|
|
|
@ -20,17 +20,18 @@ import post_request
|
|
|
|
|
|
|
|
|
|
from calculate.api.client.cert_func import new_key_req
|
|
|
|
|
from calculate.api.client.function import get_ip_mac_type
|
|
|
|
|
from calculate.api.datavars import DataVarsApi
|
|
|
|
|
|
|
|
|
|
from calculate.lib.utils import ip as ip_mod
|
|
|
|
|
import os, hashlib, time
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def init(cert, key, cert_path, data_path, certbase, args, port):
|
|
|
|
|
def init(cert, key, cert_path, data_path, certbase, args, port, user_name):
|
|
|
|
|
if check():
|
|
|
|
|
for step in range (2):
|
|
|
|
|
args = change_args(args, step)
|
|
|
|
|
create_server_cert(cert, key, cert_path, args, port)
|
|
|
|
|
|
|
|
|
|
create_client_cert(cert, cert_path, data_path, certbase)
|
|
|
|
|
create_client_cert(cert, cert_path, data_path, certbase, user_name)
|
|
|
|
|
|
|
|
|
|
def check():
|
|
|
|
|
return True
|
|
|
|
@ -50,19 +51,22 @@ def change_args(args, step = None):
|
|
|
|
|
def create_server_cert(cert, key, cert_path, args, port):
|
|
|
|
|
cert_cmd.check_server_certificate(cert, key, cert_path, args, port, auto = True)
|
|
|
|
|
|
|
|
|
|
def create_client_cert(server_cert, cert_path, data_path, certbase):
|
|
|
|
|
req_id = create_request(server_cert, cert_path, data_path, certbase)
|
|
|
|
|
def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
|
|
|
|
|
client_cert_path = '/home/' + user_name + '/.calculate/client_cert/'
|
|
|
|
|
req_id = create_request(server_cert, cert_path, data_path, certbase, \
|
|
|
|
|
client_cert_path)
|
|
|
|
|
sign_certificate(req_id, cert_path, data_path)
|
|
|
|
|
get_certificate(cert_path, data_path, certbase)
|
|
|
|
|
time.sleep(2)
|
|
|
|
|
get_certificate(cert_path, data_path, certbase, client_cert_path)
|
|
|
|
|
|
|
|
|
|
def create_request(server_cert, cert_path, data_path, certbase):
|
|
|
|
|
def create_request(server_cert, cert_path, data_path, certbase,client_cert_path):
|
|
|
|
|
server_host_name = 'localhost'
|
|
|
|
|
|
|
|
|
|
key = cert_path + server_host_name + '.key'
|
|
|
|
|
key = client_cert_path + server_host_name + '.key'
|
|
|
|
|
#csr_file = cert_path + server_host_name +'.csr'
|
|
|
|
|
#pritn 'request file = ', csr_file
|
|
|
|
|
|
|
|
|
|
client_req_file = new_key_req(key, cert_path, server_host_name, auto = True)
|
|
|
|
|
client_req_file = new_key_req(key, client_cert_path, server_host_name, auto = True)
|
|
|
|
|
|
|
|
|
|
ip, mac, client_type = get_ip_mac_type()
|
|
|
|
|
data = open(client_req_file).read()
|
|
|
|
@ -70,7 +74,7 @@ def create_request(server_cert, cert_path, data_path, certbase):
|
|
|
|
|
req_id = post_request.serv_post_client_request (data, data_path, ip, mac, \
|
|
|
|
|
client_type, certbase, cert_path)
|
|
|
|
|
|
|
|
|
|
fc = open(cert_path + 'req_id', 'w')
|
|
|
|
|
fc = open(client_cert_path + 'req_id', 'w')
|
|
|
|
|
fc.write(req_id)
|
|
|
|
|
fc.close()
|
|
|
|
|
return req_id
|
|
|
|
@ -87,30 +91,30 @@ def get_ip_mac_type():
|
|
|
|
|
pass
|
|
|
|
|
return ('no_ip','no_mac', 'live')
|
|
|
|
|
|
|
|
|
|
def get_certificate(cert_path, data_path, certbase):
|
|
|
|
|
if not os.path.exists(cert_path + 'req_id'):
|
|
|
|
|
def get_certificate(cert_path, data_path, certbase, client_cert_path):
|
|
|
|
|
if not os.path.exists(client_cert_path + 'req_id'):
|
|
|
|
|
print _("request was not sent or deleted file %s") \
|
|
|
|
|
%(cert_path + 'req_id')
|
|
|
|
|
%(client_cert_path + 'req_id')
|
|
|
|
|
return 1
|
|
|
|
|
fc = open(cert_path + 'req_id', 'r')
|
|
|
|
|
fc = open(client_cert_path + 'req_id', 'r')
|
|
|
|
|
req_id = fc.read()
|
|
|
|
|
fc.close()
|
|
|
|
|
|
|
|
|
|
server_host_name = 'localhost'
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(cert_path + server_host_name + '.csr'):
|
|
|
|
|
print _('Request %s not found') %(cert_path + server_host_name + '.csr')
|
|
|
|
|
if not os.path.exists(client_cert_path + server_host_name + '.csr'):
|
|
|
|
|
print _('Request %s not found') %(client_cert_path + server_host_name + '.csr')
|
|
|
|
|
return 1
|
|
|
|
|
request = open(cert_path + server_host_name + '.csr').read()
|
|
|
|
|
request = open(client_cert_path + server_host_name + '.csr').read()
|
|
|
|
|
md5 = hashlib.md5()
|
|
|
|
|
md5.update(request)
|
|
|
|
|
md5sum = md5.hexdigest()
|
|
|
|
|
|
|
|
|
|
result = post_request.serv_get_client_cert (req_id, request, data_path, \
|
|
|
|
|
result = post_request.serv_get_client_cert (req_id, md5sum, data_path, \
|
|
|
|
|
certbase, cert_path)
|
|
|
|
|
|
|
|
|
|
cert = result[0][0]
|
|
|
|
|
ca_root = result[0][1]
|
|
|
|
|
cert = result[0]
|
|
|
|
|
ca_root = result[1]
|
|
|
|
|
if cert == '1':
|
|
|
|
|
print _('Request to sign is rejected!')
|
|
|
|
|
return 1
|
|
|
|
@ -124,10 +128,10 @@ def get_certificate(cert_path, data_path, certbase):
|
|
|
|
|
elif cert == '4':
|
|
|
|
|
print _("Request was sent from another ip.")
|
|
|
|
|
return 1
|
|
|
|
|
fc = open(cert_path + server_host_name + '.crt', 'w')
|
|
|
|
|
fc = open(client_cert_path + server_host_name + '.crt', 'w')
|
|
|
|
|
fc.write(cert)
|
|
|
|
|
fc.close()
|
|
|
|
|
os.unlink(cert_path + 'req_id')
|
|
|
|
|
os.unlink(client_cert_path + 'req_id')
|
|
|
|
|
print 'OK. Certificate save. Your certificate id = %s' %req_id
|
|
|
|
|
|
|
|
|
|
if ca_root:
|
|
|
|
|