LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 Commits
7 Branches
218 KiB
Tree: 9d196b28dd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9d196b28dd'
${ noResults }
ca_manager/ca_manager.py

314 lines
8.4 KiB
Raw Normal View History

Initial commit.
9 years ago
implement CAManager shell with python cmd shell
8 years ago
Initial commit.
9 years ago
implement CAManager shell with python cmd shell
8 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
move out certificates and authority classes from ca_manager
8 years ago
remove global variables from ca_manager
8 years ago
Initial commit.
9 years ago
add docs to modules
8 years ago
update module documentation
8 years ago
add docs to modules
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
draft for CALookup descriptor
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
transform db_path to property
8 years ago
add sqlite connection handling with context manager
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add sqlite connection handling with context manager
8 years ago
Initial commit.
9 years ago
transform db_path to property
8 years ago
Initial commit.
9 years ago
transform ca_path getter to property
8 years ago
Initial commit.
9 years ago
transform ca_path getter to property
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
add documentation to CAManager methods
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
filter request by ca type
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
filter request by ca type
8 years ago
Initial commit.
9 years ago
filter request by ca type
8 years ago
Initial commit.
9 years ago
-Add slash's code for ssh_host key support -Add cli argument to request-server.py to let non interactive ssh session works
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
draft for CALookup descriptor
8 years ago
set conn attribute to None at creation
8 years ago
draft for CALookup descriptor
8 years ago
make CALookup iterable
8 years ago
draft for CALookup descriptor
8 years ago
implement DEL in CALookup API
8 years ago
draft for CALookup descriptor
8 years ago
implement GET in CALookup API
8 years ago
draft for CALookup descriptor
8 years ago
implent CREATE in CALookup API
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
document what init_manager does
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
add support for ssl
8 years ago
handle multiple directory creation
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
Initial commit.
9 years ago
add tab autocompletion
8 years ago
Initial commit.
9 years ago
change sing_request signature, adapt authority search
8 years ago
Initial commit.
9 years ago
add tab autocompletion
8 years ago
Initial commit.
9 years ago
adapt request handling for new sign_request
8 years ago
Initial commit.
9 years ago
add tab autocompletion
8 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
log only to file, sign cli in ca_manager.py
8 years ago
 
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. 

  4. import cmd
  5. import hashlib
  6. import json
  7. import os
  8. import os.path
  9. import shutil
  10. import sqlite3
  11. import tempfile
  12. 

  13. from certificate_requests import *
  14. from paths import *
  15. 

  16. __doc__= """

  17. Define classes to interact with certificate requests and Certification Authority
  18. """

  19. 

  20. class CAManager(object):
  21.     """

  22.     Middleware to interact with ssh-keygen
  23.     """

  24.     def __init__(self, path):
  25.         self.path = path
  26.         self.ca = CALookup(self.ssh_ca_dir, self.ssl_ca_dir)
  27. 

  28.     def __enter__(self):
  29.         """

  30.         Enter a context block, connect to database
  31.         """

  32.         self.conn = sqlite3.connect(self.db_path)
  33.         self.ca.conn = self.conn
  34. 

  35.         return self
  36. 

  37.     def __exit__(self, exc_type, exc_value, traceback):
  38.         """

  39.         Exit a context block, disconnect from database
  40.         """

  41.         if exc_type is not None:
  42.             print(exc_type, exc_value)
  43.             print(traceback)
  44. 

  45.         self.ca.conn = None
  46.         self.conn.close()
  47. 

  48.     @property
  49.     def db_path(self):
  50.         return os.path.join(self.path, 'ca_manager.db')
  51. 

  52.     @property
  53.     def ssh_ca_dir(self):
  54.         return os.path.join(self.path, 'ssh_cas')
  55. 

  56.     @property
  57.     def ssl_ca_dir(self):
  58.         return os.path.join(self.path, 'ssl_cas')
  59. 

  60.     def create_ssh_ca(self, ca_id, ca_name):
  61.         """

  62.         Create a new ssh certification authority, insert
  63.         it into the database
  64.         """

  65.         ca_path = self._get_ssh_ca_path(ca_id)
  66. 

  67.         authority = SSHAuthority(ca_id, ca_name, ca_path)
  68. 

  69.         authority.generate()
  70. 

  71.         c = self.conn.cursor()
  72.         c.execute("""INSERT INTO cas VALUES (?, ?, 'ssh')""",
  73.                 (ca_id, ca_name))
  74.         self.conn.commit()
  75. 

