add cert to trusted in bootstrap

12 years ago · 8adc1271b4
parent 95ba1feb61
commit 8adc1271b4
1 changed files with 67 additions and 8 deletions
--- a/core/server/bootstrap.py
+++ b/core/server/bootstrap.py
@ -23,7 +23,6 @@ from calculate.core.client.cert_func import new_key_req
 from calculate.core.client.function import get_ip_mac_type
 from calculate.core.datavars import DataVarsCore
 from calculate.lib.utils.files import makeDirectory
-from calculate.lib.utils import ip as ip_mod
 import os, hashlib, OpenSSL, pwd, socket, sys
 from calculate.lib.cl_lang import setLocalTranslate
 setLocalTranslate('cl_core',sys.modules[__name__])
@ -92,6 +91,7 @@ def init(cert, key, cert_path, data_path, certbase, args, port, user_name):
        create_client_cert(cert, cert_path, data_path, certbase, user_name)
    else:
        print _('Client certificate already exists')
+    add_server_to_trust(cert, user_name)

 def check_serv_cert(cert_path):
    if os.path.isfile(os.path.join(cert_path, 'server.crt')) and \
@ -102,8 +102,9 @@ def check_serv_cert(cert_path):
 def check_client_cert(user_name):
    client_cert_path = check_user_path(user_name)
    server_host_name = socket.getfqdn()
-    if os.path.isfile(os.path.join(client_cert_path,server_host_name+'.crt')) and \
-            os.path.isfile(os.path.join(client_cert_path,server_host_name+'.key')):
+    if os.path.isfile(os.path.join(client_cert_path ,server_host_name+'.crt'))\
+                    and os.path.isfile(os.path.join \
+                    (client_cert_path, server_host_name+'.key')):
        return True
    return False

@ -120,7 +121,7 @@ def change_args(args, step = None):
    return args

 def create_server_cert(cert, key, cert_path, args, port):
-    cert_cmd.check_server_certificate(cert, key, cert_path, args, port, auto = True)
+    cert_cmd.check_server_certificate(cert,key,cert_path,args,port,auto=True)

 def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
    client_cert_path = check_user_path(user_name)
@ -130,7 +131,7 @@ def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
    req_id = create_request(server_cert, cert_path, data_path, certbase, \
                            client_cert_path, user_name)
    sign_certificate(req_id, cert_path, data_path)
-    get_certificate(cert_path, data_path, certbase, client_cert_path, user_name)
+    get_certificate(cert_path,data_path,certbase,client_cert_path,user_name)

 def check_user_path(user_name):
    try:
@ -158,7 +159,7 @@ def check_user_path(user_name):
        os.chown(path[0], pwdObj.pw_uid, pwdObj.pw_gid)
        for _file in path[2]:
            if os.path.isfile(_file):
-                os.chown('/'.join([path[0], _file]),pwdObj.pw_uid,pwdObj.pw_gid)
+                os.chown('/'.join([path[0],_file]),pwdObj.pw_uid,pwdObj.pw_gid)
                os.chmod(directory, 0644)
    return cert_dir

@ -170,7 +171,8 @@ def create_request(server_cert, cert_path, data_path, certbase, \
    #csr_file = cert_path + server_host_name +'.csr'
    #pritn 'request file = ', csr_file

-    client_req_file = new_key_req(key, client_cert_path, server_host_name, auto = True)
+    client_req_file = new_key_req(key, client_cert_path, server_host_name,
+                                  auto = True)

    try:
        pwdObj = pwd.getpwnam(user_name)
@ -199,7 +201,7 @@ def create_request(server_cert, cert_path, data_path, certbase, \
 def sign_certificate(req_id, cert_path, data_path):
    cert_cmd.sing_req_by_server(req_id, cert_path, data_path, auto = True)

-def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
+def get_certificate(cert_path,data_path,certbase,client_cert_path,user_name):
    req_id_file = os.path.join(client_cert_path, 'req_id')
    if not os.path.exists(req_id_file):
        print _("request was not sent or deleted file %s") %req_id_file
@ -320,8 +322,65 @@ def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
            print _("CERTIFICATE ADD")
        else:
            print _("file with ca certificates exists")
+
+        trust_dir = os.path.join(client_cert_path, 'trusted')
+        if not os.path.isdir(trust_dir):
+            os.makedirs(trust_dir)
+        os.chown(trust_dir, pwdObj.pw_uid, pwdObj.pw_gid)
+        os.chmod(trust_dir, 0755)
+
+        ca_certs = os.path.join(trust_dir, "cert.list")
+
+        if not os.path.exists(ca_certs):
+            fc = open(ca_certs,"w")
+            fc.close()
+            os.chown(ca_certs, pwdObj.pw_uid, pwdObj.pw_gid)
+            os.chmod(ca_certs, 0644)
+
+        host = 'localhost'
+        filename = host
+        cert_file_trust = os.path.join(trust_dir, filename)
+        fc = open(cert_file_trust,"w")
+        fc.write(ca_root)
+        fc.close()
+        os.chown(cert_file_trust, pwdObj.pw_uid, pwdObj.pw_gid)
+        os.chmod(cert_file_trust, 0644)
+        with open(ca_certs) as fd:
+            t = fd.read()
+            # for each line
+            for line in t.splitlines():
+                # Split string into a words list
+                words = line.split()
+                if len(words) > 1:
+                    # if first word...
+                    if words[0] == host:
+                        return 0
+
+        # Open file with compliance server certificates and server hostname
+        fcl = open(ca_certs,"a")
+        fcl.write(host + ' ' + filename + '\n')
+        fcl.close()
    return 0

+def add_server_to_trust(cert, user_name):
+    return
+    print cert, user_name
+    try:
+        pwdObj = pwd.getpwnam(user_name)
+    except KeyError, e:
+        print e
+        return None
+
+    home_dir = pwdObj.pw_dir
+    if not os.path.isdir(home_dir):
+        if not makeDirectory(home_dir):
+            return None
+        os.chown(home_dir, pwdObj.pw_uid, pwdObj.pw_gid)
+        os.chmod(home_dir, 0700)
+    calc_dir = os.path.join(home_dir, '.calculate')
+    cert_dir = os.path.join(calc_dir, 'client_cert')    
+
+
 def key_force(cert_path, data_path):
    while True:
        try: