def delete(self, **kwargs):
self.revoked = True
self.status = "revoked"
# Build the RCSP response
rcsp_result = write_verification_message(
self.serial_number,
self.common_name,
"revoked",
self.sha1_fingerprint,
)
#Write it to db
self.rcsp_response = rcsp_result
fn = "%s.json" % (self.serial_number)
#Write it to file
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(rcsp_result))
f.close()
#Upload the RCSP file to S3
s = SimpleS3()
if settings.USE_S3:
url = s.store_in_s3(fn,
fp,
bucket=settings.RCSP_BUCKET,
public=True)
#Calculate the SHA1 fingerprint & write it to a file
digestsha1 = json.dumps(sha.sha1_from_filepath(fp), indent=4)
fn = "%s-sha1.json" % (self.serial_number)
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(digestsha1))
f.close()
#Upload the RCSP SHA! Digest to S3
if settings.USE_S3:
url = s.store_in_s3(fn,
fp,
bucket=settings.RCSPSHA1_BUCKET,
public=True)
#Revoke the cert.
revoke(self)
super(TrustAnchorCertificate, self).save(**kwargs)
def save(self, **kwargs):
if not self.sha256_digest and self.status == "incomplete":
print "We've only just begun...I'm new."
today = datetime.date.today()
self.expiration_date = today + datetime.timedelta(
days=self.expire_days)
result = create_endpoint_certificate(
common_name=self.common_name,
email=self.email,
dns=self.dns,
anchor_dns=self.trust_anchor.dns,
expires=self.expire_days,
organization=self.organization,
city=self.city,
state=self.state,
country=self.country,
rsakey=self.rsa_keysize,
user=self.trust_anchor.owner.username,
public_key_path=self.trust_anchor.public_key_path,
private_key_path=self.trust_anchor.private_key_path,
completed_anchor_dir=self.trust_anchor.completed_dir_path)
sha256_digest = result['sha256_digest']
self.serial_number = result['serial_number']
self.sha1_fingerprint = result['sha1_fingerprint']
self.notes = result['notes']
self.private_zip_name = result['anchor_zip_download_file_name']
self.status = result['status']
self.completed_dir_path = result['completed_dir_path']
self.public_key_path = result['public_key_path']
#send the verifier an email notification
msg = """
<html>
<head>
</head>
<body>
A new Direct Domain Bound certificate was created by %s and requires your review.
Here is a link:
<ul>
<li><a href="https://console.directca.org/admin/certificates/domainboundcertificate/%s">%s</a></li>
</ul>
</body>
</html>
""" % (
self.organization,
self.id,
self.domain,
)
if settings.SEND_CA_EMAIL:
msg = EmailMessage(
'[DirectCA]A new Domain-Bound Certificate requires verification',
msg, settings.EMAIL_HOST_USER, [
settings.CA_VERIFIER_EMAIL,
])
msg.content_subtype = "html" # Main content is now text/html
msg.send()
super(DomainBoundCertificate, self).save(**kwargs)
return
if self.verified and not self.verified_message_sent and \
self.status in ('unverified', 'good'):
print "VERIFY ----------------------------"
""" Mark the certificate as verified"""
self.verified = True
self.status = "good"
# RCSP ------------------------------------------------------------
rcsp_result = write_verification_message(
self.serial_number,
self.common_name,
"good",
self.sha1_fingerprint,
)
#Write it to db
self.rcsp_response = rcsp_result
#set the filename
fn = "%s.json" % (self.serial_number)
#Write it to file
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(rcsp_result))
f.close()
#Upload the RCSP file to S3
s = SimpleS3()
if settings.USE_S3:
self.public_cert_status_url = s.store_in_s3(
fn, fp, bucket=settings.RCSP_BUCKET, public=True)
self.public_cert_status_url = s.build_pretty_url(
