|
|
|
@ -28,7 +28,7 @@ from calculate.lib.datavars import VariableError
|
|
|
|
|
from itertools import *
|
|
|
|
|
from calculate.lib.cl_lang import setLocalTranslate
|
|
|
|
|
setLocalTranslate('cl_core',sys.modules[__name__])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def getIpLocal():
|
|
|
|
|
for interface in ip.getInterfaces():
|
|
|
|
|
try:
|
|
|
|
@ -37,7 +37,7 @@ def getIpLocal():
|
|
|
|
|
continue
|
|
|
|
|
else:
|
|
|
|
|
return ""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def getHwAddr():
|
|
|
|
|
""" get MAC adress for interface """
|
|
|
|
|
for interface in ip.getInterfaces():
|
|
|
|
@ -61,7 +61,7 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
from M2Crypto import X509
|
|
|
|
|
import gettext
|
|
|
|
|
name = X509.X509_Name()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
host_name = socket.getfqdn()
|
|
|
|
|
lang = gettext.locale.getdefaultlocale()[0][:2]
|
|
|
|
|
if c.lower() in ['n', 'no']:
|
|
|
|
@ -100,7 +100,7 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
name.C = raw_input (_('Country (only TWO letters!) [%s]: ') %lang)
|
|
|
|
|
if not name.C:
|
|
|
|
|
name.C = lang
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cmd = ("openssl req -new -newkey rsa:2048 -nodes -keyout %s -x509 "
|
|
|
|
|
"-days 11000 -subj /C=%s/ST=%s/L=%s/O=%s"
|
|
|
|
|
"/OU=%s/CN=%s -out %s") \
|
|
|
|
@ -113,7 +113,7 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
p = subprocess.Popen(cmd, shell=True, stdin=PIPE, stdout=PIPE,
|
|
|
|
|
stderr=subprocess.STDOUT, close_fds=True)
|
|
|
|
|
p.wait()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# add certificate in trusted
|
|
|
|
|
fd = open(cert_path+'/ca_root.crt', 'a')
|
|
|
|
|
try:
|
|
|
|
@ -122,14 +122,14 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
print _('error write (read) file from directory %s') %cert_path
|
|
|
|
|
fd.close()
|
|
|
|
|
print _("OK")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# use self root certificate as server certificate
|
|
|
|
|
elif args.use_root_cert:
|
|
|
|
|
if not os.path.exists(cert_path+'/root.crt'):
|
|
|
|
|
print _('root certificate not found (use cl-core with key '
|
|
|
|
|
'--gen-root-cert)')
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# use root certificate as server certificate
|
|
|
|
|
ft = open(cert_path+'/root.crt', 'rb')
|
|
|
|
|
fd = open(cert_path+'/server.crt', 'wb')
|
|
|
|
@ -137,17 +137,17 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
fd.write(ft.read())
|
|
|
|
|
ft.close()
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ft = open(cert_path+'/root.key', 'rb')
|
|
|
|
|
fd = open(cert_path+'/server.key', 'wb')
|
|
|
|
|
ft.seek(0)
|
|
|
|
|
fd.write(ft.read())
|
|
|
|
|
ft.close()
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
print _("OK")
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# send a certificate signing request to another server
|
|
|
|
|
elif args.host:
|
|
|
|
|
port = raw_input (_("Enter port: "))
|
|
|
|
@ -167,7 +167,7 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
print _("\nClose. Connecting Error.")
