LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
52 Commits
7 Branches
218 KiB
Tree: c504b8912a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c504b8912a'
${ noResults }
ca_manager/ca_manager.py

310 lines
8.2 KiB
Raw Normal View History

Initial commit.
9 years ago
implement CAManager shell with python cmd shell
8 years ago
Initial commit.
9 years ago
implement CAManager shell with python cmd shell
8 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
move out certificates and authority classes from ca_manager
8 years ago
remove global variables from ca_manager
8 years ago
Initial commit.
9 years ago
add docs to modules
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
draft for CALookup descriptor
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
transform db_path to property
8 years ago
add sqlite connection handling with context manager
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add sqlite connection handling with context manager
8 years ago
Initial commit.
9 years ago
transform db_path to property
8 years ago
Initial commit.
9 years ago
transform ca_path getter to property
8 years ago
Initial commit.
9 years ago
transform ca_path getter to property
8 years ago
Initial commit.
9 years ago
transform ca_path getter to property
8 years ago
add support for ssl
8 years ago
transform ca_path getter to property
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
add documentation to CAManager methods
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
filter request by ca type
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
filter request by ca type
8 years ago
Initial commit.
9 years ago
filter request by ca type
8 years ago
Initial commit.
9 years ago
-Add slash's code for ssh_host key support -Add cli argument to request-server.py to let non interactive ssh session works
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
draft for CALookup descriptor
8 years ago
set conn attribute to None at creation
8 years ago
draft for CALookup descriptor
8 years ago
make CALookup iterable
8 years ago
draft for CALookup descriptor
8 years ago
implement DEL in CALookup API
8 years ago
draft for CALookup descriptor
8 years ago
implement GET in CALookup API
8 years ago
draft for CALookup descriptor
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
document what init_manager does
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
add support for ssl
8 years ago
handle multiple directory creation
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
Initial commit.
9 years ago
add tab autocompletion
8 years ago
Initial commit.
9 years ago
change sing_request signature, adapt authority search
8 years ago
Initial commit.
9 years ago
add tab autocompletion
8 years ago
Initial commit.
9 years ago
adapt request handling for new sign_request
8 years ago
Initial commit.
9 years ago
add tab autocompletion
8 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
log only to file, sign cli in ca_manager.py
8 years ago
 
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. 

  4. import cmd
  5. import hashlib
  6. import json
  7. import os
  8. import os.path
  9. import shutil
  10. import sqlite3
  11. import tempfile
  12. 

  13. from certificate_requests import *
  14. from paths import *
  15. 

  16. __doc__= """

  17. Define class to interact with certificate requests and Certification Authority
  18. """

  19. 

  20. class CAManager(object):
  21.     """

  22.     Middleware to interact with ssh-keygen
  23.     """

  24.     def __init__(self, path):
  25.         self.path = path
  26.         self.ca = CALookup(self.ssh_ca_dir, self.ssl_ca_dir)
  27. 

  28.     def __enter__(self):
  29.         """

  30.         Enter a context block, connect to database
  31.         """

  32.         self.conn = sqlite3.connect(self.db_path)
  33.         self.ca.conn = self.conn
  34. 

  35.         return self
  36. 

  37.     def __exit__(self, exc_type, exc_value, traceback):
  38.         """

  39.         Exit a context block, disconnect from database
  40.         """

  41.         if exc_type is not None:
  42.             print(exc_type, exc_value)
  43.             print(traceback)
  44. 

  45.         self.ca.conn = None
  46.         self.conn.close()
  47. 

  48.     @property
  49.     def db_path(self):
  50.         return os.path.join(self.path, 'ca_manager.db')
  51. 

  52.     @property
  53.     def ssh_ca_dir(self):
  54.         return os.path.join(self.path, 'ssh_cas')
  55. 

  56.     def _get_ssh_ca_path(self, ca_id):
  57.         cas_dir = self.ssh_ca_dir
  58.         return os.path.join(cas_dir, ca_id)
  59. 

  60.     @property
  61.     def ssl_ca_dir(self):
  62.         return os.path.join(self.path, 'ssl_cas')
  63. 

  64.     def _get_ssl_ca_path(self, ca_id):
  65.         cas_dir = self.ssl_ca_dir
  66.         return os.path.join(cas_dir, ca_id)
  67. 