self.public_cert_status_url, settings.RCSP_BUCKET)
#JOSE -------------------------------------------------------------
#get all the files
certfilelist = [
settings.CA_PUBLIC_CERT, self.trust_anchor.public_key_path,
self.public_key_path
]
fn = "%s-chain.pem" % (self.dns)
chained_cert_path = os.path.join(self.completed_dir_path, fn)
certlist = chain_keys_in_list(chained_cert_path, certfilelist)
#write the json
x5c_json = write_x5c_message(self.email, certlist)
# set the filename ------------------------------------------------
fn = "%s-x5c.json" % (self.serial_number)
# Write it to file ------------------------------------------------
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(x5c_json))
f.close()
#Upload the x5c file to S3
s = SimpleS3()
if settings.USE_S3:
key = "x5c/" + fn
self.public_cert_x5c_url = s.store_in_s3(
key, fp, bucket=settings.X5C_BUCKET, public=True)
self.public_cert_x5c_url = s.build_pretty_url(
self.public_cert_x5c_url, settings.X5C_BUCKET)
#Calculate the SHA1 fingerprint & write it to a file
digestsha1 = json.dumps(sha.sha1_from_filepath(fp), indent=4)
fn = "%s-sha1.json" % (self.serial_number)
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(digestsha1))
f.close()
#Upload the RCSP SHA! Digest to S3
if settings.USE_S3:
self.public_cert_status_sha1_url = s.store_in_s3(
fn, fp, bucket=settings.RCSPSHA1_BUCKET, public=True)
#Upload the PEM and DER public certificates
fn = "%s.pem" % (self.dns)
key = "%s/%s/endpoints/%s" % (self.trust_anchor.owner.username,
self.trust_anchor.dns, fn)
fp = os.path.join(self.completed_dir_path, fn)
if settings.USE_S3:
self.public_cert_pem_url = s.store_in_s3(
key, fp, bucket=settings.PUBCERT_BUCKET, public=True)
self.public_cert_pem_url = s.build_pretty_url(
self.public_cert_pem_url, settings.PUBCERT_BUCKET)
self.public_cert_pem_s3 = json.dumps({
"bucket": settings.PUBCERT_BUCKET,
"key": key
})
fn = "%s.der" % (self.dns)
key = "%s/%s/%s" % (self.trust_anchor.owner.username, self.dns, fn)
fp = os.path.join(self.completed_dir_path, fn)
#print "S3 --------------------", key, fp
if settings.USE_S3:
self.public_cert_der_url = s.store_in_s3(
key, fp, bucket=settings.PUBCERT_BUCKET, public=True)
self.public_cert_der_url = s.build_pretty_url(
self.public_cert_der_url, settings.PUBCERT_BUCKET)
self.public_cert_der_s3 = json.dumps({
"bucket": settings.PUBCERT_BUCKET,
"key": key
})
#Send the zip file and expire in one week
fp = os.path.join(self.completed_dir_path, self.private_zip_name)
key = str(self.private_zip_name)
if settings.USE_S3:
url = s.store_in_s3(key, fp, bucket=settings.PRIVCERT_BUCKET)
self.presigned_zip_url = s.get_presignedurl(
key, bucket=settings.PRIVCERT_BUCKET)
self.presigned_zip_s3 = json.dumps({
"bucket": settings.PRIVCERT_BUCKET,
"key": key
})
#send the verification email.
msg = """
<html>
<head>
</head>
<body>
Congratulations. Your domain bound certificate has been verified.
Below are links to your public certificates and related status information.
Please login into <a href="https://console.directca.org">console.directca.org</a>
to retrieve your private certificates for this domain.
<ul>
<li><a href="%s">PEM File - %s </a></li>
<li><a href="%s">DER File - %s </a></li>
<li><a href="%s">Status - %s </a></li>
<li><a href="%s">Status SHA1 Digest - %s </a></li>
<li><a href="%s">Certificate chain in JOSE x5c format - %s </a></li>
</ul>
<p>For security purposes you must
<a href="https://console.directca.org">login</a> and download the
private certificates within 72 hours of this email.
