def setup():
pm.registerService("geniutil", geniutil)
# view certificates with: openssl x509 -in ca_cert -text -noout
# or use mac osx's Keychain Access (go into "Keychain Access"-Menu and use the Cerificate Assistant)
# infer public key from private key for testing: openssl rsa -in mykey.pem -pubout
# creates a self-signed CA cert including a new key pair
ca_c, ca_pu, ca_pr = geniutil.create_certificate(
"urn:publicid:IDN+eict.de+authority+sa",
is_ca=True,
email="*****@*****.**")
# creates a user cert with a new key pair
u_c, u_pu, u_pr = geniutil.create_certificate(
"urn:publicid:IDN+eict:de+user+tom",
issuer_key=ca_pr,
issuer_cert=ca_c,
email="*****@*****.**")
# creates a user cert with a given public key
u2_c, u2_pu, u2_pr = geniutil.create_certificate(
"urn:publicid:IDN+eict:de+user+manfred",
issuer_key=ca_pr,
issuer_cert=ca_c,
public_key=u_pu,
email="*****@*****.**")
logger.info(">>> CERT <<<\n %s>>> PUB <<<\n %s>>> PRIV <<<\n %s" %
(u2_c, u2_pu, u2_pr))
def setup():
pm.registerService("geniutil", geniutil)
# view certificates with: openssl x509 -in ca_cert -text -noout
# or use mac osx's Keychain Access (go into "Keychain Access"-Menu and use the Cerificate Assistant)
# infer public key from private key for testing: openssl rsa -in mykey.pem -pubout
# creates a self-signed CA cert including a new key pair
ca_c,ca_pu,ca_pr = geniutil.create_certificate("urn:publicid:IDN+eict.de+authority+sa", is_ca=True, email="*****@*****.**")
# creates a user cert with a new key pair
u_c,u_pu,u_pr = geniutil.create_certificate("urn:publicid:IDN+eict:de+user+tom", issuer_key=ca_pr, issuer_cert=ca_c, email="*****@*****.**")
# creates a user cert with a given public key
u2_c,u2_pu,u2_pr = geniutil.create_certificate("urn:publicid:IDN+eict:de+user+manfred", issuer_key=ca_pr, issuer_cert=ca_c, public_key=u_pu, email="*****@*****.**")
logger.info(">>> CERT <<<\n %s>>> PUB <<<\n %s>>> PRIV <<<\n %s" % (u2_c,u2_pu,u2_pr))
email = "*****@*****.**"
cert_serial_number = 99
member = get_user(email)
pathname = os.path.dirname(sys.argv[0])
print('path =', pathname)
print('full path =', os.path.abspath(pathname))
fullpath = os.path.abspath(pathname)
dir_path = fullpath + "/../../../deploy/trusted/"
ma_pr = read_file(dir_path + "cert_keys/", MA_KEY_FILE)
ma_c = read_file(dir_path + "certs/", MA_CERT_FILE)
a_c, a_pu, a_pr = geniutil.create_certificate(
member['MEMBER_URN'],
issuer_key=ma_pr,
issuer_cert=ma_c,
email=email,
serial_number=cert_serial_number,
uuidarg=member['MEMBER_UID'],
life_days=10000)
#write_file(dir_path, ADMIN_CERT_FILE, a_c, opts.silent)
#write_file(dir_path, ADMIN_KEY_FILE, a_pr, opts.silent)
p_list = [
"GLOBAL_MEMBERS_VIEW", "GLOBAL_MEMBERS_WILDCARDS",
"GLOBAL_PROJECTS_MONITOR", "GLOBAL_PROJECTS_VIEW",
"GLOBAL_PROJECTS_WILDCARDS", "MEMBER_REGISTER", "SERVICE_REMOVE",
"SERVICE_VIEW", "MEMBER_REMOVE_REGISTRATION", "SERVICE_REGISTER",
"info"
]
a_cred = geniutil.create_credential_ex(a_c, a_c, ma_pr, ma_c, p_list,
CRED_EXPIRY)
#write_file(dir_path, ADMIN_CRED_FILE, a_cred, opts.silent)
#Simple test for xmlsec1 presence on system
try:
with open(os.devnull, "w") as null:
subprocess.call(["xmlsec1", "-h"], stdout=null, stderr=null)
except OSError:
print "xmlsec1 not found. Please install xmsec1 (http://www.aleksey.com/xmlsec/)."