|
|
|
|
|
#return 0
|
|
|
|
|
serv_host_name = client.service.get_server_host_name()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if os.path.exists(key) and os.path.exists(cert_path + '/server.csr'):
|
|
|
|
|
print _('secret key and request exists')
|
|
|
|
|
ask = raw_input(_("Create new secret key and request?")+" y/[n]: ")
|
|
|
|
@ -199,7 +199,7 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
fc = open(cert_path + '/req_id', 'r')
|
|
|
|
|
req_id = fc.read()
|
|
|
|
|
fc.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
print _("\nURL has form"), "https://%s:[port]/?wsdl" \
|
|
|
|
|
%args.root_host
|
|
|
|
|
port = raw_input (_("Enter port: "))
|
|
|
|
@ -210,7 +210,7 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
return 1
|
|
|
|
|
url = "https://%s:%d/?wsdl" %(args.root_host, port)
|
|
|
|
|
print _("%s\nconnect...") % url
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from suds.client import Client
|
|
|
|
|
from client_class import HTTPSClientsCertTransport
|
|
|
|
|
try:
|
|
|
|
@ -218,12 +218,12 @@ def check_server_certificate(cert, key, cert_path, args, port, auto = False):
|
|
|
|
|
transport = HTTPSClientsCertTransport(None, None, None))
|
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
|
print _("\nClose. Connecting Error.")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
request = open(cert_path + '/server.csr').read()
|
|
|
|
|
md5 = hashlib.md5()
|
|
|
|
|
md5.update(request)
|
|
|
|
|
md5sum = md5.hexdigest()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
result = client.service.get_server_cert(req_id, md5sum)
|
|
|
|
|
print "result = ", result
|
|
|
|
|
cert = result[0][0]
|
|
|
|
@ -271,7 +271,7 @@ def create_path(data_path, certbase, rights, group_rights):
|
|
|
|
|
os.makedirs(data_path+'/conf')
|
|
|
|
|
except OSError:
|
|
|
|
|
print _("cannot create directory %s") %(data_path+'/conf')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.isfile(rights):
|
|
|
|
|
rights_text = '# example of content:\n'+ \
|
|
|
|
|
'# certificate number 2 has right to run method ' + \
|
|
|
|
@ -294,7 +294,7 @@ def create_path(data_path, certbase, rights, group_rights):
|
|
|
|
|
|
|
|
|
|
# find a id by certificate
|
|
|
|
|
def find_cert_id(certificate, data_path, certbase):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Open database
|
|
|
|
|
if not os.path.exists(certbase):
|
|
|
|
|
if not os.path.exists(data_path+'/client_certs'):
|
|
|
|
@ -320,9 +320,9 @@ def find_cert_id(certificate, data_path, certbase):
|
|
|
|
|
words = line.split()
|
|
|
|
|
# if in line present certificate id
|
|
|
|
|
if words[1] == md5sum:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cert_id.append (words[0])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cert_path = data_path+'/client_certs/'
|
|
|
|
|
for certId in cert_id:
|
|
|
|
|
if os.path.isfile(cert_path + certId + '.crt'):
|
|
|
|
@ -344,7 +344,7 @@ def find_id_cert(cert_id, data_path):
|
|
|
|
|
fp.close()
|
|
|
|
|
return cert
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# delete selected clients certificate
|
|
|
|
|
def del_cert(certbase, data_path, cert_id):
|
|
|
|
|
cert_id = str(cert_id)
|
|
|
|
@ -360,7 +360,7 @@ def del_cert(certbase, data_path, cert_id):
|
|
|
|
|
ft.write(line + '\n')
|
|
|
|
|
ft.close()
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ft = open(certbase + '_temp', 'rb')