</p>
</body>
</html>
""" % (
self.public_cert_pem_url,
self.public_cert_pem_url,
self.public_cert_der_url,
self.public_cert_der_url,
self.public_cert_status_url,
self.public_cert_status_url,
self.public_cert_status_sha1_url,
self.public_cert_status_sha1_url,
self.public_cert_x5c_url,
self.public_cert_x5c_url,
)
if settings.SEND_CA_EMAIL:
msg = EmailMessage(
'[DirectCA]Your Domain-Bound Certificate has been verified',
msg, settings.EMAIL_HOST_USER,
[self.trust_anchor.owner.email, self.contact_email])
msg.content_subtype = "html" # Main content is now text/html
msg.send()
#send the verification email.
self.verified_message_sent = True
super(DomainBoundCertificate, self).save(**kwargs)
return
if self.revoke and self.status != "revoked":
self.revoke = True
self.status = "revoked"
# Get the response
rcsp_result = write_verification_message(
self.serial_number,
self.common_name,
"revoked",
self.sha1_fingerprint,
)
#Write it to db
self.rcsp_response = rcsp_result
fn = "%s.json" % (self.serial_number)
#Write it to file
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(rcsp_result))
f.close()
#Upload the RCSP file to S3
s = SimpleS3()
if settings.USE_S3:
url = s.store_in_s3(fn,
fp,
bucket=settings.RCSP_BUCKET,
public=True)
#Calculate the SHA1 fingerprint & write it to a file
digestsha1 = json.dumps(sha.sha1_from_filepath(fp), indent=4)
fn = "%s-sha1.json" % (self.serial_number)
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(digestsha1))
f.close()
#Upload the RCSP SHA! Digest to S3
if settings.USE_S3:
url = s.store_in_s3(fn,
fp,
bucket=settings.RCSPSHA1_BUCKET,
public=True)
#Delete all the old files:
#PEM, DIR, ZIP
if self.presigned_zip_s3:
s3info = json.loads(self.presigned_zip_s3)
self.presigned_zip_url = s.delete_in_s3(
s3info['bucket'],
s3info['key'],
)
if self.public_cert_der_s3:
s3info = json.loads(self.public_cert_der_s3)
self.public_cert_der_url = s.delete_in_s3(
s3info['bucket'],
s3info['key'],
)
if self.public_cert_pem_s3:
s3info = json.loads(self.public_cert_pem_s3)
self.public_cert_pem_url = s.delete_in_s3(
s3info['bucket'],
s3info['key'],
)
# Now perform the revcation on our index and delete old files.
revoke_from_anchor(self)
revoke(self)
super(DomainBoundCertificate, self).save(**kwargs)
def save(self, **kwargs):
if not self.sha256_digest and self.revoke == False:
"""I'm a new certificate"""
today = datetime.date.today()
self.expiration_date = today + datetime.timedelta(
days=self.expire_days)
result = create_trust_anchor_certificate(
common_name=self.common_name,
email=self.email,
dns=self.dns,
expires=self.expire_days,
organization=self.organization,
city=self.city,
state=self.state,
country=self.country,
rsakey=self.rsa_keysize,
user=self.owner.username)
self.sha256_digest = result['sha256_digest']
self.serial_number = result['serial_number']
self.sha1_fingerprint = result['sha1_fingerprint']
self.notes = result['notes']
self.private_zip_name = result['anchor_zip_download_file_name']
self.status = result['status']
self.private_key_path = result['private_key_path']
self.public_key_path = result['public_key_path']
self.completed_dir_path = result['completed_dir_path']
#send the verifier an email notification
msg = """
<html>
<head>
</head>
<body>
A new Direct Trust Anchor was created by %s and requires your review.
