Python gencrl示例

示例#1

文件： ca_util.py 项目： henn/python-keylime

def cmd_revoke(workingdir,name=None,serial=None):
    cwd = os.getcwd()
    try:
        common.ch_dir(workingdir,os.getuid()==0)
        priv = read_private()
        
        if name is not None and serial is not None:
            raise Exception("You may not specify a cert and a serial at the same time")
        if name is None and serial is None:
            raise Exception("You must specify a cert or a serial to revoke")
        if name is not None:
            # load up the cert
            cert = X509.load_cert("%s-cert.crt"%name)
            serial = cert.get_serial_number()
            
        #convert serial to string
        serial = str(serial)
            
        # get the ca key cert and keys as strings
        with open('cacert.crt','r') as f:
            cacert = f.read()
        ca_pk = str(priv[0]['ca'])
        
        if serial not in priv[0]['revoked_keys']:
            priv[0]['revoked_keys'].append(serial)
        
        crl = ca_impl.gencrl(priv[0]['revoked_keys'],cacert,ca_pk)
         
        write_private(priv)
        
        return crl
    finally:
        os.chdir(cwd)
    return crl

示例#2

文件： ca_util.py 项目： lukehinds/python-keylime-ci-test

def cmd_init(workingdir):
    cwd = os.getcwd()
    try:
        common.ch_dir(workingdir, logger)

        rmfiles("*.pem")
        rmfiles("*.crt")
        rmfiles("*.zip")
        rmfiles("*.der")
        rmfiles("private.json")

        cacert, ca_pk, _ = ca_impl.mk_cacert()

        priv = read_private()

        # write out keys
        with open('cacert.crt', 'wb') as f:
            f.write(cacert.as_pem())

        f = BIO.MemoryBuffer()
        ca_pk.save_key_bio(f, None)
        priv[0]['ca'] = f.getvalue()
        f.close()

        # store the last serial number created.
        # the CA is always serial # 1
        priv[0]['lastserial'] = 1

        write_private(priv)

        ca_pk.get_rsa().save_pub_key('ca-public.pem')

        # generate an empty crl
        crl = ca_impl.gencrl([], cacert.as_pem(), str(priv[0]['ca']))
        with open('cacrl.der', 'wb') as f:
            f.write(crl)
        convert_crl_to_pem("cacrl.der", "cacrl.pem")

        # Sanity checks...
        cac = X509.load_cert('cacert.crt')
        if cac.verify():
            logger.info("CA certificate created successfully in %s" %
                        workingdir)
        else:
            logger.error("ERROR: Cert does not self validate")
    finally:
        os.chdir(cwd)

示例#3

文件： ca_util.py 项目： ozoder/keylime

def cmd_regencrl(workingdir):
    cwd = os.getcwd()
    try:
        common.ch_dir(workingdir,logger)
        priv = read_private()
            
        # get the ca key cert and keys as strings
        with open('cacert.crt','r') as f:
            cacert = f.read()
        ca_pk = str(priv[0]['ca'])
        
        crl = ca_impl.gencrl(priv[0]['revoked_keys'],cacert,ca_pk)
         
        write_private(priv)
        
        # write out the CRL to the disk
        with open('cacrl.der','wb') as f:
            f.write(crl)
        convert_crl_to_pem("cacrl.der","cacrl.pem")
        
    finally:
        os.chdir(cwd)
    return crl