  76.     def create_ssl_ca(self, ca_id, ca_name):
  77.         """

  78.         Create a new ssl certification authority, insert
  79.         it into the database
  80.         """

  81.         ca_path = self._get_ssl_ca_path(ca_id)
  82. 

  83.         authority = SSLAuthority(ca_id, ca_name, ca_path)
  84. 

  85.         authority.generate()
  86. 

  87.         c = self.conn.cursor()
  88.         c.execute("""INSERT INTO cas VALUES (?, ?, 'ssl')""",
  89.                 (ca_id, ca_name))
  90.         self.conn.commit()
  91. 

  92.     def get_cas_list(self):
  93.         """

  94.         Get all the certification authorities saved in
  95.         the database
  96.         """

  97.         c = self.conn.cursor()
  98. 

  99.         c.execute("""SELECT id, name, type FROM cas""")
  100. 

  101.         return c.fetchall()
  102. 

  103.     def get_ca(self, ca_id):
  104.         """

  105.         Get a specific certification authority from the database
  106.         """

  107.         c = self.conn.cursor()
  108.         c.execute("""SELECT name, type FROM cas WHERE id = ?""", (ca_id, ))
  109. 

  110.         result = c.fetchone()
  111.         if not result:
  112.             raise ValueError('Unknown CA "%s"'%ca_id)
  113. 

  114.         ca_name, ca_type = result
  115. 

  116.         if ca_type == 'ssh':
  117.             ca_path = self._get_ssh_ca_path(ca_id)
  118.             return SSHAuthority(ca_id, ca_name, ca_path)
  119.         elif ca_type == 'ssl':
  120.             ca_path = self._get_ssl_ca_path(ca_id)
  121.             return SSLAuthority(ca_id, ca_name, ca_path)
  122. 

  123.     def get_requests(self, ca_type=None):
  124. 

  125.         req_objs = []
  126. 

  127.         for request_name in os.listdir(REQUESTS_PATH):
  128.             request_path = os.path.join(REQUESTS_PATH, request_name)
  129. 

  130.             with open(request_path, 'r') as stream:
  131.                 req = json.load(stream)
  132. 

  133.             if ca_type and not req['keyType'].startswith("%s_"%ca_type):
  134.                 continue
  135. 

  136.             if req['keyType'] == 'ssh_user':
  137.                 user_name = req['userName']
  138.                 root_requested = req['rootRequested']
  139.                 key_data = req['keyData']
  140. 

  141.                 req_objs.append(
  142.                         UserSSHRequest(
  143.                             request_name, user_name, root_requested, key_data))
  144.             elif req['keyType'] == 'ssh_host':
  145.                 host_name = req['hostName']
  146.                 key_data = req['keyData']
  147. 

  148.                 req_objs.append(
  149.                         HostSSHRequest(
  150.                             request_name, host_name, key_data))
  151.             elif req['keyType'] == 'ssl_host':
  152.                 host_name = req['hostName']
  153.                 key_data = req['keyData']
  154. 

  155.                 req_objs.append(
  156.                         HostSSLRequest(
  157.                             request_name, host_name, key_data))
  158. 

  159.         return req_objs
  160. 

  161.     def drop_request(self, request):
  162. 

  163.         os.unlink(os.path.join(REQUESTS_PATH, request.req_id))
  164. 

  165. class CALookup(object):
  166.     """

  167.     Proxy to interact with the database, get CA as element or as list
  168.     """

  169.     def __init__(self, ssh_ca_dir, ssl_ca_dir):
  170.         """

  171.         The connection attribute is setted by the CAManager instance
  172.         when used
  173.         """

  174. 

  175.         self.conn = None
  176.         self.ssh_ca_dir = ssh_ca_dir
  177.         self.ssl_ca_dir = ssl_ca_dir
  178. 

  179.     def __iter__(self):
  180.         c = self.conn.cursor()
  181. 

  182.         c.execute("""SELECT id, name, type FROM cas""")
  183. 

  184.         return iter(c.fetchall())
  185. 

  186.     def __delitem__(self, ca_id):
  187.         """

  188.         Delete a specific certification authority from the database
  189.         """

  190.         c = self.conn.cursor()
  191.         c.execute("""DELETE FROM cas WHERE id = ?""", (ca_id, ))
  192. 

