~ubuntu-branches/ubuntu/hardy/pyca/hardy

« back to all changes in this revision

Viewing changes to cgi-bin/scep.py

• browse files at revision 1
• compare with another revision
• download diff
• download tarball
• view history from revision 1

Show diffs side-by-side

added

removed

cgi-bin/scep.py

 

1

#!/usr/bin/python

 

2

 

 

3

"""

 

4

scep.py - Cisco System's Simple Certificate Enrollment Protocol

 

5

(c) by Michael Stroeder <michael@stroeder.com>

 

6

 

 

7

CGI-BIN for implementing SCEP

 

8

see: http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htm

 

9

"""

 

10

 

 

11

Version='0.6.6'

 

12

 

 

13

def ReadCertFromFileObject(f):

 

14

  # Zertifikat aus Dateiobject certfile lesen

 

15

  cert = f.read()

 

16

  rc = f.close()

 

17

  return cert

 

18

 

 

19

def ReadCertsFromFileNames(pathnames):

 

20

  result = []

 

21

  for pathname in pathnames:

 

22

    f = open(pathname,'r')

 

23

    result.append(ReadCertFromFileObject(f))

 

24

  return string.join(result,'')

 

25

 

 

26

import sys, os, re, string, \

 

27

       pycacnf, htmlbase, cgiforms, cgihelper, certhelper, openssl

 

28

 

 

29

from time import time,localtime,strftime,mktime

 

30

 

 

31

from pycacnf import opensslcnf, pyca_section

 

32

 

 

33

from openssl.db import \

 

34

  empty_DN_dict, \

 

35

  DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \

 

36

  DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \

 

37

  dbtime2tuple,GetEntriesbyDN,SplitDN

 

38

 

 

39

# Wir lesen rein gar nix von Standardeingabe => gleich dicht machen

 

40

sys.stdin.close()

 

41

 

 

42

# Path to openssl executable

 

43

OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl')

 

44

 

 

45

form = cgiforms.formClass()

 

46

form.add(

 

47

  cgiforms.formSelectClass(

 

48

    'operation',

 

49

    'Operation',

 

50

    ['GetCACert','PKIOperation']

 

51

  )

 

52

)

 

53

form.add(

 

54

  cgiforms.formInputClass(

 

55

    'message',

 

56

    'Message',

 

57

    10000,

 

58

    (r'.*',re.M+re.S)

 

59

  )

 

60

)

 

61

 

 

62

form.getparams()

 

63

 

 

64

scep_operation = form.field['operation'][0].content

 

65

scep_message = form.field['message'][0].content

 

66

 

 

67

if scep_operation in ['GetCACert','GetCACertChain']:

 

68

 

 

69

  # *** Check parameter message again for being valid FQDN.

 

70

 

 

71

  # *** Set to pre-configured SCEP CA

 

72

  scep_message = 'SCEP'

 

73

 

 

74

  ca = opensslcnf.getcadata(scep_message)

 

75

 

 

76

  # Name der CA pruefen

 

77

  if not opensslcnf.data['ca'].has_key(scep_message):

 

78

    # CA-Definition nicht in openssl-Konfiguration enthalten

 

79

    htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message)

 

80

    sys.exit(0)

 

81

 

 

82

  # Does the certificate file exist?

 

83

  if not os.path.isfile(ca.certificate):

 

84

    htmlbase.PrintErrorMsg('CA Certificate of file not found.')

 

85

    sys.exit(0)

 

86

 

 

87

  cert = certhelper.pem2der(open(ca.certificate,'r').read())

 

88

  sys.stderr.write('%s' % repr(cert))

 

89

  # Simply write MIME-type and certificate data to stdout

 

90

  sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')

 

91

  sys.stdout.write(cert)

 

92

  sys.stdout.flush()

 

93

 

 

94

elif scep_operation=='PKIOperation':

 

95

 

 

96

  open('/tmp/scep_message','wb').write(scep_message)

 

97

 

 

98

sys.exit(0)

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1