~ubuntu-branches/ubuntu/hardy/pyca/hardy

« back to all changes in this revision

Viewing changes to bin/ca2ldif.py

Committer: Bazaar Package Importer
Author(s): Lars Bahner
Date: 2003-12-02 19:39:35 UTC
Revision ID: james.westby@ubuntu.com-20031202193935-fzzt289mntvy6a8q

Tags: upstream-20031118

Import upstream version 20031118

files added:

bin/ca2ldif.py

bin/certs2ldap.py

bin/copy-cacerts.py

bin/ldap2certs.py

bin/ns-jsconfig.py

bin/print-cacerts.py

cgi-bin

cgi-bin/browser-check.py

cgi-bin/ca-index.py

cgi-bin/cert-query.py

cgi-bin/client-enroll.py

cgi-bin/get-cert.py

cgi-bin/ns-check-rev.py

cgi-bin/ns-revoke.py

cgi-bin/pycacnf.py

cgi-bin/scep.py

cgi-bin/view-cert.py

conf

conf/cacert_AuthCerts.cnf

conf/cacert_CodeSigning.cnf

conf/cacert_EmailCerts.cnf

conf/cacert_Root.cnf

conf/cacert_ServerCerts.cnf

conf/openssl.cnf

conf/ssl_server_csr.cnf

docs

help

htdocs

htdocs/changes.html

htdocs/config.html

htdocs/demo.html

htdocs/download.html

htdocs/faq.html

htdocs/features.html

htdocs/feedback.html

htdocs/files.html

htdocs/help

htdocs/help/client-enroll.html.de

htdocs/help/client-enroll.html.en

htdocs/install.html

htdocs/news.html

htdocs/overview.html

htdocs/pyca.html

htdocs/related.html

htdocs/roadmap.html

htdocs/security.html

htdocs/ssi

htdocs/ssi/footer.html

htdocs/ssi/head.html

htdocs/ssi/navigation.html

pylib

pylib/certhelper.py

pylib/cgiforms.py

pylib/cgihelper.py

pylib/cgissl.py

pylib/charset.py

pylib/htmlbase.py

pylib/ipadr.py

pylib/ldapbase.py

pylib/ldif.py

pylib/openssl

pylib/openssl/__init__.py

pylib/openssl/cert.py

pylib/openssl/cnf.py

pylib/openssl/db.py

pylib/vbs.py

sbin

sbin/ca-certreq-mail.py

sbin/ca-cycle-priv.py

sbin/ca-cycle-pub.py

sbin/ca-make.py

sbin/ca-revoke.py

sbin/pickle-cnf.py

Show diffs side-by-side

added added

removed removed

bin/ca2ldif.py

#!/usr/bin/python

########################################################################

# ca2ldif.py

# (c) by Michael Stroeder, michael@stroeder.com

########################################################################

__version__ = '0.6.6'

########################################################################

# This simple script generates a LDIF file containing all CA certs

# and CRLs.

########################################################################

import sys, string, os, getopt, types, shutil

def findoption(options,paramname):

for i in options:

if i[0]==paramname:

return i

return ()

def PrintUsage(ErrorMsg='',ErrorCode=1):

script_name = string.split(sys.argv[0],os.sep)[-1]

sys.stderr.write("""*** %s *** (C) by Michael Stroeder, 1999

usage: %s [options]

Options:

-h or --help

Print out this message

--config=[pathname]

Pathname of OpenSSL configuration file.

Default: /etc/openssl/openssl.cnf

--pycalib=[directory]

Specify directory containing the pyCA modules

Default: /usr/local/pyca/pylib

--out=[pathname]

Pathname of LDIF file for output

Default: stdout

--dntemplate=[Python dict string]

A Python string used as template for building LDAP

Distinguished Names E.g. cn=%%(CN)s,ou=TestCA,o=My company,c=DE

Default: cn=%%(CN)s

--crl

Add CRLs to entries.

