You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
209 lines
5.8 KiB
209 lines
5.8 KiB
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
|
|
import cmd
|
|
import sys
|
|
|
|
from models.ssh import SSHAuthority
|
|
from models.ssl import SSLAuthority
|
|
|
|
from manager import sign_request
|
|
|
|
__doc__= """
|
|
Class to make a shell and interact with the user
|
|
"""
|
|
|
|
class CAManagerShell(cmd.Cmd):
|
|
intro= """# LILiK CA Manager #
|
|
Welcome to the certification authority shell.
|
|
Type help or ? to list commands.
|
|
"""
|
|
prompt= "(CA Manager)> "
|
|
|
|
def __init__(self, ca_manager):
|
|
super(CAManagerShell, self).__init__()
|
|
self.ca_manager = ca_manager
|
|
|
|
def do_ls_cas(self, l):
|
|
'List the available certification authorities: LS_CA'
|
|
for i, authority in enumerate(self.ca_manager.ca):
|
|
print('- %d - %s' % (i, authority))
|
|
|
|
def do_ls_certificates(self, l):
|
|
'List the issued certificates: LS_CERTIFICATE'
|
|
for i, cert in enumerate(self.ca_manager.certificate):
|
|
print('- %d - %s' % (i, cert))
|
|
|
|
def do_ls_requests(self, l):
|
|
'List the available certification requests: LS_REQUESTS'
|
|
print_available_requests(self.ca_manager)
|
|
|
|
def do_describe_cas(self, l):
|
|
'Show certification authority information: DESCRIBE_CAS'
|
|
ca_id = l.split()[0]
|
|
|
|
ca = self.ca_manager.ca[ca_id]
|
|
|
|
if ca:
|
|
ca_description = """
|
|
Certification authority: %s
|
|
--------------------------------------------------
|
|
CA type: %s
|
|
CA name: %s
|
|
Serial: %s
|
|
"""
|
|
|
|
ca_info = (
|
|
ca_id,
|
|
ca.__class__.__name__,
|
|
ca.name,
|
|
ca.serial,
|
|
)
|
|
|
|
print(ca_description % ca_info)
|
|
else:
|
|
print("No CA found for id: '%s'" % request_id)
|
|
|
|
def do_describe_certificate(self, l):
|
|
'Show certificate information: DESCRIBE_CERTIFICATE'
|
|
certificate_id = l.split()[0]
|
|
|
|
cert = self.ca_manager.certificate[certificate_id]
|
|
|
|
if cert:
|
|
cert_description = """
|
|
Certificate %s
|
|
--------------------------------------------------
|
|
Signin authority: %s
|
|
Signed on: %s
|
|
Receiver: %s
|
|
Certificate Serial: %s
|
|
Validity Interval: %s
|
|
"""
|
|
|
|
request_info = (
|
|
certificate_id,
|
|
cert.signed_by,
|
|
cert.date_issued,
|
|
cert.receiver,
|
|
cert.serial_number,
|
|
cert.validity_interval,
|
|
)
|
|
|
|
print(cert_description % cert_info)
|
|
else:
|
|
print('No certificate found for id: "%s"' % cert_id)
|
|
pass
|
|
|
|
def do_describe_request(self, l):
|
|
'Show sign request information: DESCRIBE_REQUEST'
|
|
request_id = l.split()[0]
|
|
|
|
request = self.ca_manager.request[request_id]
|
|
|
|
if request:
|
|
request_description = """
|
|
Request %s
|
|
--------------------------------------------------
|
|
Request type: %s
|
|
%s
|
|
Key %s
|
|
"""
|
|
|
|
request_info = (
|
|
request_id,
|
|
request.__class__.__name__,
|
|
request.fields,
|
|
request.key_data,
|
|
)
|
|
|
|
print(request_description % request_info)
|
|
else:
|
|
print('No request found for id: "%s"' % request_id)
|
|
|
|
def do_drop_request(self, l):
|
|
'Delete a sign request: DROP_REQUEST'
|
|
request_id = l.split()[0]
|
|
|
|
del self.ca_manager.request[request_id]
|
|
|
|
def do_gen_ssh(self, l):
|
|
'Generate a SSH Certification authority: GEN_SSH id name'
|
|
argv = l.split(maxsplit=1)
|
|
ca_id = argv[0]
|
|
name = argv[1]
|
|
new_auth = SSHAuthority(
|
|
ca_id = ca_id,
|
|
name = name,
|
|
serial = 0,
|
|
)
|
|
|
|
new_auth.generate()
|
|
new_auth.save()
|
|
|
|
def do_gen_ssl(self, l):
|
|
'Generate a SSL Certification authority'
|
|
argv = l.split(maxsplit=1)
|
|
ca_id = argv[0]
|
|
name = argv[1]
|
|
new_auth = SSLAuthority(
|
|
ca_id = ca_id,
|
|
name = name,
|
|
serial = 0,
|
|
)
|
|
|
|
new_auth.generate()
|
|
new_auth.save()
|
|
|
|
def do_sign_request(self, l):
|
|
'Sign a request using a CA: SIGN_REQUEST ca_id request_id'
|
|
argv = l.split()
|
|
argc = len(argv)
|
|
|
|
# argument number is too low
|
|
if argc < 2:
|
|
if argc == 0:
|
|
# print available ca
|
|
print("Available authority")
|
|
print_available_authorities(self.ca_manager)
|
|
|
|
print("==================")
|
|
|
|
# print available requests
|
|
print("Available request")
|
|
print_available_requests(self.ca_manager)
|
|
else:
|
|
authority_id, request_id = argv[0], argv[1]
|
|
|
|
sign_request(self.ca_manager, request_id, authority_id)
|
|
|
|
def complete_sign_request(self, text, line, begidx, endidx):
|
|
|
|
ca_results = [
|
|
a for a in self.ca_manager.ca if a.ca_id.startswith(text)
|
|
]
|
|
|
|
req_result = [
|
|
a for a in self.ca_manager.request if a.req_id.startswith(text)
|
|
]
|
|
|
|
return ' '.join(results)
|
|
|
|
def complete(self, text, state):
|
|
results = super().complete(text, state)
|
|
if results is not None:
|
|
return "%s "%results
|
|
return results
|
|
|
|
def do_quit(self, l):
|
|
'Quit this shell'
|
|
return True
|
|
|
|
|
|
def print_available_authorities(ca_manager):
|
|
for i, ca_item in enumerate(ca_manager.ca):
|
|
print("- %d : %s" % (i , ca_item))
|
|
|
|
def print_available_requests(ca_manager):
|
|
for i, request in enumerate(ca_manager.request):
|
|
print("- %d : %s" % (i, request))
|