def do_test(self, line): print LDAP().get_password() try: if LDAP().check_dn_exist(SSL.get_ca()): print "BaseDN : " + LDAP().get_basedn() print "Connection and require object successful" elif LDAP().check_dn_exist(SSL.get_ca(), depth=1): print "Connection successful. Required object need to be created" else: print "Connection OK. Require Base DN not exist" except ldap.CONNECT_ERROR: print "Unable to connect"
def show_ca_detail(self): self.show_ca() if SSL.check_ca_exist(): print "##################################################" print "### Detail" SSL.display_cert(SSL.get_ca()) else: print "Cannot get details. CA not created yet"
__author__ = 'ferezgaetan' from Tools import Mailer, SSL if SSL.generate_crl(): ca = SSL.get_ca() if ca.get_subject().emailAddress: mail = Mailer() mail.to(ca.get_subject().emailAddress) mail.subject("CRL Creation") mail.send("CRL file has been created")
def create_cert(self, profile): before = datetime.utcnow() after = before + timedelta(days=Config().config.getint("cert", "validity")) pkey = SSL.create_key(Config().config.getint("cert", "key_size")) ca = SSL.get_ca() cert = SSL.create_cert(pkey) if Config().config.get("ldap", "enable") and "false" not in Config().config.get("profile_" + profile, "ldap"): print "Search in LDAP" l = LDAP() filter = Config().config.get("profile_" + profile, "ldap") res = l.get_dn(l.get_basedn(), filter, ['cn', 'mail', 'uid']) listSearch = {} users = {} for elt in res: key = elt[0] val = elt[1]['cn'][0] mail = None if 'mail' in elt[1].keys(): mail = elt[1]['mail'][0] val = val + " (mail : " + elt[1]['mail'][0] + ")" listSearch.update({key: val}) users.update({key: {'mail': mail, 'cn': elt[1]['cn'][0]}}) nbr_select = 0 while nbr_select != 1: userList = Render.print_selector(listSearch) nbr_select = len(userList) email = users[userList[0]]['mail'] cn = users[userList[0]]['cn'] subject_array = userList[0].split(',') subject_array.reverse() subject_array.pop() subject = '/'.join(subject_array) + "/CN=" + cn else: cn = raw_input("Common Name : ") email = raw_input("Mail address : ") subject = Config().config.get("ca", "base_cn") + "/CN=" + cn subject_x509 = SSL.parse_str_to_x509Name(subject, cert.get_subject()) issuer_x509 = ca.get_subject() if email: subject_x509.emailAddress = email cert.set_subject(subject_x509) cert.set_issuer(issuer_x509) cert.set_notBefore(before.strftime("%Y%m%d%H%M%S%Z")+"Z") cert.set_notAfter(after.strftime("%Y%m%d%H%M%S%Z")+"Z") cert.set_serial_number(int(time() * 1000000)) cert.set_version(2) bsConst = "CA:FALSE" cert.add_extensions([ crypto.X509Extension("basicConstraints", True, bsConst), crypto.X509Extension("keyUsage", True, SSL.get_key_usage_from_profile(profile)), crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=cert), ]) cert.add_extensions([ crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca) ]) cert.add_extensions([ crypto.X509Extension("extendedKeyUsage", False, SSL.get_extended_key_usage_from_profile(profile)) ]) if Config().config.getboolean("crl", "enable"): crlUri = "URI:" + Config().config.get("crl", "uri") cert.add_extensions([ crypto.X509Extension("crlDistributionPoints", False, crlUri) ]) if Config().config.getboolean("ocsp", "enable"): ocspUri = "OCSP;URI:" + Config().config.get("ocsp", "uri") cert.add_extensions([ crypto.X509Extension("authorityInfoAccess", False, ocspUri) ]) cert_signed = SSL.sign(cert, SSL.get_ca_privatekey(), Config().config.get("cert", "digest")) SSL.set_cert(cert_signed) SSL.set_cert_privatekey(cert_signed, pkey) if Config().config.getboolean("ldap", "enable"): LDAP.add_queue(cert_signed)
def show_ca_raw(self): if SSL.check_ca_exist(): print crypto.dump_certificate(crypto.FILETYPE_PEM, SSL.get_ca()) else: print "Cannot get details. CA not created yet"
def cmd_ca_sign(self, data): cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, base64.b64decode(data['cert'])) cert.add_extensions([ OpenSSL.crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=SSL.get_ca()) ]) capriv = SSL.get_ca_privatekey() certsigned = SSL.sign(cert, capriv, str(data['digest'])) return 'OK', OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, certsigned)