示例#1
0
文件: instance.py 项目: edewata/pki
 def import_certs(self, instance, cert_file, nickname, token, trust_args):
     password = instance.get_token_password(token)
     certdb = pki.nssdb.NSSDatabase(directory=instance.nssdb_dir,
                                    password=password,
                                    token=token)
     _chain, nicks = certdb.import_cert_chain(nickname=nickname,
                                              cert_chain_file=cert_file,
                                              trust_attributes=trust_args)
     return nicks
示例#2
0
    def validate_certificate(self, instance, cert):

        logger.info(cert)

        print('  Cert ID: %s' % cert['id'])

        if not cert['data']:
            print('  Status: ERROR: missing certificate data')
            return False

        nickname = cert['nickname']
        if not nickname:
            print('  Status: ERROR: missing nickname')
            return False

        print('  Nickname: %s' % nickname)

        usage = cert['certusage']
        if not usage:
            print('  Status: ERROR: missing usage')
            return False

        print('  Usage: %s' % usage)

        token = cert['token']
        if not token:
            token = pki.nssdb.INTERNAL_TOKEN_FULL_NAME

        print('  Token: %s' % token)

        # normalize internal token into None
        token = pki.nssdb.normalize_token(token)

        # get token password and store in temporary file
        passwd = instance.get_token_password(token)

        pwfile_handle, pwfile_path = tempfile.mkstemp()
        try:
            os.write(pwfile_handle, passwd.encode('utf-8'))
        finally:
            os.close(pwfile_handle)

        try:
            cmd = ['pki', '-d', instance.nssdb_dir]

            fullname = nickname

            if token:
                cmd.extend(['--token', token])
                fullname = token + ':' + fullname

            cmd.extend([
                '-C', pwfile_path, 'client-cert-validate', fullname,
                '--certusage', usage
            ])

            logger.info('Command: %s', ' '.join(cmd))

            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
            print('  Status: VALID')

            return True

        except subprocess.CalledProcessError as e:
            if e.output:
                status = e.output.decode('utf-8')
            else:
                status = 'ERROR'
            print('  Status: %s' % status)
            return False

        finally:
            os.unlink(pwfile_path)