|
|
|
@ -14,7 +14,7 @@
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
|
|
import os
|
|
|
|
|
import os, pwd
|
|
|
|
|
import sys
|
|
|
|
|
import urllib2
|
|
|
|
|
from sid_func import client_sid
|
|
|
|
@ -59,7 +59,6 @@ def client_post_cert (client, clVars, show_info = False):
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#Creation of secret key of the client
|
|
|
|
|
def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \
|
|
|
|
|
auto = False):
|
|
|
|
@ -73,14 +72,24 @@ def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \
|
|
|
|
|
pkey.save_key(key, cipher = None, callback = lambda *unused: None)
|
|
|
|
|
else:
|
|
|
|
|
pkey.save_key(key, callback= lambda *unused: str(private_key_passwd))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
req = makeRequest(rsa, pkey, server_host_name, auto)
|
|
|
|
|
crtreq = req.as_pem()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
req_file = cert_path + '/%s.csr' %server_host_name
|
|
|
|
|
crtfile = open(req_file, 'w')
|
|
|
|
|
crtfile.write(crtreq)
|
|
|
|
|
crtfile.close()
|
|
|
|
|
|
|
|
|
|
user_name = pwd.getpwuid(os.getuid()).pw_name
|
|
|
|
|
try:
|
|
|
|
|
pwdObj = pwd.getpwnam(user_name)
|
|
|
|
|
except KeyError, e:
|
|
|
|
|
print e
|
|
|
|
|
return None
|
|
|
|
|
os.chown(key, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(key, 0600)
|
|
|
|
|
|
|
|
|
|
return req_file
|
|
|
|
|
|
|
|
|
|
def delete_old_cert(client):
|
|
|
|
@ -124,8 +133,8 @@ def client_post_request (cert_path, args):
|
|
|
|
|
|
|
|
|
|
server_host_name = client.service.get_server_host_name()
|
|
|
|
|
|
|
|
|
|
key = cert_path + server_host_name + '.key'
|
|
|
|
|
csr_file = cert_path + server_host_name +'.csr'
|
|
|
|
|
key = os.path.join(cert_path, server_host_name + '.key')
|
|
|
|
|
csr_file = os.path.join(cert_path, server_host_name +'.csr')
|
|
|
|
|
if os.path.exists(key) and os.path.exists(csr_file):
|
|
|
|
|
print _('secret key and request exists')
|
|
|
|
|
ask = raw_input(_("Create new secret key and request? y/[n]: "))
|
|
|
|
@ -145,18 +154,18 @@ def client_post_request (cert_path, args):
|
|
|
|
|
if int(res) < 0:
|
|
|
|
|
print _("This server can not sign certificate!")
|
|
|
|
|
return 1
|
|
|
|
|
fc = open(cert_path + 'req_id', 'w')
|
|
|
|
|
fc = open(os.path.join(cert_path, 'req_id'), 'w')
|
|
|
|
|
fc.write(res)
|
|
|
|
|
fc.close()
|
|
|
|
|
print _("Your request id = %s") %res
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
def client_get_cert(cert_path, args):
|
|
|
|
|
if not os.path.exists(cert_path + 'req_id'):
|
|
|
|
|
if not os.path.exists(os.path.join(cert_path, 'req_id')):
|
|
|
|
|
print _("request was not sent or deleted file %s") \
|
|
|
|
|
%(cert_path + 'req_id')
|
|
|
|
|
%(os.path.join(cert_path, 'req_id'))
|
|
|
|
|
return 1
|
|
|
|
|
fc = open(cert_path + 'req_id', 'r')
|
|
|
|
|
fc = open(os.path.join(cert_path, 'req_id'), 'r')
|
|
|
|
|
req_id = fc.read()
|
|
|
|
|
fc.close()
|
|
|
|
|
|
|
|
|
@ -172,11 +181,11 @@ def client_get_cert(cert_path, args):
|
|
|
|
|
|
|
|
|
|
server_host_name = client.service.get_server_host_name()
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(cert_path + server_host_name + '.csr'):
|
|
|
|
|
if not os.path.exists(os.path.join(cert_path, server_host_name + '.csr')):
|
|
|
|
|
print _('Request %s not found on client side') \
|
|
|
|
|
%(cert_path + server_host_name + '.csr')
|
|
|
|
|
%(os.path.join(cert_path, server_host_name + '.csr'))
|
|
|
|
|
return 1
|
|
|
|
|
request = open(cert_path + server_host_name + '.csr').read()
|
|
|
|
|
request = open(os.path.join(cert_path, server_host_name + '.csr')).read()
|
|
|
|
|
md5 = hashlib.md5()
|
|
|
|
|
md5.update(request)
|
|
|
|
|
md5sum = md5.hexdigest()
|
|
|
|
@ -197,11 +206,20 @@ def client_get_cert(cert_path, args):
|
|
|
|
|
elif cert == '4':
|
|
|
|
|
print _("Request was sent from another ip.")
|
|
|
|
|
return 1
|
|
|
|
|
fc = open(cert_path + server_host_name + '.crt', 'w')
|
|
|
|
|
cert_file = os.path.join(cert_path, server_host_name + '.crt')
|
|
|
|
|
fc = open(cert_file, 'w')
|
|
|
|
|
fc.write(cert)
|
|
|
|
|
fc.close()
|
|
|
|
|
os.unlink(cert_path + 'req_id')
|
|
|
|
|
print 'OK. Certificate save. Your certificate id = %s' %req_id
|
|
|
|
|
user_name = pwd.getpwuid(os.getuid()).pw_name
|
|
|
|
|
try:
|
|
|
|
|
pwdObj = pwd.getpwnam(user_name)
|
|
|
|
|
except KeyError, e:
|
|
|
|
|
print e
|
|
|
|
|
return None
|
|
|
|
|
os.chown(cert_file, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(cert_file, 0600)
|
|
|
|
|
|
|
|
|
|
if ca_root:
|
|
|
|
|
clVars = DataVarsCore()
|
|
|
|
@ -216,7 +234,7 @@ def client_get_cert(cert_path, args):
|
|
|
|
|
homePath = clVars.Get('ur_home_path')
|
|
|
|
|
|
|
|
|
|
cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath)
|
|
|
|
|
root_cert_md5 = cl_client_cert_dir + "/ca/cert_list"
|
|
|
|
|
root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list")
|
|
|
|
|
|
|
|
|
|
md5 = hashlib.md5()
|
|
|
|
|
md5.update(ca_root)
|
|
|
|
@ -253,7 +271,7 @@ def client_get_cert(cert_path, args):
|
|
|
|
|
print _('Not found field "CN" in certificate!')
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
fd = open(cl_client_cert_dir + '/ca/' + filename, 'w')
|
|
|
|
|
fd = open(os.path.join(cl_client_cert_dir, 'ca', filename), 'w')
|
|
|
|
|
fd.write(ca_root)
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|