4
scep.py - Cisco System's Simple Certificate Enrollment Protocol
5
(c) by Michael Stroeder <michael@stroeder.com>
7
CGI-BIN for implementing SCEP
8
see: http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htm
13
def ReadCertFromFileObject(f):
14
# Zertifikat aus Dateiobject certfile lesen
19
def ReadCertsFromFileNames(pathnames):
21
for pathname in pathnames:
22
f = open(pathname,'r')
23
result.append(ReadCertFromFileObject(f))
24
return string.join(result,'')
26
import sys, os, re, string, \
27
pycacnf, htmlbase, cgiforms, cgihelper, certhelper, openssl
29
from time import time,localtime,strftime,mktime
31
from pycacnf import opensslcnf, pyca_section
33
from openssl.db import \
35
DB_type,DB_exp_date,DB_rev_date,DB_serial,DB_file,DB_name,DB_number, \
36
DB_TYPE_REV,DB_TYPE_EXP,DB_TYPE_VAL, \
37
dbtime2tuple,GetEntriesbyDN,SplitDN
39
# Wir lesen rein gar nix von Standardeingabe => gleich dicht machen
42
# Path to openssl executable
43
OpenSSLExec = pyca_section.get('OpenSSLExec','/usr/bin/openssl')
45
form = cgiforms.formClass()
47
cgiforms.formSelectClass(
50
['GetCACert','PKIOperation']
54
cgiforms.formInputClass(
64
scep_operation = form.field['operation'][0].content
65
scep_message = form.field['message'][0].content
67
if scep_operation in ['GetCACert','GetCACertChain']:
69
# *** Check parameter message again for being valid FQDN.
71
# *** Set to pre-configured SCEP CA
74
ca = opensslcnf.getcadata(scep_message)
77
if not opensslcnf.data['ca'].has_key(scep_message):
78
# CA-Definition nicht in openssl-Konfiguration enthalten
79
htmlbase.PrintErrorMsg('Unknown certificate authority "%s".' % scep_message)
82
# Does the certificate file exist?
83
if not os.path.isfile(ca.certificate):
84
htmlbase.PrintErrorMsg('CA Certificate of file not found.')
87
cert = certhelper.pem2der(open(ca.certificate,'r').read())
88
sys.stderr.write('%s' % repr(cert))
89
# Simply write MIME-type and certificate data to stdout
90
sys.stdout.write('Content-type: application/x-x509-ca-cert\n\n')
91
sys.stdout.write(cert)
94
elif scep_operation=='PKIOperation':
96
open('/tmp/scep_message','wb').write(scep_message)