Here is a link for the domain %s:
<ul>
<li><a href="/admin/certificates/trustanchorcertificate/%s">%s</a></li>
</ul>
</body>
</html>
""" % (self.organization, self.domain, self.id, self.domain)
if settings.SEND_CA_EMAIL:
msg = EmailMessage(
'[DirectCA]A new Trust Anchor certificate requires verification',
msg, settings.EMAIL_HOST_USER, [
settings.CA_VERIFIER_EMAIL,
])
msg.content_subtype = "html" # Main content is now text/html
msg.send()
# Create the CRL config file
crl_result = create_crl_conf(
common_name=self.common_name,
email=self.email,
dns=self.dns,
anchor_dns=self.dns,
expires=self.expire_days,
organization=self.organization,
city=self.city,
state=self.state,
country=self.country,
rsakey=self.rsa_keysize,
user=self.owner.username,
public_key_path=result['public_key_path'],
private_key_path=result['private_key_path'],
completed_anchor_dir=result['completed_dir_path'])
return super(TrustAnchorCertificate, self).save(**kwargs)
if self.verified and not self.verified_message_sent and \
self.status in ('unverified', 'good'):
"""This is the verify routine"""
self.status = "good"
# Get the response
rcsp_result = write_verification_message(
self.serial_number,
self.common_name,
"good",
self.sha1_fingerprint,
)
#Write it to db
self.rcsp_response = rcsp_result
fn = "%s.json" % (self.serial_number)
#Write it to file
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(rcsp_result))
f.close()
#Upload the RCSP file to S3
if settings.USE_S3:
s = SimpleS3()
self.public_cert_status_url = s.store_in_s3(
fn, fp, bucket=settings.RCSP_BUCKET, public=True)
self.public_cert_status_url = s.build_pretty_url(
self.public_cert_status_url, settings.RCSP_BUCKET)
#"JOSE -------------------------------------------------------------"
#get all the files
certfilelist = [settings.CA_PUBLIC_CERT, self.public_key_path]
fn = "%s-chain.pem" % (self.dns)
chained_cert_path = os.path.join(self.completed_dir_path, fn)
certlist = chain_keys_in_list(chained_cert_path, certfilelist)
#write the json
x5c_json = write_x5c_message(self.email, certlist)
# set the filename ------------------------------------------------
fn = "%s-x5c.json" % (self.serial_number)
# Write it to file ------------------------------------------------
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(x5c_json))
f.close()
#Upload the x5c file to S3
s = SimpleS3()
if settings.USE_S3:
key = "x5c/" + fn
self.public_cert_x5c_url = s.store_in_s3(
key, fp, bucket=settings.X5C_BUCKET, public=True)
self.public_cert_x5c_url = s.build_pretty_url(
self.public_cert_x5c_url, settings.X5C_BUCKET)
#Calculate the SHA1 fingerprint & write it to a file
digestsha1 = json.dumps(sha.sha1_from_filepath(fp), indent=4)
fn = "%s-sha1.json" % (self.serial_number)
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(digestsha1))
f.close()
#Upload the RCSP SHA! Digest to S3
if settings.USE_S3:
self.public_cert_status_sha1_url = s.store_in_s3(
fn, fp, bucket=settings.RCSPSHA1_BUCKET, public=True)
self.public_cert_status_sha1_url = s.build_pretty_url(
self.public_cert_status_sha1_url, settings.RCSPSHA1_BUCKET)
#Upload the PEM and DER public certificates
fn = "%s.pem" % (self.dns)
key = "%s/%s/%s" % (self.owner.username, self.dns, fn)
fp = os.path.join(self.completed_dir_path, fn)
if settings.USE_S3:
self.public_cert_pem_url = s.store_in_s3(
key, fp, bucket=settings.PUBCERT_BUCKET, public=True)
self.public_cert_pem_url = s.build_pretty_url(
self.public_cert_pem_url, settings.PUBCERT_BUCKET)
self.public_cert_pem_s3 = json.dumps({
"bucket": settings.PUBCERT_BUCKET,
"key": key
})
fn = "%s.der" % (self.dns)
key = "%s/%s/%s" % (self.owner.username, self.dns, fn)
fp = os.path.join(self.completed_dir_path, fn)
if settings.USE_S3:
self.public_cert_der_url = s.store_in_s3(
key, fp, bucket=settings.PUBCERT_BUCKET, public=True)
self.public_cert_der_url = s.build_pretty_url(
self.public_cert_der_url, settings.PUBCERT_BUCKET)
self.public_cert_der_s3 = json.dumps({
"bucket": settings.PUBCERT_BUCKET,
"key": key
})
#Send the zip file and expire in one week
fn = self.private_zip_name
fp = os.path.join(self.completed_dir_path, self.private_zip_name)
key = "%s/%s/%s" % (self.owner.username, self.dns, fn)
if settings.USE_S3:
self.presigned_zip_url = s.store_in_s3(
key, fp, bucket=settings.PUBCERT_BUCKET, public=True)
self.presigned_zip_url = s.build_pretty_url(
self.presigned_zip_url, settings.PUBCERT_BUCKET)
#We dont need this for trust anchos since there is no private key give.
