|
|
|
@ -23,7 +23,6 @@ from calculate.core.client.cert_func import new_key_req
|
|
|
|
|
from calculate.core.client.function import get_ip_mac_type
|
|
|
|
|
from calculate.core.datavars import DataVarsCore
|
|
|
|
|
from calculate.lib.utils.files import makeDirectory
|
|
|
|
|
from calculate.lib.utils import ip as ip_mod
|
|
|
|
|
import os, hashlib, OpenSSL, pwd, socket, sys
|
|
|
|
|
from calculate.lib.cl_lang import setLocalTranslate
|
|
|
|
|
setLocalTranslate('cl_core',sys.modules[__name__])
|
|
|
|
@ -92,6 +91,7 @@ def init(cert, key, cert_path, data_path, certbase, args, port, user_name):
|
|
|
|
|
create_client_cert(cert, cert_path, data_path, certbase, user_name)
|
|
|
|
|
else:
|
|
|
|
|
print _('Client certificate already exists')
|
|
|
|
|
add_server_to_trust(cert, user_name)
|
|
|
|
|
|
|
|
|
|
def check_serv_cert(cert_path):
|
|
|
|
|
if os.path.isfile(os.path.join(cert_path, 'server.crt')) and \
|
|
|
|
@ -102,8 +102,9 @@ def check_serv_cert(cert_path):
|
|
|
|
|
def check_client_cert(user_name):
|
|
|
|
|
client_cert_path = check_user_path(user_name)
|
|
|
|
|
server_host_name = socket.getfqdn()
|
|
|
|
|
if os.path.isfile(os.path.join(client_cert_path,server_host_name+'.crt')) and \
|
|
|
|
|
os.path.isfile(os.path.join(client_cert_path,server_host_name+'.key')):
|
|
|
|
|
if os.path.isfile(os.path.join(client_cert_path ,server_host_name+'.crt'))\
|
|
|
|
|
and os.path.isfile(os.path.join \
|
|
|
|
|
(client_cert_path, server_host_name+'.key')):
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
@ -120,7 +121,7 @@ def change_args(args, step = None):
|
|
|
|
|
return args
|
|
|
|
|
|
|
|
|
|
def create_server_cert(cert, key, cert_path, args, port):
|
|
|
|
|
cert_cmd.check_server_certificate(cert, key, cert_path, args, port, auto = True)
|
|
|
|
|
cert_cmd.check_server_certificate(cert,key,cert_path,args,port,auto=True)
|
|
|
|
|
|
|
|
|
|
def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
|
|
|
|
|
client_cert_path = check_user_path(user_name)
|
|
|
|
@ -130,7 +131,7 @@ def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
|
|
|
|
|
req_id = create_request(server_cert, cert_path, data_path, certbase, \
|
|
|
|
|
client_cert_path, user_name)
|
|
|
|
|
sign_certificate(req_id, cert_path, data_path)
|
|
|
|
|
get_certificate(cert_path, data_path, certbase, client_cert_path, user_name)
|
|
|
|
|
get_certificate(cert_path,data_path,certbase,client_cert_path,user_name)
|
|
|
|
|
|
|
|
|
|
def check_user_path(user_name):
|
|
|
|
|
try:
|
|
|
|
@ -158,7 +159,7 @@ def check_user_path(user_name):
|
|
|
|
|
os.chown(path[0], pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
for _file in path[2]:
|
|
|
|
|
if os.path.isfile(_file):
|
|
|
|
|
os.chown('/'.join([path[0], _file]),pwdObj.pw_uid,pwdObj.pw_gid)
|
|
|
|
|
os.chown('/'.join([path[0],_file]),pwdObj.pw_uid,pwdObj.pw_gid)
|
|
|
|
|
os.chmod(directory, 0644)
|
|
|
|
|
return cert_dir
|
|
|
|
|
|
|
|
|
@ -170,7 +171,8 @@ def create_request(server_cert, cert_path, data_path, certbase, \
|
|
|
|
|
#csr_file = cert_path + server_host_name +'.csr'
|
|
|
|
|
#pritn 'request file = ', csr_file
|
|
|
|
|
|
|
|
|
|