""" % (script_name,script_name))

if ErrorMsg:

sys.stderr.write('Error: %s\n' % ErrorMsg)

sys.exit(ErrorCode)

script_name=sys.argv[0]

try:

options,args=getopt.getopt(sys.argv[1:],'h',['help','config=','pycalib=','out=','dntemplate=','crl'])

except getopt.error,e:

PrintUsage(str(e))

if findoption(options,'-h')!=() or findoption(options,'--help')!=():

PrintUsage(script_name)

if findoption(options,'--config')!=():

opensslcnfname = findoption(options,'--config')[1]

else:

opensslcnfname = os.environ.get('OPENSSL_CONF','/etc/openssl/openssl.cnf')

if not os.path.isfile(opensslcnfname):

PrintUsage('Config file %s not found.' % (opensslcnfname))

sys.exit(1)

if findoption(options,'--pycalib')!=():

pycalib = findoption(options,'--pycalib')[1]

else:

pycalib = os.environ.get('PYCALIB','/usr/local/pyca/pylib')

if not os.path.exists(pycalib) or not os.path.isdir(pycalib):

PrintUsage('Module directory %s does not exist or is no directory.' % (pycalib))

sys.exit(1)

sys.path.append(pycalib)

try:

import openssl, charset, ldif, ldapbase

except ImportError:

PrintUsage('Required pyCA modules not found in directory %s!' % (pycalib))

# Read the configuration file

if os.path.isfile('%s.pickle' % (opensslcnfname)):

# Try to read OpenSSL's config file from a pickled copy

f=open('%s.pickle' % (opensslcnfname),'rb')

try:

100

# first try to use the faster cPickle module

101

from cPickle import load

102

except ImportError:

103

from pickle import load

104

opensslcnf=load(f)

105

f.close()

106

else:

107

# Parse OpenSSL's config file from source

108

opensslcnf=openssl.cnf.OpenSSLConfigClass(opensslcnfname)

109

110

create_crls = findoption(options,'--crl')!=()

111

112

pyca_section = opensslcnf.data.get('pyca',{})

113

openssl.bin_filename = pyca_section.get('OpenSSLExec','/usr/local/ssl/bin/openssl')

114

if not os.path.isfile(openssl.bin_filename):

115

sys.stderr.write('Did not find OpenSSL executable %s.\n' % (openssl.bin_filename))

116

sys.exit(1)

117

118

if findoption(options,'--out')!=():

119

ldiffile = open(findoption(options,'--out')[1],'w')

120

else:

121

ldiffile = sys.stdout

122

123

if findoption(options,'--dntemplate')!=():

124

dntemplate = findoption(options,'--dntemplate')[1]

125

else:

126

dntemplate = r'cn=%(CN)s'

127

128

ca_names = opensslcnf.sectionkeys.get('ca',[])

129

ca_dn_dict = {}

130

131

for ca_name in ca_names:

132

133

ca = opensslcnf.getcadata(ca_name)

134

135

if os.path.isfile(ca.certificate):

136

137

cacert = openssl.cert.X509CertificateClass(ca.certificate)

138

139

ca_dn = charset.iso2utf(charset.t612iso(dntemplate % (cacert.subject)))

140

if ca_dn_dict.has_key(ca_dn):

141

sys.stderr.write('Warning: DN of %s conflicts with %s.\n' % (ca_name,ca_dn_dict[ca_dn]))

142

else:

143

ca_dn_dict[ca_dn]=ca_name

144

145

if ldapbase.dn_regex.match(ca_dn):

146

ca_entry = {'objectclass':['top','certificationAuthority']}

147

ca_entry['cACertificate;binary'] = [cacert.readcertfile('der')]

148

149

if create_crls:

150

if os.path.isfile(ca.crl):

151

152

cacrl = openssl.cert.CRLClass(ca.crl)

153

ca_entry['certificateRevocationList;binary'] = [cacrl.readcertfile('der')]

154

ca_entry['authorityRevocationList;binary'] = [cacrl.readcertfile('der')]

155

156

else:

157

sys.stderr.write('Warning: CRL file %s not found.\n' % (ca.crl))

158

certificateRevocationList_binary=''

159

160

ldiffile.write(ldif.CreateLDIF(ca_dn,ca_entry,['cACertificate;binary','certificateRevocationList;binary']))

161

ldiffile.write('\n')

162

163

else:

164

sys.stderr.write('Warning: DN "%s" is not a valid DN.\nCheck parameter --dntemplate="%s".\n' % (ca_dn,dntemplate))

165

cACertificate_binary=''

166

167

else:

168

sys.stderr.write('Warning: CA certificate file %s not found.\n' % (ca.certificate))

169

cACertificate_binary=''

170

171

ldiffile.close()

172

Older »