You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Хирецкий Михаил b1ced43643 Изменён код завершения cl-core при ImportError 6 days ago
bin Добавлен скрипт-wrapper для запуска методов от пользовтеля и root 4 years ago
data Запуск dbus сервиса через python3.7 2 months ago
man Fix mans 8 years ago
pym/core Изменён код завершения cl-core при ImportError 6 days ago
LICENCE Add setup files. 10 years ago
README Update versions 8 years ago
setup.py Добавлены настройки для dbus сервиса а также --dbus параметр для установки 3 years ago

README

AUTHOR: Calculate Ltd. <support@calculate.ru> 

INSTALL
-------

calculate-api needs the following library version installed, in order to run:
python >= 2.6
soaplib = 1.0
calculate-lib >= 3.0.0_beta2.0

To install calculate-api, just execute the install script 'setup.py'.
Example:

./setup.py install

####################################

Create root certificate (self-signed)

$ openssl genrsa -out root.key 1024
$ openssl req -new -key root.key -out root.csr
$ openssl x509 -req -days 1096 -in root.csr -signkey root.key -out root.crt

or

$ openssl req -new -newkey rsa:1024 -nodes -keyout root.key -x509 -days 1096
-subj /C=RU/ST=Spb/L=Spb/O=calculate-linux\ \
Inc/OU=Sale/CN=www.calculate-linux.ru/emailAddress=support@calculate-linux.ru
-out root.crt # CN - unique name root certificate

####################################

Create server certificate

$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -CA root.crt -CAkey root.key
-CAcreateserial -in server.csr -out server.crt

e.g.
$ cd /var/calculate/server/server_certs/
$ openssl x509 -req -days 365 -CA /var/calculate/server/ca/root.crt -CAkey \
/var/calculate/server/ca/root.key -CAcreateserial -in ./NUM.csr -out ./NUM.crt

NUM - number certificate

####################################

Show certificate

openssl x509 -noout -text -in certificate.crt

Show request

openssl req -noout -text -in request.csr

Show key

openssl rsa -noout -text -in key.key

Show CRL

openssl crl -text -noout -in ca.crl

####################################

Create not root ca certificate

$ openssl genrsa -out ca.key 1024
$ openssl req -new -key ca.key -out ca.csr
$ openssl x509 -req -days 365 -CA root.crt -CAkey root.key -CAcreateserial \
-extfile ssl-server-ca.cfg -extensions ssl_server_ca -in ca.csr -out ca.crt

$ cat ssl-server-ca.cfg

[ ssl_server_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
#basicConstraints = CA:true
keyUsage = keyCertSign, digitalSignature, keyEncipherment, cRLSign
extendedKeyUsage = serverAuth

####################################

Files

/var/calculate/server - directory with clients and servers request and signed
certificates, rights certificates (groups):
/var/calculate/server/ca - directory with root certificates, server certificates and
CA certificate.
/var/calculate/server/client_certs - clients request and signed certificates
/var/calculate/server/server_certs - servers request and signed certificates
/var/calculate/server/conf/group_right.conf - list of methods available for groups
example of content:
manager pid_info,list_pid,cl_template,cl_login

/var/calculate/server/conf/right.conf - list of number certificates who are allowed
execution of the method
example of content:
pid_info 2 -1
certificate number 2 has right to run method "pid_info", and the certificate
number 1 does not have rights. Use key --right-add and --right-del. See man.