|
|
|
|
|
fc = open(certbase, 'wb')
|
|
|
|
|
ft.seek(0)
|
|
|
|
@ -396,7 +396,7 @@ def add_right(cert_id, method, rights):
|
|
|
|
|
ft.write(line + '\n')
|
|
|
|
|
fd.close()
|
|
|
|
|
ft.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# copy all from temp file
|
|
|
|
|
ft = open(rights + '_temp', 'rb')
|
|
|
|
|
fd = open(rights, 'wb')
|
|
|
|
@ -430,7 +430,7 @@ def del_right(cert_id, method, rights):
|
|
|
|
|
ft.write(line + '\n')
|
|
|
|
|
fd.close()
|
|
|
|
|
ft.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# copy all from temp file
|
|
|
|
|
ft = open(rights + '_temp', 'rb')
|
|
|
|
|
fd = open(rights, 'wb')
|
|
|
|
@ -458,7 +458,7 @@ def change_rights_cert(cert_id, right_add, right_del, \
|
|
|
|
|
except:
|
|
|
|
|
print _("to change rights certificate number must be integer")
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
elif cert_id == 'all':
|
|
|
|
|
with open(certbase) as fd:
|
|
|
|
|
t = fd.read()
|
|
|
|
@ -468,7 +468,7 @@ def change_rights_cert(cert_id, right_add, right_del, \
|
|
|
|
|
words = line.split()
|
|
|
|
|
# if in line present certificate id
|
|
|
|
|
list_id.append(words[0])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for cert_id in list_id:
|
|
|
|
|
cert_id = str(cert_id)
|
|
|
|
|
|
|
|
|
@ -479,7 +479,7 @@ def change_rights_cert(cert_id, right_add, right_del, \
|
|
|
|
|
ls_rig_add = right_add.split(',')
|
|
|
|
|
for meth in ls_rig_add:
|
|
|
|
|
add_right(cert_id, meth, rights)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if right_del:
|
|
|
|
|
if not os.path.exists(rights):
|
|
|
|
|
print _('file %s not found!') %rights
|
|
|
|
@ -487,7 +487,7 @@ def change_rights_cert(cert_id, right_add, right_del, \
|
|
|
|
|
ls_rig_del = right_del.split(',')
|
|
|
|
|
for meth in ls_rig_del:
|
|
|
|
|
del_right(cert_id, meth, rights)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Detailed view clients certificates
|
|
|
|
|
def view_cert_info(cert, cert_id, rights, group_rights):
|
|
|
|
|
certobj = OpenSSL.crypto.load_certificate (OpenSSL.SSL.FILETYPE_PEM, cert)
|
|
|
|
@ -528,7 +528,7 @@ def view_cert_info(cert, cert_id, rights, group_rights):
|
|
|
|
|
groups_list = groups.split(',')
|
|
|
|
|
#except:
|
|
|
|
|
#return ['-1']
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
results = []
|
|
|
|
|
if not os.path.exists (group_rights):
|
|
|
|
|
open(group_rights, 'w')
|
|
|
|
@ -542,7 +542,7 @@ def view_cert_info(cert, cert_id, rights, group_rights):
|
|
|
|
|
methods = words[1].split(',')
|
|
|
|
|
for i in methods:
|
|
|
|
|
results.append(i.strip())
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
results = uniq(results)
|
|
|
|
|
|
|
|
|
|
add_list_rights = []
|
|
|
|
@ -571,7 +571,7 @@ def view_cert_info(cert, cert_id, rights, group_rights):
|
|
|
|
|
for method in results:
|
|
|
|
|
if method in del_list_rights:
|
|
|
|
|
results.remove(method)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if results == []:
|
|
|
|
|
print _("no methods available")
|
|
|
|
|
else:
|
|
|
|
@ -585,13 +585,13 @@ def view_cert(args, certbase, data_path, rights, group_rights):
|
|
|
|
|
remove = args.remove
|
|
|
|
|
right_add = args.right_add
|
|
|
|
|
right_del = args.right_del
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for i in [right_add, right_del]:
|
|
|
|
|
if i:
|
|
|
|
|
change_rights_cert (cert_id, right_add, right_del, \
