def _call(self, cur_inst):
_name = cur_inst.srv_com["server_key:ca_name"].text
cur_ca = openssl_tools.CA(_name, cur_inst.log)
if cur_ca.ca_ok:
_certs = cur_ca.db
cur_inst.srv_com.set_result("found {}: {}".format(
logging_tools.get_plural("certificate", len(_certs)),
", ".join(sorted(cur_ca.db.keys())),
))
_bldr = cur_inst.srv_com.builder()
certs = _bldr.certificates()
for _serial in cur_ca.db:
_cert = cur_ca.db[_serial]
certs.append(
_bldr.certificate(
type=_cert["type"],
name=_cert["name"],
serial=_cert["serial"],
exp_date=cur_ca.db.format_date(_cert["exp_date"]),
rev_date=cur_ca.db.format_date(_cert["rev_date"]),
rev_cause=_cert["rev_cause"],
))
cur_inst.srv_com[""] = certs
else:
cur_inst.srv_com.set_result(
"CA '{}' is not valid".format(_name),
server_command.SRV_REPLY_STATE_ERROR,
)
def _call(self, cur_inst):
_name = cur_inst.srv_com["server_key:ca_name"].text
_cert_serial = cur_inst.srv_com["server_key:cert_serial"].text
_revoke_cause = cur_inst.srv_com["server_key:revoke_cause"].text
_CAUSES = [
"unspecified",
"keyCompromise",
"CACompromise",
"affiliationChanged",
"superseded",
"cessationOfOperation",
"certificateHold",
"removeFromCRL",
]
if _revoke_cause not in _CAUSES:
raise ValueError("revocation cause '{}' not in list {}".format(
_revoke_cause,
", ".join(_CAUSES),
))
cur_ca = openssl_tools.CA(_name, cur_inst.log)
if not cur_ca.ca_ok:
cur_inst.srv_com.set_result(
"CA '{}' is not valid".format(_name),
server_command.SRV_REPLY_STATE_ERROR,
)
else:
if cur_ca.revoke_cert(_cert_serial, _revoke_cause):
cur_inst.srv_com.set_result(
"certificate {} successfully revoked".format(_cert_serial),
)
else:
cur_inst.srv_com.set_result(
"cannot revoke certificate, please check logs",
server_command.SRV_REPLY_STATE_ERROR,
)
def _call(self, cur_inst):
_name = cur_inst.srv_com["server_key:ca_name"].text
_obj_dict = _build_obj(cur_inst,
cn="{}_ca".format(
global_config["SERVER_FULL_NAME"]))
cur_ca = openssl_tools.CA(_name, cur_inst.log)
if cur_ca.ca_ok:
cur_inst.srv_com.set_result(
"CA '{}' already present".format(_name),
server_command.SRV_REPLY_STATE_WARN,
)
else:
if cur_ca.create(_obj_dict):
cur_inst.srv_com.set_result(
"CA '{}' successfully created in {}".format(
_name, cur_ca.ca_dir))
else:
cur_inst.srv_com.set_result(
"creation of CA went wrong, please check the logs",
server_command.SRV_REPLY_STATE_ERROR,
)
def _call(self, cur_inst):
_name = cur_inst.srv_com["server_key:ca_name"].text
_file_name = cur_inst.srv_com["server_key:cert_file"].text
_ca_mode = cur_inst.srv_com["server_key:ca_mode"].text
if "server_key:cn" in cur_inst.srv_com:
_cn = cur_inst.srv_com["server_key:cn"].text
else:
_cn = global_config["SERVER_FULL_NAME"]
if "server_key:add_device" in cur_inst.srv_com:
_dev_name = cur_inst.srv_com["server_key:add_device"].text
if _dev_name.count("."):
_dev = device.objects.get(
Q(name=_dev_name.split(".")[0])
& Q(domain_tree_node__full_name=_dev_name.split(".", 1)[1])
)
else:
_dev = device.objects.get(Q(name=_dev_name))
else:
_dev = None
_obj_dict = _build_obj(cur_inst, cn=_cn)
cur_ca = openssl_tools.CA(_name, cur_inst.log)
if not cur_ca.ca_ok:
cur_inst.srv_com.set_result(
"CA '{}' is not valid".format(_name),
server_command.SRV_REPLY_STATE_ERROR,
)
else:
additional_args = {}
if _dev is not None:
additional_args['device'] = _dev
if cur_ca.new_cert(_obj_dict, _ca_mode, _file_name,
**additional_args):
cur_inst.srv_com.set_result(
"certificate successfully created in {}".format(
_file_name))
else:
cur_inst.srv_com.set_result(
"cannot create new cert, please check logs",
server_command.SRV_REPLY_STATE_ERROR,
)