sys.exit(0)
dir_path = args[1]
if not os.path.isdir(dir_path):
raise ValueError("The given path does not exist.")
if not opts.silent:
print "Creating SA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'sa')
sa_c, sa_pu, sa_pr = geniutil.create_certificate(urn, is_ca=True)
write_file(dir_path, SA_CERT_FILE, sa_c, opts.silent)
write_file(dir_path, SA_KEY_FILE, sa_pr, opts.silent)
if not opts.silent:
print "Creating MA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'ma')
ma_c, ma_pu, ma_pr = geniutil.create_certificate(urn, is_ca=True)
write_file(dir_path, MA_CERT_FILE, ma_c, opts.silent)
write_file(dir_path, MA_KEY_FILE, ma_pr, opts.silent)
if not opts.silent:
print "Creating AM certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'am')
am_c, am_pu, am_pr = geniutil.create_certificate(urn)
write_file(dir_path, AM_CERT_FILE, am_c, opts.silent)
#Simple test for xmlsec1 presence on system
try :
with open(os.devnull, "w") as null:
subprocess.call(["xmlsec1", "-h"], stdout = null, stderr = null)
except OSError:
print "xmlsec1 not found. Please install xmsec1 (http://www.aleksey.com/xmlsec/)."
sys.exit(0)
dir_path = args[1]
if not os.path.isdir(dir_path):
raise ValueError("The given path does not exist.")
if not opts.silent:
print "Creating SA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'sa')
sa_c, sa_pu, sa_pr = geniutil.create_certificate(urn, is_ca=True)
write_file(dir_path, SA_CERT_FILE, sa_c, opts.silent)
write_file(dir_path, SA_KEY_FILE, sa_pr, opts.silent)
if not opts.silent:
print "Creating MA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'ma')
ma_c, ma_pu, ma_pr = geniutil.create_certificate(urn, is_ca=True)
write_file(dir_path, MA_CERT_FILE, ma_c, opts.silent)
write_file(dir_path, MA_KEY_FILE, ma_pr, opts.silent)
if not opts.silent:
print "Creating AM certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'am')
am_c, am_pu, am_pr = geniutil.create_certificate(urn)
write_file(dir_path, AM_CERT_FILE, am_c, opts.silent)
#<UT>
if not opts.authority:
var = raw_input(
"Please enter CBAS authority/hostname (default: cbas.eict.de) ")
if not var:
authority = 'cbas.eict.de'
else:
authority = var
else:
authority = opts.authority
if not opts.ca_cert_path:
if not opts.silent:
print "Creating CA certificate"
urn = geniutil.encode_urn(authority, 'authority', 'ca')
cert_serial_number += 1
ca_c, ca_pu, ca_pr = geniutil.create_certificate(
urn, is_ca=True, serial_number=cert_serial_number, life_days=10000)
write_file(dir_path, CA_CERT_FILE, ca_c, opts.silent)
write_file(dir_path, CA_KEY_FILE, ca_pr, opts.silent)
else:
if not os.path.isdir(opts.ca_cert_path):
raise ValueError(
"The given path for CA certificate files does not exist.")
ca_c = read_file(dir_path, CA_CERT_FILE)
ca_pr = read_file(dir_path, CA_KEY_FILE)
autority_urn, _, _ = geniutil.extract_certificate_info(ca_c)
authority = geniutil.decode_urn(autority_urn)[0]
if not opts.silent:
print "Using CA certificate from " + authority
if not opts.silent:
print "Creating SA certificate"
with open(os.devnull, "w") as null:
subprocess.call(["xmlsec1", "-h"], stdout = null, stderr = null)
except OSError:
print "xmlsec1 not found. Please install xmsec1 (http://www.aleksey.com/xmlsec/)."
sys.exit(0)
dir_path = args[1]
if not os.path.isdir(dir_path):
raise ValueError("The given path does not exist.")