|
|
|
|
|
rights, group_rights, certbase)
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(certbase):
|
|
|
|
|
fc = open(certbase,"w")
|
|
|
|
|
fc.close()
|
|
|
|
@ -617,7 +617,7 @@ def view_cert(args, certbase, data_path, rights, group_rights):
|
|
|
|
|
view_cert_info(cert, words[0], rights, group_rights)
|
|
|
|
|
print "#############################################\n"
|
|
|
|
|
print _("Total %d certificates.") %count
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if remove:
|
|
|
|
|
answer = \
|
|
|
|
|
raw_input(_("Are you sure? Delete all client certificates?") + \
|
|
|
|
@ -631,9 +631,9 @@ def view_cert(args, certbase, data_path, rights, group_rights):
|
|
|
|
|
except:
|
|
|
|
|
print _("certificate number not int and not 'all'")
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cert = find_id_cert(cert_id, data_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not cert:
|
|
|
|
|
print _("Certificate not found")
|
|
|
|
|
return 1
|
|
|
|
@ -641,7 +641,7 @@ def view_cert(args, certbase, data_path, rights, group_rights):
|
|
|
|
|
print cert
|
|
|
|
|
else:
|
|
|
|
|
view_cert_info(cert, cert_id, rights, group_rights)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if remove:
|
|
|
|
|
answer = \
|
|
|
|
|
raw_input("Delete client certificate with id = %d? y/[n]: "%cert_id)
|
|
|
|
@ -666,11 +666,11 @@ def sing_req_by_server(id_client_req, cert_path, data_path, auto = False):
|
|
|
|
|
if not os.path.exists(cl_req):
|
|
|
|
|
print _("Signing Request %s not found") %cl_req
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if os.path.exists(cl_cert):
|
|
|
|
|
print _("certificate %s already exists") %cl_cert
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if auto:
|
|
|
|
|
group = "group:all"
|
|
|
|
|
else:
|
|
|
|
@ -688,7 +688,7 @@ def sing_req_by_server(id_client_req, cert_path, data_path, auto = False):
|
|
|
|
|
fc = open(config, 'w')
|
|
|
|
|
fc.write(cfg_text)
|
|
|
|
|
fc.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cmd = ("openssl x509 -req -days 11000 -CA %s -CAkey %s -CAcreateserial "
|
|
|
|
|
"-extfile %s -extensions ssl_client -in %s -out %s") \
|
|
|
|
|
%(server_cert, server_key, config, cl_req, cl_cert)
|
|
|
|
@ -704,12 +704,12 @@ def sing_req_by_server(id_client_req, cert_path, data_path, auto = False):
|
|
|
|
|
def sing_req_by_root(args, cert_path, data_path):
|
|
|
|
|
root_cert = cert_path + '/root.crt'
|
|
|
|
|
root_key = cert_path + '/root.key'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(root_cert) or not os.path.exists(root_key):
|
|
|
|
|
print _("Root certificate or private key not found")
|
|
|
|
|
print _("look at %s") %cert_path
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if args.id_server_req:
|
|
|
|
|
try:
|
|
|
|
|
int (args.id_server_req)
|
|
|
|
@ -721,7 +721,7 @@ def sing_req_by_root(args, cert_path, data_path):
|
|
|
|
|
if not os.path.exists(sign_req):
|
|
|
|
|
print _("Signing Request %s not found") %sign_req
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if os.path.exists(sign_cert):
|
|
|
|
|
print _("certificate %s already exists") %sign_cert
|
|
|
|
|
return 1
|
|
|
|
@ -738,7 +738,7 @@ def sing_req_by_root(args, cert_path, data_path):
|
|
|
|
|
#fc = open(config, 'w')
|
|
|
|
|
#fc.write(cfg_text)
|
|
|
|
|
