem(subsystem_name) if not subsystem: print('ERROR: No %s subsystem in instance ' '%s.' % (subsystem_name, instance_name)) sys.exit(1) subsystem_cert = None if len(args) >= 2: cert_id = args[1] subsystem_cert = subsystem.get_subsystem_cert(cert_id) if (cert_file or csr_file) and not subsystem_cert: print('ERROR: missing cert ID') self.print_help() sys.exit(1) if cert_file: cert_data = subsystem_cert.get('data', None) if cert_data is None: print("ERROR: Unable to find certificate data for %s" % cert_id) sys.exit(1) cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem') with open(cert_file, 'w') as f: f.write(cert_data) if csr_file: cert_request = subsystem_cert.get('request', None) if cert_request is None: print("ERROR: Unable to find certificate request for %s" % cert_id) sys.exit(1) csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem') with open(csr_file, 'w') as f: f.write(csr_data) if pkcs12_file: if not pkcs12_password and not pkcs12_password_file: pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ') nicknames = [] if subsystem_cert: nicknames.append(subsystem_cert['nickname']) else: subsystem_certs = subsystem.find_system_certs() for subsystem_cert in subsystem_certs: nicknames.append(subsystem_cert['nickname']) nssdb = instance.open_nssdb() try: nssdb.export_pkcs12( pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, nicknames=nicknames, append=append, include_trust_flags=include_trust_flags, include_key=include_key, include_chain=include_chain, debug=debug) finally: nssdb.close()
def execute(self, argv): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=', 'append', 'no-trust-flags', 'no-key', 'no-chain', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: logger.error(e) self.print_help() sys.exit(1) instance_name = 'pki-tomcat' cert_file = None csr_file = None pkcs12_file = None pkcs12_password = None pkcs12_password_file = None append = False include_trust_flags = True include_key = True include_chain = True for o, a in opts: if o in ('-i', '--instance'): instance_name = a elif o == '--cert-file': cert_file = a elif o == '--csr-file': csr_file = a elif o == '--pkcs12-file': pkcs12_file = a elif o == '--pkcs12-password': pkcs12_password = a elif o == '--pkcs12-password-file': pkcs12_password_file = a elif o == '--append': append = True elif o == '--no-trust-flags': include_trust_flags = False elif o == '--no-key': include_key = False elif o == '--no-chain': include_chain = False elif o == '--debug': logging.getLogger().setLevel(logging.DEBUG) elif o in ('-v', '--verbose'): logging.getLogger().setLevel(logging.INFO) elif o == '--help': self.print_help() sys.exit() else: logger.error('Unknown option: %s', o) self.print_help() sys.exit(1) if len(args) < 1: logger.error('Missing subsystem ID') self.print_help() sys.exit(1) subsystem_name = args[0] if not (cert_file or csr_file or pkcs12_file): logger.error('Missing output file') self.print_help() sys.exit(1) instance = pki.server.instance.PKIServerFactory.create(instance_name) if not instance.exists(): logger.error('Invalid instance %s.', instance_name) sys.exit(1) instance.load() subsystem = instance.get_subsystem(subsystem_name) if not subsystem: logger.error('No %s subsystem in instance %s.', subsystem_name, instance_name) sys.exit(1) subsystem_cert = None if len(args) >= 2: cert_id = args[1] subsystem_cert = subsystem.get_subsystem_cert(cert_id) if (cert_file or csr_file) and not subsystem_cert: logger.error('Missing cert ID') self.print_help() sys.exit(1) if cert_file: cert_data = subsystem_cert.get('data') if cert_data is None: logger.error("Unable to find certificate data for %s", cert_id) sys.exit(1) cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem') with open(cert_file, 'w', encoding='utf-8') as f: f.write(cert_data) if csr_file: cert_request = subsystem_cert.get('request') if cert_request is None: logger.error('Unable to find certificate request for %s', cert_id) sys.exit(1) csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem') with open(csr_file, 'w', encoding='utf-8') as f: f.write(csr_data) if pkcs12_file: if not pkcs12_password and not pkcs12_password_file: pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ') nicknames = [] if subsystem_cert: nicknames.append(subsystem_cert['nickname']) else: subsystem_certs = subsystem.find_system_certs() for subsystem_cert in subsystem_certs: nicknames.append(subsystem_cert['nickname']) nssdb = instance.open_nssdb() try: nssdb.export_pkcs12( pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, nicknames=nicknames, append=append, include_trust_flags=include_trust_flags, include_key=include_key, include_chain=include_chain) finally: nssdb.close()