client_req_file = new_key_req(key, client_cert_path, server_host_name, auto = True)
|
|
|
|
|
client_req_file = new_key_req(key, client_cert_path, server_host_name,
|
|
|
|
|
auto = True)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
pwdObj = pwd.getpwnam(user_name)
|
|
|
|
@ -199,7 +201,7 @@ def create_request(server_cert, cert_path, data_path, certbase, \
|
|
|
|
|
def sign_certificate(req_id, cert_path, data_path):
|
|
|
|
|
cert_cmd.sing_req_by_server(req_id, cert_path, data_path, auto = True)
|
|
|
|
|
|
|
|
|
|
def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
|
|
|
|
|
def get_certificate(cert_path,data_path,certbase,client_cert_path,user_name):
|
|
|
|
|
req_id_file = os.path.join(client_cert_path, 'req_id')
|
|
|
|
|
if not os.path.exists(req_id_file):
|
|
|
|
|
print _("request was not sent or deleted file %s") %req_id_file
|
|
|
|
@ -320,8 +322,65 @@ def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
|
|
|
|
|
print _("CERTIFICATE ADD")
|
|
|
|
|
else:
|
|
|
|
|
print _("file with ca certificates exists")
|
|
|
|
|
|
|
|
|
|
trust_dir = os.path.join(client_cert_path, 'trusted')
|
|
|
|
|
if not os.path.isdir(trust_dir):
|
|
|
|
|
os.makedirs(trust_dir)
|
|
|
|
|
os.chown(trust_dir, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(trust_dir, 0755)
|
|
|
|
|
|
|
|
|
|
ca_certs = os.path.join(trust_dir, "cert.list")
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(ca_certs):
|
|
|
|
|
fc = open(ca_certs,"w")
|
|
|
|
|
fc.close()
|
|
|
|
|
os.chown(ca_certs, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(ca_certs, 0644)
|
|
|
|
|
|
|
|
|
|
host = 'localhost'
|
|
|
|
|
filename = host
|
|
|
|
|
cert_file_trust = os.path.join(trust_dir, filename)
|
|
|
|
|
fc = open(cert_file_trust,"w")
|
|
|
|
|
fc.write(ca_root)
|
|
|
|
|
fc.close()
|
|
|
|
|
os.chown(cert_file_trust, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(cert_file_trust, 0644)
|
|
|
|
|
with open(ca_certs) as fd:
|
|
|
|
|
t = fd.read()
|
|
|
|
|
# for each line
|
|
|
|
|
for line in t.splitlines():
|
|
|
|
|
# Split string into a words list
|
|
|
|
|
words = line.split()
|
|
|
|
|
if len(words) > 1:
|
|
|
|
|
# if first word...
|
|
|
|
|
if words[0] == host:
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
# Open file with compliance server certificates and server hostname
|
|
|
|
|
fcl = open(ca_certs,"a")
|
|
|
|
|
fcl.write(host + ' ' + filename + '\n')
|
|
|
|
|
fcl.close()
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
def add_server_to_trust(cert, user_name):
|
|
|
|
|
return
|
|
|
|
|
print cert, user_name
|
|
|
|
|
try:
|
|
|
|
|
pwdObj = pwd.getpwnam(user_name)
|
|
|
|
|
except KeyError, e:
|
|
|
|
|
print e
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
home_dir = pwdObj.pw_dir
|
|
|
|
|
if not os.path.isdir(home_dir):
|
|
|
|
|
if not makeDirectory(home_dir):
|
|
|
|
|
return None
|
|
|
|
|
os.chown(home_dir, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(home_dir, 0700)
|
|
|
|
|
calc_dir = os.path.join(home_dir, '.calculate')
|
|
|
|
|
cert_dir = os.path.join(calc_dir, 'client_cert')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def key_force(cert_path, data_path):
|
|
|
|
|
while True:
|
|
|
|
|
try:
|
|
|
|
|