#fc.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#cmd = ("openssl x509 -req -days 11000 -CA %s -CAkey %s -CAcreateserial "
|
|
|
|
|
#"-extfile %s -extensions ssl_server_ca -in %s -out %s") \
|
|
|
|
|
#%(root_cert, root_key, config, sign_req, sign_cert)
|
|
|
|
@ -756,7 +756,7 @@ def sing_req_by_root(args, cert_path, data_path):
|
|
|
|
|
|
|
|
|
|
# Detailed view server signed certificates
|
|
|
|
|
def view_signed_cert_info(cert_id, serv_certbase, data_path, mid_path):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cert_file = data_path + '/%s/%d.crt' %(mid_path, cert_id)
|
|
|
|
|
print cert_file
|
|
|
|
|
if os.path.exists(cert_file):
|
|
|
|
@ -777,11 +777,11 @@ def view_signed_cert_info(cert_id, serv_certbase, data_path, mid_path):
|
|
|
|
|
print _("\nSubject")
|
|
|
|
|
for item in Subject:
|
|
|
|
|
print "%s : %s" %(item[0], item[1])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(serv_certbase):
|
|
|
|
|
fc = open(serv_certbase,"w")
|
|
|
|
|
fc.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with open(serv_certbase) as fd:
|
|
|
|
|
t = fd.read()
|
|
|
|
|
# See each line
|
|
|
|
@ -795,17 +795,17 @@ def view_signed_cert_info(cert_id, serv_certbase, data_path, mid_path):
|
|
|
|
|
print 'mac - %s' %words[5]
|
|
|
|
|
print _('date') + ' - %s %s' %(words[2], words[3])
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
print _("Certificate not found!")
|
|
|
|
|
|
|
|
|
|
print "\n###################################################\n"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Detailed view server request
|
|
|
|
|
req_file = data_path+'/%s/%d.csr' %(mid_path, cert_id)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
print req_file
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if os.path.exists(req_file):
|
|
|
|
|
fp = open(req_file, 'r')
|
|
|
|
|
request = fp.read()
|
|
|
|
@ -817,11 +817,11 @@ def view_signed_cert_info(cert_id, serv_certbase, data_path, mid_path):
|
|
|
|
|
print _("\nSubject")
|
|
|
|
|
for item in Subject:
|
|
|
|
|
print " %s : %s" %(item[0], item[1])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(serv_certbase):
|
|
|
|
|
fc = open(serv_certbase,"w")
|
|
|
|
|
fc.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with open(serv_certbase) as fd:
|
|
|
|
|
t = fd.read()
|
|
|
|
|
# See each line
|
|
|
|
@ -844,7 +844,7 @@ def view_signed_cert(args, serv_certbase, data_path):
|
|
|
|
|
cert_id = args.cert_id
|
|
|
|
|
dump = args.dump
|
|
|
|
|
remove = args.remove
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if cert_id == 'all':
|
|
|
|
|
if not os.path.exists(serv_certbase):
|
|
|
|
|
fc = open(serv_certbase,"w")
|
|
|
|
@ -870,7 +870,7 @@ def view_signed_cert(args, serv_certbase, data_path):
|
|
|
|
|
if not count:
|
|
|
|
|
print _("Certificates or requests not found!")
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
cert_id = int (cert_id)
|
|
|
|
|
except:
|
|
|
|
@ -884,7 +884,7 @@ def view_client_request(args, client_certbase, data_path):
|
|
|
|
|
req_id = args.req_id
|
|
|
|
|
dump = args.dump
|
|
|
|
|
remove = args.remove
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if req_id == 'all':
|
|
|
|
|
if not os.path.exists(client_certbase):
|
|
|
|
|
fc = open(client_certbase,"w")
|
|
|
|
@ -910,7 +910,7 @@ def view_client_request(args, client_certbase, data_path):
|
|
|
|
|
if not count:
|
|
|
|
|
print _("Certificates or requests not found!")
