def PrintFound(form, found, cellpadding=2, width=100): print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding, width) print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>' for i in searchkeys: print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text) print '</TR>' for ca_name in found.keys(): ca = opensslcnf.getcadata(ca_name) if ca.isservercert(): certtype = 'server' else: certtype = 'email' for i in found[ca_name]: print '<TR><TD>%s</TD>' % (ca_name) if i[DB_type] == DB_TYPE_REV: print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \ i[DB_serial], nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial], strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date])))) ) elif i[DB_type] == DB_TYPE_EXP: print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \ i[DB_serial], nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial], strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date])))) ) elif i[DB_type] == DB_TYPE_VAL: print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \ i[DB_serial], nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial], nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial], strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date])))) ) else: raise ValueError dnfield = SplitDN(i[DB_name]) for j in searchkeys: if dnfield.has_key(j) and dnfield[j]: if j == "Email": print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % ( dnfield[j], dnfield[j]) else: print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4( dnfield[j]) else: print '<TD> </TD>' print '</TR>' print '</TABLE>' return
def PrintFound(form,found,cellpadding=2,width=100): print '<TABLE BORDER CELLPADDING=%d%% WIDTH=%d%%>' % (cellpadding,width) print '<TR><TH>CA name</TH><TH COLSPAN=3>Serial</TH><TH>valid<BR>until</TH>' for i in searchkeys: print '<TH><FONT SIZE=-1>%s</FONT></TH>' % (form.field[i][0].text) print '</TR>' for ca_name in found.keys(): ca = opensslcnf.getcadata(ca_name) if ca.isservercert(): certtype='server' else: certtype='email' for i in found[ca_name]: print '<TR><TD>%s</TD>' % (ca_name) if i[DB_type]==DB_TYPE_REV: print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>revoked %s</TD>' % ( \ i[DB_serial], nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial], strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_rev_date])))) ) elif i[DB_type]==DB_TYPE_EXP: print '<TD>%s</TD><TD> </TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>expired %s</TD>' % ( \ i[DB_serial], nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial], strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date])))) ) elif i[DB_type]==DB_TYPE_VAL: print '<TD>%s</TD><TD><A HREF="%s%s/%s/%s.crt?%s">Load</A></TD><TD><A HREF="%s%s/%s/%s?%s">View</A></TD><TD>%s</TD>' % ( \ i[DB_serial], nsBaseUrl,nsGetCertUrl,ca_name,certtype,i[DB_serial], nsBaseUrl,nsViewCertUrl,ca_name,certtype,i[DB_serial], strftime('%Y-%m-%d %H:%M',localtime(mktime(dbtime2tuple(i[DB_exp_date])))) ) else: raise ValueError dnfield = SplitDN(i[DB_name]) for j in searchkeys: if dnfield.has_key(j) and dnfield[j]: if j=="Email": print '<TD><FONT SIZE=-1><A HREF="mailto:%s">%s</A></FONT></TD>' % (dnfield[j],dnfield[j]) else: print '<TD><FONT SIZE=-1>%s</FONT></TD>' % charset.asn12html4(dnfield[j]) else: print '<TD> </TD>' print '</TR>' print '</TABLE>' return
def PrintCertTypes(ca_names): htmlbase.PrintHeader('Start enrollment for certificate request') htmlbase.PrintHeading('Start enrollment for certificate request') print """This certificate authority issues several types of client certificates.<BR>Please choose the appropriate certificate type below:<P> <TABLE CELLSPACING=10%%>""" for ca_name in ca_names: ca = opensslcnf.getcadata(ca_name) if ca.isclientcert(): if ca.nsCaPolicyUrl: nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl) else: nsCaPolicyUrlStr = ' ' print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr) print '</TABLE>' htmlbase.PrintFooter()
sys.exit(0) if not ca_name: PrintCertTypes(ca_names) sys.exit(0) if not ca_name in ca_names: # CA-Definition nicht in openssl-Konfiguration enthalten htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % ca_name) sys.exit(0) # Check for "internal" IP address of client if (ca_name in caInternalCertTypes) and \ not ipadr.MatchIPAdrList(os.environ.get('REMOTE_ADDR',''),caInternalIPAdr): htmlbase.PrintErrorMsg('This type of certificate request is restricted to internal hosts!') sys.exit(0) ca = opensslcnf.getcadata(ca_name) HelpUrlBase = '%s%s%s' % ( \ ca.nsBaseUrl, \ pyca_section.get('HelpUrl',''), \ os.path.splitext(os.path.basename(os.environ.get('SCRIPT_NAME','')))[0] \ ) policy_section = opensslcnf.data.get(ca.policy,{}) req_section = opensslcnf.data.get(ca.req,{}) if req_section and req_section.has_key('distinguished_name'): req_distinguished_name_section = opensslcnf.data.get(req_section['distinguished_name'],{}) req_distinguished_name_keys = opensslcnf.sectionkeys.get(req_section['distinguished_name'],[]) else: htmlbase.PrintErrorMsg('Request section for "%s" not found.' % ca_name)
) ) form.getparams() scep_operation = form.field['operation'][0].content scep_message = form.field['message'][0].content if scep_operation in ['GetCACert','GetCACertChain']: # *** Check parameter message again for being valid FQDN. # *** Set to pre-configured SCEP CA scep_message = 'SCEP' ca = opensslcnf.getcadata(scep_message) if not opensslcnf.data['ca'].has_key(scep_message): htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message) sys.exit(0) # Does the certificate file exist? if not os.path.isfile(ca.certificate): htmlbase.PrintErrorMsg('CA Certificate of file not found.') sys.exit(0) cert = certhelper.pem2der(open(ca.certificate,'r').read()) sys.stderr.write('%s' % repr(cert)) # Simply write MIME-type and certificate data to stdout sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n') sys.stdout.write(cert)
form.add( cgiforms.formInputClass('message', 'Message', 10000, (r'.*', re.M + re.S))) form.getparams() scep_operation = form.field['operation'][0].content scep_message = form.field['message'][0].content if scep_operation in ['GetCACert', 'GetCACertChain']: # *** Check parameter message again for being valid FQDN. # *** Set to pre-configured SCEP CA scep_message = 'SCEP' ca = opensslcnf.getcadata(scep_message) if not opensslcnf.data['ca'].has_key(scep_message): htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message) sys.exit(0) # Does the certificate file exist? if not os.path.isfile(ca.certificate): htmlbase.PrintErrorMsg('CA Certificate of file not found.') sys.exit(0) cert = certhelper.pem2der(open(ca.certificate, 'r').read()) sys.stderr.write('%s' % repr(cert)) # Simply write MIME-type and certificate data to stdout sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')