  193.     def __getitem__(self, ca_id):
  194.         """

  195.         Get a specific certification authority from the database
  196.         """

  197.         c = self.conn.cursor()
  198.         c.execute("""SELECT name, type FROM cas WHERE id = ?""", (ca_id, ))
  199. 

  200.         result = c.fetchone()
  201.         if not result:
  202.             raise ValueError('Unknown CA "%s"' % ca_id)
  203. 

  204.         ca_name, ca_type = result
  205. 

  206.         if ca_type.lower() == 'ssh':
  207.             return SSHAuthority(ca_id, ca_name, self.ssh_ca_dir)
  208. 

  209.         elif ca_type.lower() == 'ssl':
  210.             return SSLAuthority(ca_id, ca_name, self.ssl_ca_dir)
  211. 

  212.     def __setitem__(self, ca_id, ca_value):
  213.         """

  214.         Create a new certification authority, insert
  215.         it into the database
  216.         """

  217.         ca_name, ca_type = ca_value
  218.         authority = None
  219. 

  220.         if ca_type == 'ssh':
  221.             authority = SSHAuthority(ca_id, ca_name, self.ssh_ca_dir)
  222.         elif ca_type == 'ssl':
  223.             authority = SSLAuthority(ca_id, ca_name, self.ssl_ca_dir)
  224.         else:
  225.             raise ValueError('CA type is not supported')
  226. 

  227.         authority.generate()
  228. 

  229.         c = self.conn.cursor()
  230.         c.execute("""INSERT INTO cas VALUES (?, ?, ?)""",
  231.                 (ca_id, ca_name, ca_type.lower()))
  232.         self.conn.commit()
  233. 

  234. def init_manager(paths):
  235.     """

  236.     Initiate the manager by creating the
  237.     directories to store CAs and requests.
  238. 

  239.     Create a database to store the information
  240.     """

  241.     db_path = os.path.join(paths[0], 'ca_manager.db')
  242. 

  243.     directories = ['ssh_cas', 'ssl_cas']
  244. 

  245.     # ensure the directories needed by CAManager
  246.     # exists
  247.     for dirpath in paths:
  248.         if not os.path.exists(dirpath):
  249.             os.makedirs(dirpath)
  250. 

  251.     # ensure ssh_cas ad ssl_cas directories
  252.     # exists in MANAGER_PATH
  253.     for dirname in directories:
  254.         dirpath = os.path.join(paths[0], dirname)
  255. 

  256.         if not os.path.exists(dirpath):
  257.             os.mkdir(dirpath)
  258. 

  259.     # ensure the database exists
  260.     # in MANAGER_PATH
  261.     if not os.path.exists(db_path):
  262.         conn = sqlite3.connect(db_path)
  263.         c = conn.cursor()
  264.         c.execute("""CREATE TABLE cas (id text, name text, type text)""")
  265.         conn.commit()
  266.         conn.close()
  267. 

  268. def sign_request(ca_manager, request_name, authority_name):
  269.     request = None
  270. 

  271.     try:
  272.         authority = ca_manager.get_ca(authority_name)
  273.     except IndexError:
  274.         print("Could not find CA '%d'" % choosen_ca)
  275.         return
  276. 

  277.     requests = ca_manager.get_requests()
  278. 

  279.     for i in requests:
  280.         if str(i) == request_name:
  281.             request = i
  282.     if request is None:
  283.         raise(IndexError)
  284. 

  285.     h = hashlib.sha256()
  286.     h.update(request.key_data.encode('utf-8'))
  287.     print("Request hash: %s" % h.hexdigest())
  288. 

  289.     print("You are about to sign this request with the following CA:")
  290.     confirm = input('Proceed? (type yes)> ')
  291.     if confirm != 'yes':
  292.         print ("user aborT")
  293.         return
  294. 

  295.     cert_path = authority.sign(request)
  296.     ca_manager.drop_request(request)
  297. 

  298.     shutil.copy(cert_path, os.path.join(RESULTS_PATH, request.req_id))
  299. 

  300. 

  301. if __name__ == '__main__':
  302.     from ca_shell import CAManagerShell
  303. 

  304.     init_manager([
  305.         MANAGER_PATH,
  306.         REQUESTS_PATH,
  307.         OUTPUT_PATH,
  308.         RESULTS_PATH,
  309.         ])
  310. 

  311. 

  312.     with CAManager(MANAGER_PATH) as ca_manager:
  313. 

  314.         CAManagerShell(ca_manager).cmdloop()