Python SSL.get_ca示例

示例#1

文件： ShLdap.py 项目： GaetanF/ManPKI

 def do_test(self, line):
     print LDAP().get_password()
     try:
         if LDAP().check_dn_exist(SSL.get_ca()):
             print "BaseDN : " + LDAP().get_basedn()
             print "Connection and require object successful"
         elif LDAP().check_dn_exist(SSL.get_ca(), depth=1):
             print "Connection successful. Required object need to be created"
         else:
             print "Connection OK. Require Base DN not exist"
     except ldap.CONNECT_ERROR:
         print "Unable to connect"

示例#2

文件： ShCa.py 项目： GaetanF/ManPKI

 def show_ca_detail(self):
     self.show_ca()
     if SSL.check_ca_exist():
         print "##################################################"
         print "### Detail"
         SSL.display_cert(SSL.get_ca())
     else:
         print "Cannot get details. CA not created yet"

示例#3

文件： generate_crl.py 项目： GaetanF/ManPKI

__author__ = 'ferezgaetan'

from Tools import Mailer, SSL

if SSL.generate_crl():
    ca = SSL.get_ca()
    if ca.get_subject().emailAddress:
        mail = Mailer()
        mail.to(ca.get_subject().emailAddress)
        mail.subject("CRL Creation")
        mail.send("CRL file has been created")

示例#4

文件： ShCert.py 项目： GaetanF/ManPKI

    def create_cert(self, profile):
        before = datetime.utcnow()
        after = before + timedelta(days=Config().config.getint("cert", "validity"))

        pkey = SSL.create_key(Config().config.getint("cert", "key_size"))

        ca = SSL.get_ca()
        cert = SSL.create_cert(pkey)
        if Config().config.get("ldap", "enable") and "false" not in Config().config.get("profile_" + profile, "ldap"):
            print "Search in LDAP"
            l = LDAP()
            filter = Config().config.get("profile_" + profile, "ldap")
            res = l.get_dn(l.get_basedn(), filter, ['cn', 'mail', 'uid'])
            listSearch = {}
            users = {}
            for elt in res:
                key = elt[0]
                val = elt[1]['cn'][0]
                mail = None
                if 'mail' in elt[1].keys():
                    mail = elt[1]['mail'][0]
                    val = val + " (mail : " + elt[1]['mail'][0] + ")"
                listSearch.update({key: val})
                users.update({key: {'mail': mail, 'cn': elt[1]['cn'][0]}})
            nbr_select = 0
            while nbr_select != 1:
                userList = Render.print_selector(listSearch)
                nbr_select = len(userList)
            email = users[userList[0]]['mail']
            cn = users[userList[0]]['cn']
            subject_array = userList[0].split(',')
            subject_array.reverse()
            subject_array.pop()
            subject = '/'.join(subject_array) + "/CN=" + cn
        else:
            cn = raw_input("Common Name : ")
            email = raw_input("Mail address : ")
            subject = Config().config.get("ca", "base_cn") + "/CN=" + cn
        subject_x509 = SSL.parse_str_to_x509Name(subject, cert.get_subject())

        issuer_x509 = ca.get_subject()
        if email:
            subject_x509.emailAddress = email

        cert.set_subject(subject_x509)
        cert.set_issuer(issuer_x509)
        cert.set_notBefore(before.strftime("%Y%m%d%H%M%S%Z")+"Z")
        cert.set_notAfter(after.strftime("%Y%m%d%H%M%S%Z")+"Z")
        cert.set_serial_number(int(time() * 1000000))
        cert.set_version(2)

        bsConst = "CA:FALSE"
        cert.add_extensions([
            crypto.X509Extension("basicConstraints", True, bsConst),
            crypto.X509Extension("keyUsage", True, SSL.get_key_usage_from_profile(profile)),
            crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=cert),
        ])
        cert.add_extensions([
            crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca)
        ])
        cert.add_extensions([
            crypto.X509Extension("extendedKeyUsage", False, SSL.get_extended_key_usage_from_profile(profile))
        ])

        if Config().config.getboolean("crl", "enable"):
            crlUri = "URI:" + Config().config.get("crl", "uri")
            cert.add_extensions([
                crypto.X509Extension("crlDistributionPoints", False, crlUri)
            ])

        if Config().config.getboolean("ocsp", "enable"):
            ocspUri = "OCSP;URI:" + Config().config.get("ocsp", "uri")
            cert.add_extensions([
                crypto.X509Extension("authorityInfoAccess", False, ocspUri)
            ])

        cert_signed = SSL.sign(cert, SSL.get_ca_privatekey(), Config().config.get("cert", "digest"))
        SSL.set_cert(cert_signed)
        SSL.set_cert_privatekey(cert_signed, pkey)

        if Config().config.getboolean("ldap", "enable"):
                LDAP.add_queue(cert_signed)

示例#5

文件： ShCa.py 项目： GaetanF/ManPKI

 def show_ca_raw(self):
     if SSL.check_ca_exist():
         print crypto.dump_certificate(crypto.FILETYPE_PEM, SSL.get_ca())
     else:
         print "Cannot get details. CA not created yet"

示例#6

文件： webapid.py 项目： GaetanF/ManPKI

 def cmd_ca_sign(self, data):
     cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, base64.b64decode(data['cert']))
     cert.add_extensions([
         OpenSSL.crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=SSL.get_ca())
     ])
     capriv = SSL.get_ca_privatekey()
     certsigned = SSL.sign(cert, capriv, str(data['digest']))
     return 'OK', OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, certsigned)