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
req_id = int (req_id)
|
|
|
|
|
except:
|
|
|
|
@ -926,26 +926,26 @@ def del_request(id_del_req, serv_certbase, data_path):
|
|
|
|
|
except:
|
|
|
|
|
print _("id must be int")
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
request = data_path + '/server_certs/%s.csr' %id_del_req
|
|
|
|
|
cert = data_path + '/server_certs/%s.crt' %id_del_req
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# chect exists request and certificate files
|
|
|
|
|
print request
|
|
|
|
|
if not os.path.exists(request) and not os.path.exists(cert):
|
|
|
|
|
print _("Request or certificate with id = %s not found!") %id_del_req
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(request):
|
|
|
|
|
print _("request %s not found!") %request
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if os.path.exists(cert):
|
|
|
|
|
print _("This request has already been signed")
|
|
|
|
|
ask = raw_input (_("Delete certificate and request? y/[n]: "))
|
|
|
|
|
if not ask.lower() in ['y', 'yes']:
|
|
|
|
|
print _("Not deleted")
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# create temp file
|
|
|
|
|
ft = open(serv_certbase + '_temp', 'w')
|
|
|
|
|
with open(serv_certbase) as fd:
|
|
|
|
@ -959,7 +959,7 @@ def del_request(id_del_req, serv_certbase, data_path):
|
|
|
|
|
ft.write(line + '\n')
|
|
|
|
|
ft.close()
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ft = open(serv_certbase + '_temp', 'rb')
|
|
|
|
|
fc = open(serv_certbase, 'wb')
|
|
|
|
|
ft.seek(0)
|
|
|
|
@ -982,43 +982,43 @@ def revoke_signed_cert(revoke_cert_id, data_path, cert_path):
|
|
|
|
|
CRL = data_path + '/server_certs/ca.crl'
|
|
|
|
|
CRL_mid_dir = "/server_certs/CRL/"
|
|
|
|
|
CRL_db_dir = data_path + CRL_mid_dir
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if revoke_cert_id == 'rm':
|
|
|
|
|
if os.path.exists(CRL_db_dir):
|
|
|
|
|
for filename in glob.glob(CRL_db_dir+"*"):
|
|
|
|
|
os.unlink (filename)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if os.path.exists(CRL):
|
|
|
|
|
os.unlink(CRL)
|
|
|
|
|
print _("CRL deleted")
|
|
|
|
|
return 0
|
|
|
|
|
print _("CRL not exists")
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
int (revoke_cert_id)
|
|
|
|
|
except:
|
|
|
|
|
print _("Id revocation certificate must be integer!")
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cert_file = data_path + "/server_certs/%s.crt" %revoke_cert_id
|
|
|
|
|
if not os.path.exists (cert_file):
|
|
|
|
|
print _("Certificate %s not found") %cert_file
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(CRL_db_dir):
|
|
|
|
|
os.makedirs(CRL_db_dir)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
index_file = CRL_db_dir + 'index'
|
|
|
|
|
if not os.path.exists (index_file):
|
|
|
|
|
open(index_file,'w')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
serial_file = CRL_db_dir + 'serial'
|
|
|
|
|
if not os.path.exists (serial_file):
|
|
|
|
|
open(serial_file,'w')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
default_crl_days = 14
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
conf_file = data_path + "/server_certs/ca.config"
|
|
|
|
|
#if not os.path.exists (conf_file):
|
|
|
|
|
content_conf = ("[ ca ]\ndefault_ca = CA_CLIENT\n"
|
|
|
|
@ -1036,15 +1036,15 @@ def revoke_signed_cert(revoke_cert_id, data_path, cert_path):
|
|
|
|
|
fd = open(conf_file,'w')
|
|
|
|
|
fd.write(content_conf)
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
server_cert = open (cert_file, 'r').read()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cmd_rev_cert = "openssl ca -config %s -revoke %s" %(conf_file, cert_file)
|
|
|
|
|
os.system(cmd_rev_cert)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cmd_create_crl = "openssl ca -gencrl -config %s -out %s" %(conf_file, CRL)
|
|
|
|
|
os.system(cmd_create_crl)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
print
|
|
|
|
|
cmd_show_crl = "openssl crl -text -noout -in %s" %CRL
|
|
|
|
|
os.system(cmd_show_crl)
|
|
|
|
|