|
|
|
@ -128,7 +128,7 @@ def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
|
|
|
|
|
print _('not exists client certificate path')
|
|
|
|
|
return 1
|
|
|
|
|
req_id = create_request(server_cert, cert_path, data_path, certbase, \
|
|
|
|
|
client_cert_path)
|
|
|
|
|
client_cert_path, user_name)
|
|
|
|
|
sign_certificate(req_id, cert_path, data_path)
|
|
|
|
|
get_certificate(cert_path, data_path, certbase, client_cert_path, user_name)
|
|
|
|
|
|
|
|
|
@ -162,7 +162,8 @@ def check_user_path(user_name):
|
|
|
|
|
|
|
|
|
|
return cert_dir
|
|
|
|
|
|
|
|
|
|
def create_request(server_cert, cert_path, data_path, certbase,client_cert_path):
|
|
|
|
|
def create_request(server_cert, cert_path, data_path, certbase, \
|
|
|
|
|
client_cert_path, user_name):
|
|
|
|
|
server_host_name = socket.getfqdn()
|
|
|
|
|
|
|
|
|
|
key = os.path.join(client_cert_path, server_host_name + '.key')
|
|
|
|
@ -171,6 +172,16 @@ def create_request(server_cert, cert_path, data_path, certbase,client_cert_path)
|
|
|
|
|
|
|
|
|
|
client_req_file = new_key_req(key, client_cert_path, server_host_name, auto = True)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
pwdObj = pwd.getpwnam(user_name)
|
|
|
|
|
except KeyError, e:
|
|
|
|
|
print e
|
|
|
|
|
return None
|
|
|
|
|
for files in [key, client_req_file, key+'_pub']:
|
|
|
|
|
if os.path.exists(files):
|
|
|
|
|
os.chown(files,pwdObj.pw_uid,pwdObj.pw_gid)
|
|
|
|
|
os.chmod(files, 0644)
|
|
|
|
|
|
|
|
|
|
ip, mac, client_type = get_ip_mac_type()
|
|
|
|
|
data = open(client_req_file).read()
|
|
|
|
|
|
|
|
|
@ -251,6 +262,8 @@ def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
|
|
|
|
|
ca_dir = os.path.join(client_cert_path, 'ca')
|
|
|
|
|
if not os.path.isdir(ca_dir):
|
|
|
|
|
os.makedirs(ca_dir)
|
|
|
|
|
os.chown(ca_dir, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(ca_dir, 0755)
|
|
|
|
|
root_cert_md5 = os.path.join(ca_dir, "cert_list")
|
|
|
|
|
|
|
|
|
|
md5 = hashlib.md5()
|
|
|
|
@ -281,19 +294,26 @@ def get_certificate(cert_path, data_path, certbase, client_cert_path,user_name):
|
|
|
|
|
fc = open(root_cert_md5,"a")
|
|
|
|
|
fc.write('%s %s\n' %(md5sum, filename))
|
|
|
|
|
fc.close()
|
|
|
|
|
os.chown(root_cert_md5, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(root_cert_md5, 0644)
|
|
|
|
|
|
|
|
|
|
if not filename:
|
|
|
|
|
print _('Not found field "CN" in certificate!')
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
fd = open(os.path.join(ca_dir, filename), 'w')
|
|
|
|
|
ca_cert = os.path.join(ca_dir, filename)
|
|
|
|
|
fd = open(ca_cert, 'w')
|
|
|
|
|
fd.write(ca_root)
|
|
|
|
|
fd.close()
|
|
|
|
|
os.chown(ca_cert, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(ca_cert, 0644)
|
|
|
|
|
|
|
|
|
|
user_root_cert = os.path.join(ca_dir, 'ca_root.crt')
|
|
|
|
|
fa = open(user_root_cert, 'a')
|
|
|
|
|
fa.write(ca_root)
|
|
|
|
|
fa.close()
|
|
|
|
|
os.chown(user_root_cert, pwdObj.pw_uid, pwdObj.pw_gid)
|
|
|
|
|
os.chmod(user_root_cert, 0644)
|
|
|
|
|
print _("CERTIFICATE ADD")
|
|
|
|
|
else:
|
|
|
|
|
print _("file with ca certificates exists")
|
|
|
|
|