#<UT>
if not opts.silent:
print "Creating CA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'ca')
cert_serial_number += 1
ca_c, ca_pu, ca_pr = geniutil.create_certificate(urn, is_ca=True, serial_number=cert_serial_number)
write_file(dir_path, CA_CERT_FILE, ca_c, opts.silent)
write_file(dir_path, CA_KEY_FILE, ca_pr, opts.silent)
if not opts.silent:
print "Creating SA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'sa')
cert_serial_number += 1
sa_c, sa_pu, sa_pr = geniutil.create_certificate(urn, ca_pr, ca_c, is_ca=True, serial_number=cert_serial_number)
write_file(dir_path, SA_CERT_FILE, sa_c, opts.silent)
write_file(dir_path, SA_KEY_FILE, sa_pr, opts.silent)
if not opts.silent:
print "Creating MA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'ma')
cert_serial_number += 1
#<UT>
if not opts.authority:
var = raw_input("Please enter CBAS authority/hostname (default: cbas.eict.de) ")
if not var:
authority= 'cbas.eict.de'
else:
authority = var
else:
authority = opts.authority
if not opts.ca_cert_path:
if not opts.silent:
print "Creating CA certificate"
urn = geniutil.encode_urn(authority, 'authority', 'ca')
cert_serial_number += 1
ca_c, ca_pu, ca_pr = geniutil.create_certificate(urn, is_ca=True, serial_number=cert_serial_number, life_days=10000)
write_file(dir_path, CA_CERT_FILE, ca_c, opts.silent)
write_file(dir_path, CA_KEY_FILE, ca_pr, opts.silent)
else:
if not os.path.isdir(opts.ca_cert_path):
raise ValueError("The given path for CA certificate files does not exist.")
ca_c = read_file(dir_path, CA_CERT_FILE)
ca_pr = read_file(dir_path, CA_KEY_FILE)
autority_urn, _, _ = geniutil.extract_certificate_info(ca_c)
authority = geniutil.decode_urn(autority_urn)[0]
if not opts.silent:
print "Using CA certificate from "+authority
if not opts.silent:
print "Creating SA certificate"
urn = geniutil.encode_urn(authority, 'authority', 'sa')
with open(os.devnull, "w") as null:
subprocess.call(["xmlsec1", "-h"], stdout=null, stderr=null)
except OSError:
print "xmlsec1 not found. Please install xmsec1 (http://www.aleksey.com/xmlsec/)."
sys.exit(0)
dir_path = args[1]
if not os.path.isdir(dir_path):
raise ValueError("The given path does not exist.")
#<UT>
if not opts.silent:
print "Creating CA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'ca')
cert_serial_number += 1
ca_c, ca_pu, ca_pr = geniutil.create_certificate(
urn, is_ca=True, serial_number=cert_serial_number)
write_file(dir_path, CA_CERT_FILE, ca_c, opts.silent)
write_file(dir_path, CA_KEY_FILE, ca_pr, opts.silent)
if not opts.silent:
print "Creating SA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'sa')
cert_serial_number += 1
sa_c, sa_pu, sa_pr = geniutil.create_certificate(
urn, ca_pr, ca_c, is_ca=True, serial_number=cert_serial_number)
write_file(dir_path, SA_CERT_FILE, sa_c, opts.silent)
write_file(dir_path, SA_KEY_FILE, sa_pr, opts.silent)
if not opts.silent:
print "Creating MA certificate"
urn = geniutil.encode_urn(opts.authority, 'authority', 'ma')