  68.     def create_ssh_ca(self, ca_id, ca_name):
  69.         """

  70.         Create a new ssh certification authority, insert
  71.         it into the database
  72.         """

  73.         ca_path = self._get_ssh_ca_path(ca_id)
  74. 

  75.         authority = SSHAuthority(ca_id, ca_name, ca_path)
  76. 

  77.         authority.generate()
  78. 

  79.         c = self.conn.cursor()
  80.         c.execute("""INSERT INTO cas VALUES (?, ?, 'ssh')""",
  81.                 (ca_id, ca_name))
  82.         self.conn.commit()
  83. 

  84.     def create_ssl_ca(self, ca_id, ca_name):
  85.         """

  86.         Create a new ssl certification authority, insert
  87.         it into the database
  88.         """

  89.         ca_path = self._get_ssl_ca_path(ca_id)
  90. 

  91.         authority = SSLAuthority(ca_id, ca_name, ca_path)
  92. 

  93.         authority.generate()
  94. 

  95.         c = self.conn.cursor()
  96.         c.execute("""INSERT INTO cas VALUES (?, ?, 'ssl')""",
  97.                 (ca_id, ca_name))
  98.         self.conn.commit()
  99. 

  100.     def get_cas_list(self):
  101.         """

  102.         Get all the certification authorities saved in
  103.         the database
  104.         """

  105.         c = self.conn.cursor()
  106. 

  107.         c.execute("""SELECT id, name, type FROM cas""")
  108. 

  109.         return c.fetchall()
  110. 

  111.     def get_ca(self, ca_id):
  112.         """

  113.         Get a specific certification authority from the database
  114.         """

  115.         c = self.conn.cursor()
  116.         c.execute("""SELECT name, type FROM cas WHERE id = ?""", (ca_id, ))
  117. 

  118.         result = c.fetchone()
  119.         if not result:
  120.             raise ValueError('Unknown CA "%s"'%ca_id)
  121. 

  122.         ca_name, ca_type = result
  123. 

  124.         if ca_type == 'ssh':
  125.             ca_path = self._get_ssh_ca_path(ca_id)
  126.             return SSHAuthority(ca_id, ca_name, ca_path)
  127.         elif ca_type == 'ssl':
  128.             ca_path = self._get_ssl_ca_path(ca_id)
  129.             return SSLAuthority(ca_id, ca_name, ca_path)
  130. 

  131.     def get_requests(self, ca_type=None):
  132. 

  133.         req_objs = []
  134. 

  135.         for request_name in os.listdir(REQUESTS_PATH):
  136.             request_path = os.path.join(REQUESTS_PATH, request_name)
  137. 

  138.             with open(request_path, 'r') as stream:
  139.                 req = json.load(stream)
  140. 

  141.             if ca_type and not req['keyType'].startswith("%s_"%ca_type):
  142.                 continue
  143. 

  144.             if req['keyType'] == 'ssh_user':
  145.                 user_name = req['userName']
  146.                 root_requested = req['rootRequested']
  147.                 key_data = req['keyData']
  148. 

  149.                 req_objs.append(
  150.                         UserSSHRequest(
  151.                             request_name, user_name, root_requested, key_data))
  152.             elif req['keyType'] == 'ssh_host':
  153.                 host_name = req['hostName']
  154.                 key_data = req['keyData']
  155. 

  156.                 req_objs.append(
  157.                         HostSSHRequest(
  158.                             request_name, host_name, key_data))
  159.             elif req['keyType'] == 'ssl_host':
  160.                 host_name = req['hostName']
  161.                 key_data = req['keyData']
  162. 

  163.                 req_objs.append(
  164.                         HostSSLRequest(
  165.                             request_name, host_name, key_data))
  166. 

  167.         return req_objs
  168. 

  169.     def drop_request(self, request):
  170. 

  171.         os.unlink(os.path.join(REQUESTS_PATH, request.req_id))
  172. 

  173. class CALookup(object):
  174.     """

  175.     Proxy to interact with the database, get CA as element or as list
  176.     """

  177.     def __init__(self, ssh_ca_dir, ssl_ca_dir):
  178.         """

  179.         The connection attribute is setted by the CAManager instance
  180.         when used
  181.         """

  182. 

  183.         self.conn = None
  184.         self.ssh_ca_dir = ssh_ca_dir
  185.         self.ssl_ca_dir = ssl_ca_dir
  186. 

  187.     def __iter__(self):
  188.         c = self.conn.cursor()
  189. 

