From 266cf73a0ae2d7779d6c86f67c9db001b45f8b46 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Tue, 18 Mar 2014 22:44:54 +0100 Subject: [PATCH] =?UTF-8?q?[gest=5Fcrans=5Flc,=20utils/ldapcertfs]=20F?= =?UTF-8?q?=C3=A9tails=20gestions=20des=20certificats?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/gest_crans_lc.py | 25 +++++++++++++++---------- utils/ldapcertfs.py | 7 ++++--- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/gestion/gest_crans_lc.py b/gestion/gest_crans_lc.py index 7f1192ae..5ae0aa6b 100755 --- a/gestion/gest_crans_lc.py +++ b/gestion/gest_crans_lc.py @@ -998,7 +998,12 @@ class GestCrans(object): def box(fields_values=None): fields = [("%s : " % k, form[k]['text'], form[k]['len'] + 1, form[k]['len']) for k in form_order] return self.dialog.form( - text="", + text="""Type de certificat : Type de correspondance : + * 0 - CA pinning * 0 - certificat entier + * 1 - Cert pinning * 1 - sha256 + * 2 - CA auto signé * 2 - sha512 + * 3 - Cert autosigné""", + no_collapse=True, height=0, width=0, form_height=0, timeout=self.timeout, fields=fields_values if fields_values else fields, @@ -1070,11 +1075,11 @@ les valeurs valident sont : def todo(machine, certificat, cont): if certificat: with self.conn.search(dn=certificat.dn, scope=0, mode='rw')[0] as certificat: - certificat['certificat'] = unicode(pem, 'utf-8') + certificat['certificat'] = unicode(pem.strip(), 'utf-8') certificat.save() else: with self.conn.newCertificat(machine.dn, {}) as certificat: - certificat['certificat'] = unicode(pem, 'utf-8') + certificat['certificat'] = unicode(pem.strip(), 'utf-8') certificat.create() raise Continue(cont(certificat=certificat, machine=certificat.machine())) @@ -1307,12 +1312,12 @@ les valeurs valident sont : def todo(machine, certificat, pem, cont): if certificat: with self.conn.search(dn=certificat.dn, scope=0, mode='rw')[0] as certificat: - certificat['csr'] = unicode(pem, 'utf-8') + certificat['csr'] = unicode(pem.strip(), 'utf-8') certificat.save() else: with self.conn.newCertificat(machine.dn, {}) as certificat: certificat['hostCert']=unicode(machine['host'][0]) - certificat['csr'] = unicode(pem, 'utf-8') + certificat['csr'] = unicode(pem.strip(), 'utf-8') certificat.create() raise Continue(cont(certificat=certificat, machine=certificat.machine())) @@ -1356,7 +1361,7 @@ les valeurs valident sont : menu menu_order = ['Hostname'] if not "privateKey" in certificat['objectClass']: - menu_order.append('AddPrivateKey') + menu_order.extend(['AddPrivateKey', 'SetCertificate']) if not "x509Cert" in certificat['objectClass']: menu_order.extend([ 'AddCertificate']) if "x509Cert" in certificat['objectClass']: @@ -1407,8 +1412,8 @@ les valeurs valident sont : raise Continue(TailCall(self.modif_certificat_attributs, certificat=certificat, cont=self_cont(certificat=certificat, tag=tag), attr=menu[tag]['attribut'].ldap_name)) else: raise EnvironmentError("Il n'y a ni champ 'attribut' ni 'callback' pour le tag %s" % tag) - (code, tag) = self.handle_dialog(cont, box, tag) - cancel_cont = cont(machine=machine) if certificat is None else self_cont(machine=certificat.machine(), certificat=None) + cancel_cont = cont(machine=machine) if certificat is None else self_cont(machine=certificat.machine(), certificat=None, tag=tag) + (code, tag) = self.handle_dialog(cancel_cont, box, tag) return self.handle_dialog_result( code=code, output=tag, @@ -2353,10 +2358,10 @@ les valeurs valident sont : } ### Les clef qui n'existe pas sont toute renvoyé sur la clef '' menu_order = ["aA", "mA", "aMA", "dA", "", "mM", "dM", " ", "aC", "mC", "aMC", "dC", " ", "aKM"] - if isinstance(proprio, objets.AssociationCrans): - proprio = None if machine and not proprio: proprio = machine.proprio() + if isinstance(proprio, objets.AssociationCrans): + proprio = None if machine or proprio: menu_order = [' '] + menu_order if machine: diff --git a/utils/ldapcertfs.py b/utils/ldapcertfs.py index 63351711..a6fa2bc0 100755 --- a/utils/ldapcertfs.py +++ b/utils/ldapcertfs.py @@ -46,7 +46,7 @@ from OpenSSL import crypto import lc_ldap.shortcuts import gestion.secrets_new as secrets -from gestion.gen_confs.populate_sshFingerprint import get_machines + # Specify what Fuse API use: 0.2 fuse.fuse_python_api = (0, 2) @@ -122,7 +122,7 @@ class LdapCertFS(fuse.Fuse): # dictionnnaire CN => certificat pour construire la chaine de certificat # Il n'est utile ici que de renseigner des CN de CA intermédiaires self.chain = { - 'CAcert Class 3 Root' : open('/etc/ssl/certs/cacert-chain.pem').read(), + 'CAcert Class 3 Root' : open('/etc/ssl/certs/cacert.org.pem').read(), } # Les fichers certificats que l'on veux créer. fil est une liste représentant # la concaténation des attributs ldap (bien formaté). chain est un joker pour @@ -380,6 +380,7 @@ def main(usage): if end_option or not item.startswith('-'): if not os.path.isdir(item): raise EnvironmentError("%s is not a dir" % item) + break if item == '--': end_option=True @@ -415,7 +416,7 @@ LdapCertFS - Ldap Certificate File System # On appel main et on affiche les exceptions EnvironmentError try: main(usage) - except (EnvironmentError) as e: + except (EnvironmentError, fuse.FuseError) as e: sys.stderr.write("Error: %s\n" % e) sys.exit(1)