ca_manager/manager.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import cmd
import hashlib
import json
import os
import os.path
import shutil
import tempfile

from peewee import *

from lookup import CALookup, RequestLookup, CertificateLookup

from models.ssh import SSHAuthority
from models.ssl import SSLAuthority
from models.certificate import Certificate

from paths import *

__doc__= """
Define classes to interact with certificate requests and Certification Authority
"""

db = SqliteDatabase(os.path.join(MANAGER_PATH, 'ca_manager.db'))

class CAManager(object):
    """
    Middleware to interact with ssh-keygen
    """

    def __init__(self, path):
        self.path = path

        self.ca = CALookup()
        self.request = RequestLookup()
        self.certificate = CertificateLookup()

    @property
    def db_path(self):
        return os.path.join(self.path, 'ca_manager.db')

    @property
    def ssh_ca_dir(self):
        return os.path.join(self.path, 'ssh_cas')

    @property
    def ssl_ca_dir(self):
        return os.path.join(self.path, 'ssl_cas')

def init_manager(paths):
    """
    Initiate the manager by creating the
    directories to store CAs and requests.

    Create a database to store the information
    """
    directories = ['ssh_cas', 'ssl_cas', ]

    # ensure the directories needed by CAManager
    # exists
    for dirpath in paths:
        if not os.path.exists(dirpath):
            os.makedirs(dirpath)

    # ensure ssh_cas ad ssl_cas directories
    # exists in MANAGER_PATH
    for dirname in directories:
        dirpath = os.path.join(paths[0], dirname)

        if not os.path.exists(dirpath):
            os.mkdir(dirpath)

    # ensure the database exists
    # in MANAGER_PATH and create the
    # tables for Authority and Certificate
    db.connect()

    models_required = [
        SSHAuthority,
        SSLAuthority,
        Certificate,
    ]

    db.create_tables(
        models_required,
        safe = True,
        )

def sign_request(ca_manager, request_id, authority_id):

    authority, request = None, None

    try:
        authority = ca_manager.ca[authority_id]
    except IndexError:
        print("Could not find CA '%d'" % authority_id)
        return

    try:
        request = ca_manager.request[request_id]
    except IndexError:
        print("Could not find request '%d'" % request_id)

    h = hashlib.sha256()
    h.update(request.key_data.encode('utf-8'))
    print("Request hash: %s" % h.hexdigest())

    print("You are about to sign this request with the following CA:")
    confirm = input('Proceed? (type yes)> ')
    if confirm != 'yes':
        print ("user abort")
        return

    cert_path = authority.sign(request)
    del ca_manager.request[request_id]

    shutil.copy(cert_path, os.path.join(RESULTS_PATH, request.req_id))


if __name__ == '__main__':
    from shell import CAManagerShell

    init_manager([
        MANAGER_PATH,
        REQUESTS_PATH,
        OUTPUT_PATH,
        RESULTS_PATH,
        ])


    ca_manager = CAManager(MANAGER_PATH)

    CAManagerShell(ca_manager).cmdloop()