crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[gest_crans_lc, utils/ldapcertfs] Fétails gestions des certificats

Browse source
This commit is contained in:
Valentin Samir 2014-03-18 22:44:54 +01:00
parent 4a225f1375
commit 266cf73a0a
2 changed files with 19 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

25
gestion/gest_crans_lc.py
View file

@ -998,7 +998,12 @@ class GestCrans(object):
def box(fields_values=None): def box(fields_values=None):
fields = [("%s : " % k, form[k]['text'], form[k]['len'] + 1, form[k]['len']) for k in form_order] fields = [("%s : " % k, form[k]['text'], form[k]['len'] + 1, form[k]['len']) for k in form_order]
return self.dialog.form( return self.dialog.form(
text="", text="""Type de certificat : Type de correspondance :
* 0 - CA pinning * 0 - certificat entier
* 1 - Cert pinning * 1 - sha256
* 2 - CA auto signé * 2 - sha512
* 3 - Cert autosigné""",
no_collapse=True,
height=0, width=0, form_height=0, height=0, width=0, form_height=0,
timeout=self.timeout, timeout=self.timeout,
fields=fields_values if fields_values else fields, fields=fields_values if fields_values else fields,
@ -1070,11 +1075,11 @@ les valeurs valident sont :
def todo(machine, certificat, cont): def todo(machine, certificat, cont):
if certificat: if certificat:
with self.conn.search(dn=certificat.dn, scope=0, mode='rw')[0] as certificat: with self.conn.search(dn=certificat.dn, scope=0, mode='rw')[0] as certificat:
certificat['certificat'] = unicode(pem, 'utf-8') certificat['certificat'] = unicode(pem.strip(), 'utf-8')
certificat.save() certificat.save()
else: else:
with self.conn.newCertificat(machine.dn, {}) as certificat: with self.conn.newCertificat(machine.dn, {}) as certificat:
certificat['certificat'] = unicode(pem, 'utf-8') certificat['certificat'] = unicode(pem.strip(), 'utf-8')
certificat.create() certificat.create()
raise Continue(cont(certificat=certificat, machine=certificat.machine())) raise Continue(cont(certificat=certificat, machine=certificat.machine()))
@ -1307,12 +1312,12 @@ les valeurs valident sont :
def todo(machine, certificat, pem, cont): def todo(machine, certificat, pem, cont):
if certificat: if certificat:
with self.conn.search(dn=certificat.dn, scope=0, mode='rw')[0] as certificat: with self.conn.search(dn=certificat.dn, scope=0, mode='rw')[0] as certificat:
certificat['csr'] = unicode(pem, 'utf-8') certificat['csr'] = unicode(pem.strip(), 'utf-8')
certificat.save() certificat.save()
else: else:
with self.conn.newCertificat(machine.dn, {}) as certificat: with self.conn.newCertificat(machine.dn, {}) as certificat:
certificat['hostCert']=unicode(machine['host'][0]) certificat['hostCert']=unicode(machine['host'][0])
certificat['csr'] = unicode(pem, 'utf-8') certificat['csr'] = unicode(pem.strip(), 'utf-8')
certificat.create() certificat.create()
raise Continue(cont(certificat=certificat, machine=certificat.machine())) raise Continue(cont(certificat=certificat, machine=certificat.machine()))
@ -1356,7 +1361,7 @@ les valeurs valident sont :
menu menu
menu_order = ['Hostname'] menu_order = ['Hostname']
if not "privateKey" in certificat['objectClass']: if not "privateKey" in certificat['objectClass']:
menu_order.append('AddPrivateKey') menu_order.extend(['AddPrivateKey', 'SetCertificate'])
if not "x509Cert" in certificat['objectClass']: if not "x509Cert" in certificat['objectClass']:
menu_order.extend([ 'AddCertificate']) menu_order.extend([ 'AddCertificate'])
if "x509Cert" in certificat['objectClass']: if "x509Cert" in certificat['objectClass']:
@ -1407,8 +1412,8 @@ les valeurs valident sont :
raise Continue(TailCall(self.modif_certificat_attributs, certificat=certificat, cont=self_cont(certificat=certificat, tag=tag), attr=menu[tag]['attribut'].ldap_name)) raise Continue(TailCall(self.modif_certificat_attributs, certificat=certificat, cont=self_cont(certificat=certificat, tag=tag), attr=menu[tag]['attribut'].ldap_name))
else: else:
raise EnvironmentError("Il n'y a ni champ 'attribut' ni 'callback' pour le tag %s" % tag) raise EnvironmentError("Il n'y a ni champ 'attribut' ni 'callback' pour le tag %s" % tag)
(code, tag) = self.handle_dialog(cont, box, tag) cancel_cont = cont(machine=machine) if certificat is None else self_cont(machine=certificat.machine(), certificat=None, tag=tag)
cancel_cont = cont(machine=machine) if certificat is None else self_cont(machine=certificat.machine(), certificat=None) (code, tag) = self.handle_dialog(cancel_cont, box, tag)
return self.handle_dialog_result( return self.handle_dialog_result(
code=code, code=code,
output=tag, output=tag,
@ -2353,10 +2358,10 @@ les valeurs valident sont :
} }
### Les clef qui n'existe pas sont toute renvoyé sur la clef '' ### Les clef qui n'existe pas sont toute renvoyé sur la clef ''
menu_order = ["aA", "mA", "aMA", "dA", "", "mM", "dM", " ", "aC", "mC", "aMC", "dC", " ", "aKM"] menu_order = ["aA", "mA", "aMA", "dA", "", "mM", "dM", " ", "aC", "mC", "aMC", "dC", " ", "aKM"]
if isinstance(proprio, objets.AssociationCrans):
proprio = None
if machine and not proprio: if machine and not proprio:
proprio = machine.proprio() proprio = machine.proprio()
if isinstance(proprio, objets.AssociationCrans):
proprio = None
if machine or proprio: if machine or proprio:
menu_order = [' '] + menu_order menu_order = [' '] + menu_order
if machine: if machine:

7
utils/ldapcertfs.py
View file

@ -46,7 +46,7 @@ from OpenSSL import crypto
import lc_ldap.shortcuts import lc_ldap.shortcuts
import gestion.secrets_new as secrets import gestion.secrets_new as secrets
from gestion.gen_confs.populate_sshFingerprint import get_machines
# Specify what Fuse API use: 0.2 # Specify what Fuse API use: 0.2
fuse.fuse_python_api = (0, 2) fuse.fuse_python_api = (0, 2)
@ -122,7 +122,7 @@ class LdapCertFS(fuse.Fuse):
# dictionnnaire CN => certificat pour construire la chaine de certificat # dictionnnaire CN => certificat pour construire la chaine de certificat
# Il n'est utile ici que de renseigner des CN de CA intermédiaires # Il n'est utile ici que de renseigner des CN de CA intermédiaires
self.chain = { self.chain = {
'CAcert Class 3 Root' : open('/etc/ssl/certs/cacert-chain.pem').read(), 'CAcert Class 3 Root' : open('/etc/ssl/certs/cacert.org.pem').read(),
} }
# Les fichers certificats que l'on veux créer. fil est une liste représentant # Les fichers certificats que l'on veux créer. fil est une liste représentant
# la concaténation des attributs ldap (bien formaté). chain est un joker pour # la concaténation des attributs ldap (bien formaté). chain est un joker pour
@ -380,6 +380,7 @@ def main(usage):
if end_option or not item.startswith('-'): if end_option or not item.startswith('-'):
if not os.path.isdir(item): if not os.path.isdir(item):
raise EnvironmentError("%s is not a dir" % item) raise EnvironmentError("%s is not a dir" % item)
break
if item == '--': if item == '--':
end_option=True end_option=True
@ -415,7 +416,7 @@ LdapCertFS - Ldap Certificate File System
# On appel main et on affiche les exceptions EnvironmentError # On appel main et on affiche les exceptions EnvironmentError
try: try:
main(usage) main(usage)
except (EnvironmentError) as e: except (EnvironmentError, fuse.FuseError) as e:
sys.stderr.write("Error: %s\n" % e) sys.stderr.write("Error: %s\n" % e)
sys.exit(1) sys.exit(1)