#self.presigned_zip_url = s.get_presignedurl(key, bucket = settings.PRIVCERT_BUCKET)
self.presigned_zip_s3 = json.dumps({
"bucket": settings.PUBCERT_BUCKET,
"key": key
})
""" Mark th certificate as verified """
self.verified = True
#send the verification email.
msg = """
<html>
<head>
</head>
<body>
Congratulations. Your trust anchor has for %s been verified.
Here are some links to your public certificates and related status
information.
<ul>
<li><a href="%s">PEM File - %s</a></li>
<li><a href="%s">DER File - %s</a></li>
<li><a href="%s">Status - %s</a></li>
<li><a href="%s">Status SHA1 Digest - %s</a></li>
<li><a href="%s">Certificate Chain in JOSE x5c Format - %s</a></li>
</ul>
</body>
</html>
""" % (self.domain, self.public_cert_pem_url,
self.public_cert_pem_url, self.public_cert_der_url,
self.public_cert_der_url, self.public_cert_status_url,
self.public_cert_status_url,
self.public_cert_status_sha1_url,
self.public_cert_status_sha1_url, self.public_cert_x5c_url,
self.public_cert_x5c_url)
if settings.SEND_CA_EMAIL:
msg = EmailMessage(
'[DirectCA]Your Trust Anchor Certificate has been verified',
msg, settings.EMAIL_HOST_USER,
[self.owner.email, self.contact_email])
msg.content_subtype = "html" # Main content is now text/html
msg.send()
self.verified_message_sent = True
if self.revoke and self.status != "revoked":
self.status = "revoked"
# Build the RCSP response
# Get the status
self.rcsp_response = write_verification_message(
self.serial_number,
self.common_name,
"revoked",
self.sha1_fingerprint,
)
fn = "%s.json" % (self.serial_number)
#Write it to file
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(self.rcsp_response))
f.close()
#Upload the RCSP file to S3
if settings.USE_S3:
s = SimpleS3()
url = s.store_in_s3(fn,
fp,
bucket=settings.RCSP_BUCKET,
public=True)
#Calculate the SHA1 fingerprint & write it to a file
digestsha1 = json.dumps(sha.sha1_from_filepath(fp), indent=4)
fn = "%s-sha1.json" % (self.serial_number)
fp = os.path.join(self.completed_dir_path, fn)
f = open(fp, "w")
f.write(str(digestsha1))
f.close()
if settings.USE_S3:
#Upload the RCSP SHA! Digest to S3
url = s.store_in_s3(fn,
fp,
bucket=settings.RCSPSHA1_BUCKET,
public=True)
#Delete all the old files:
#PEM, DIR, ZIP
if self.presigned_zip_s3:
s3info = json.loads(self.presigned_zip_s3)
self.presigned_zip_url = s.delete_in_s3(
s3info['bucket'],
s3info['key'],
)
if self.public_cert_der_s3:
s3info = json.loads(self.public_cert_der_s3)
self.public_cert_der_url = s.delete_in_s3(
s3info['bucket'],
s3info['key'],
)
if self.public_cert_pem_s3:
s3info = json.loads(self.public_cert_pem_s3)
self.public_cert_pem_url = s.delete_in_s3(
s3info['bucket'],
s3info['key'],
)
#revoke the cert
revoke(self)
super(TrustAnchorCertificate, self).save(**kwargs)
