Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

146 lines
3.5 KiB

  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. import cmd
  4. import hashlib
  5. from itertools import chain
  6. import json
  7. import os
  8. import os.path
  9. import pickle
  10. import shutil
  11. import sqlite3
  12. import tempfile
  13. from models.ssh import SSHAuthority, UserSSHRequest, HostSSHRequest
  14. from models.ssl import SSLAuthority, HostSSLRequest
  15. from models.certificate import Certificate
  16. from models.request import SignRequest
  17. from paths import *
  18. class CALookup:
  19. """
  20. Proxy to interact with authorities
  21. """
  22. allowed_auth = [
  23. SSHAuthority,
  24. SSLAuthority,
  25. ]
  26. def __init__(self):
  27. self.path = MANAGER_PATH
  28. def __iter__(self):
  29. all_the_authorities = [ auth.select().iterator() for auth in self.allowed_auth]
  30. return chain.from_iterable(all_the_authorities)
  31. def __getitem__(self, ca_id):
  32. for authority_type in self.allowed_auth:
  33. try:
  34. ca = authority_type.get(authority_type.ca_id == ca_id)
  35. return ca
  36. except authority_type.DoesNotExist:
  37. continue
  38. class RequestLookup:
  39. """
  40. Proxy to interact with the requests
  41. """
  42. def __init__(self):
  43. self.request_dir = REQUESTS_PATH
  44. self.output_dir = OUTPUT_PATH
  45. def __iter__(self):
  46. """
  47. Iterate over all certificate request in REQUEST_PATH
  48. """
  49. for request_id in os.listdir(self.request_dir):
  50. """
  51. request_id is formatted as uuid
  52. """
  53. yield self[request_id]
  54. def __delitem__(self, request_id):
  55. """
  56. Delete a specific certificate request
  57. """
  58. os.unlink(SignRequest(request_id).path)
  59. def __getitem__(self, request_id):
  60. """
  61. Get a specific certificate request
  62. """
  63. with open(SignRequest(request_id).path, 'r') as stream:
  64. request_data = json.load(
  65. stream,
  66. )
  67. requester = request_data.get('userName', None) or request_data.get('hostName', None)
  68. root_requested = request_data.get('rootRequested', False)
  69. key_data = request_data.get('keyData', None)
  70. values = request_data['request'].values()
  71. if 'ssh_user' in values:
  72. return UserSSHRequest(
  73. request_id,
  74. requester,
  75. root_requested,
  76. key_data,
  77. )
  78. elif 'ssh_host' in values:
  79. return HostSSHRequest(
  80. request_id,
  81. requester,
  82. key_data,
  83. )
  84. elif 'ssl_host' in values:
  85. return HostSSLRequest(
  86. request_id,
  87. requester,
  88. key_data,
  89. )
  90. else:
  91. return SignRequest(request_id)
  92. @property
  93. def ssh(self):
  94. pass
  95. @property
  96. def ssl(self):
  97. pass
  98. class CertificateLookup:
  99. """
  100. Proxy to interact with certificates
  101. """
  102. def __iter__(self):
  103. self.cert_dir = OUTPUT_PATH
  104. def __getitem__(self, certificate_id):
  105. """
  106. Get a specific certificate from disk
  107. """
  108. if not Certificate(certificate_id):
  109. raise IndexError
  110. return Certificate(certificate_id)
  111. def __iter__(self):
  112. """
  113. Iterate over all certificate request in OUTPUT_PATH
  114. """
  115. pass