  190.         c.execute("""SELECT id, name, type FROM cas""")
  191. 

  192.         return iter(c.fetchall())
  193. 

  194.     def __delitem__(self, ca_id):
  195.         """

  196.         Delete a specific certification authority from the database
  197.         """

  198.         c = self.conn.cursor()
  199.         c.execute("""DELETE FROM cas WHERE id = ?""", (ca_id, ))
  200. 

  201.     def __getitem__(self, ca_id):
  202.         """

  203.         Get a specific certification authority from the database
  204.         """

  205.         c = self.conn.cursor()
  206.         c.execute("""SELECT name, type FROM cas WHERE id = ?""", (ca_id, ))
  207. 

  208.         result = c.fetchone()
  209.         if not result:
  210.             raise ValueError('Unknown CA "%s"' % ca_id)
  211. 

  212.         ca_name, ca_type = result
  213. 

  214.         if ca_type.lower() == 'ssh':
  215.             return SSHAuthority(ca_id, ca_name, self.ssh_ca_dir)
  216. 

  217.         elif ca_type.lower() == 'ssl':
  218.             return SSLAuthority(ca_id, ca_name, self.ssl_ca_dir)
  219. 

  220.     def __setitem__(self, ca_id, ca_value):
  221.         """

  222.         Create a new certification authority, insert
  223.         it into the database
  224.         """

  225. 

  226. def init_manager(paths):
  227.     """

  228.     Initiate the manager by creating the
  229.     directories to store CAs and requests.
  230. 

  231.     Create a database to store the information
  232.     """

  233.     db_path = os.path.join(paths[0], 'ca_manager.db')
  234. 

  235.     directories = ['ssh_cas', 'ssl_cas']
  236. 

  237.     # ensure the directories needed by CAManager
  238.     # exists
  239.     for dirpath in paths:
  240.         if not os.path.exists(dirpath):
  241.             os.makedirs(dirpath)
  242. 

  243.     # ensure ssh_cas ad ssl_cas directories
  244.     # exists in MANAGER_PATH
  245.     for dirname in directories:
  246.         dirpath = os.path.join(paths[0], dirname)
  247. 

  248.         if not os.path.exists(dirpath):
  249.             os.mkdir(dirpath)
  250. 

  251.     # ensure the database exists
  252.     # in MANAGER_PATH
  253.     if not os.path.exists(db_path):
  254.         conn = sqlite3.connect(db_path)
  255.         c = conn.cursor()
  256.         c.execute("""CREATE TABLE cas (id text, name text, type text)""")
  257.         conn.commit()
  258.         conn.close()
  259. 

  260. def list_cas(ca_manager):
  261.     for ca_id, ca_name, ca_type in ca_manager.get_cas_list():
  262.         print("- [%3s] %-15s (%s)" % (ca_type, ca_id, ca_name))
  263. 

  264. def sign_request(ca_manager, request_name, authority_name):
  265.     request = None
  266. 

  267.     try:
  268.         authority = ca_manager.get_ca(authority_name)
  269.     except IndexError:
  270.         print("Could not find CA '%d'" % choosen_ca)
  271.         return
  272. 

  273.     requests = ca_manager.get_requests()
  274. 

  275.     for i in requests:
  276.         if str(i) == request_name:
  277.             request = i
  278.     if request is None:
  279.         raise(IndexError)
  280. 

  281.     h = hashlib.sha256()
  282.     h.update(request.key_data.encode('utf-8'))
  283.     print("Request hash: %s" % h.hexdigest())
  284. 

  285.     print("You are about to sign this request with the following CA:")
  286.     confirm = input('Proceed? (type yes)> ')
  287.     if confirm != 'yes':
  288.         print ("user aborT")
  289.         return
  290. 

  291.     cert_path = authority.sign(request)
  292.     ca_manager.drop_request(request)
  293. 

  294.     shutil.copy(cert_path, os.path.join(RESULTS_PATH, request.req_id))
  295. 

  296. 

  297. if __name__ == '__main__':
  298.     from ca_shell import CAManagerShell
  299. 

  300.     init_manager([
  301.         MANAGER_PATH,
  302.         REQUESTS_PATH,
  303.         OUTPUT_PATH,
  304.         RESULTS_PATH,
  305.         ])
  306. 

  307. 

  308.     with CAManager(MANAGER_PATH) as ca_manager:
  309. 

  310.         CAManagerShell(ca_manager).cmdloop()