LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 Commits
7 Branches
218 KiB
Tree: cb87b9e698
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cb87b9e698'
${ noResults }
ca_manager/ca_manager.py

232 lines
6.2 KiB
Raw Normal View History

Initial commit.
9 years ago
implement CAManager shell with python cmd shell
8 years ago
Initial commit.
9 years ago
implement CAManager shell with python cmd shell
8 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
move out certificates and authority classes from ca_manager
8 years ago
remove global variables from ca_manager
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
add documentation to CAManager methods
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add documentation to CAManager methods
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
-Add slash's code for ssh_host key support -Add cli argument to request-server.py to let non interactive ssh session works
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
document what init_manager does
8 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
add support for ssl
8 years ago
handle multiple directory creation
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
Initial commit.
9 years ago
add support for ssl
8 years ago
Initial commit.
9 years ago
document what init_manager does
8 years ago
Initial commit.
9 years ago
change sing_request signature, adapt authority search
8 years ago
Initial commit.
9 years ago
change sing_request signature, adapt authority search
8 years ago
Initial commit.
9 years ago
change sing_request signature, adapt authority search
8 years ago
Initial commit.
9 years ago
adapt request handling for new sign_request
8 years ago
Initial commit.
9 years ago
adapt request handling for new sign_request
8 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
Added request_server.
9 years ago
Initial commit.
9 years ago
 
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. 

  4. import cmd
  5. import hashlib
  6. import json
  7. import os
  8. import os.path
  9. import shutil
  10. import sqlite3
  11. import subprocess
  12. import tempfile
  13. 

  14. from certificate_requests import *
  15. from paths import *
  16. 

  17. 

  18. 

  19. class CAManager(object):
  20.     """

  21.     Middleware to interact with ssh-keygen
  22.     """

  23.     def __init__(self, path):
  24.         self.path = path
  25. 

  26.     def __enter__(self):
  27.         """

  28.         Enter a context block, connect to database
  29.         """

  30.         self.conn = sqlite3.connect(self._get_db_path())
  31. 

  32.         return self
  33. 

  34.     def __exit__(self, exc_type, exc_value, traceback):
  35.         """

  36.         Exit a context block, disconnect from database
  37.         """

  38.         if exc_type is not None:
  39.             print(exc_type, exc_value)
  40.             print(traceback)
  41. 

  42.         self.conn.close()
  43. 

  44.     def _get_db_path(self):
  45.         return os.path.join(self.path, 'ca_manager.db')
  46. 

  47.     def _get_ssh_cas_dir(self):
  48.         return os.path.join(self.path, 'ssh_cas')
  49. 

  50.     def _get_ssh_ca_path(self, ca_id):
  51.         cas_dir = self._get_ssh_cas_dir()
  52.         return os.path.join(cas_dir, ca_id)
  53. 

  54.     def _get_ssl_cas_dir(self):
  55.         return os.path.join(self.path, 'ssl_cas')
  56. 

  57.     def _get_ssl_ca_path(self, ca_id):
  58.         cas_dir = self._get_ssl_cas_dir()
  59.         return os.path.join(cas_dir, ca_id)
  60. 

  61.     def create_ssh_ca(self, ca_id, ca_name):
  62.         """

  63.         Create a new ssh certification authority, insert
  64.         it into the database
  65.         """

  66.         ca_path = self._get_ssh_ca_path(ca_id)
  67. 

  68.         authority = SSHAuthority(ca_id, ca_name, ca_path)
  69. 

  70.         authority.generate()
  71. 

  72.         c = self.conn.cursor()
  73.         c.execute("""INSERT INTO cas VALUES (?, ?, 'ssh')""",
  74.                 (ca_id, ca_name))
  75.         self.conn.commit()
  76. 

  77.     def create_ssl_ca(self, ca_id, ca_name):
  78.         """

  79.         Create a new ssl certification authority, insert
  80.         it into the database
  81.         """

  82.         ca_path = self._get_ssl_ca_path(ca_id)
  83. 

  84.         authority = SSLAuthority(ca_id, ca_name, ca_path)
  85. 

  86.         authority.generate()
  87. 

  88.         c = self.conn.cursor()
  89.         c.execute("""INSERT INTO cas VALUES (?, ?, 'ssl')""",
  90.                 (ca_id, ca_name))
  91.         self.conn.commit()
  92. 

  93.     def get_cas_list(self):
  94.         """

  95.         Get all the certification authorities saved in
  96.         the database
  97.         """

  98.         c = self.conn.cursor()
  99. 

  100.         c.execute("""SELECT id, name, type FROM cas""")
  101. 

  102.         return c.fetchall()
  103. 

  104.     def get_ca(self, ca_id):
  105.         """

  106.         Get a specific certification authority from the database
  107.         """

  108.         c = self.conn.cursor()
  109.         c.execute("""SELECT name, type FROM cas WHERE id = ?""", (ca_id, ))
  110. 

  111.         ca_name, ca_type = c.fetchone()
  112. 

  113.         if ca_type == 'ssh':
  114.             ca_path = self._get_ssh_ca_path(ca_id)
  115.             return SSHAuthority(ca_id, ca_name, ca_path)
  116.         elif ca_type == 'ssl':
  117.             ca_path = self._get_ssl_ca_path(ca_id)
  118.             return SSLAuthority(ca_id, ca_name, ca_path)
  119. 

  120.     def get_requests(self):
  121. 

  122.         req_objs = []
  123. 

  124.         for request_name in os.listdir(REQUESTS_PATH):
  125.             request_path = os.path.join(REQUESTS_PATH, request_name)
  126. 

  127.             with open(request_path, 'r') as stream:
  128.                 req = json.load(stream)
  129. 

  130.             if req['keyType'] == 'ssh_user':
  131.                 user_name = req['userName']
  132.                 root_requested = req['rootRequested']
  133.                 key_data = req['keyData']
  134. 

  135.                 req_objs.append(
  136.                         UserSSHRequest(
  137.                             request_name, user_name, root_requested, key_data))
  138.             elif req['keyType'] == 'ssh_host':
  139.                 host_name = req['hostName']
  140.                 key_data = req['keyData']
  141. 

  142.                 req_objs.append(
  143.                         HostSSHRequest(
  144.                             request_name, host_name, key_data))
  145.             elif req['keyType'] == 'ssl_host':
  146.                 host_name = req['hostName']
  147.                 key_data = req['keyData']
  148. 

  149.                 req_objs.append(
  150.                         HostSSLRequest(
  151.                             request_name, host_name, key_data))
  152. 

  153.         return req_objs
  154. 

  155.     def drop_request(self, request):
  156. 

  157.         os.unlink(os.path.join(REQUESTS_PATH, request.req_id))
  158. 

  159. 

  160. def init_manager(paths):
  161.     """

  162.     Initiate the manager by creating the
  163.     directories to store CAs and requests.
  164. 

  165.     Create a database to store the information
  166.     """

  167.     db_path = os.path.join(paths[0], 'ca_manager.db')
  168. 

  169.     directories = ['ssh_cas', 'ssl_cas']
  170. 

  171.     # ensure the directories needed by CAManager
  172.     # exists
  173.     for dirpath in paths:
  174.         if not os.path.exists(dirpath):
  175.             os.makedirs(dirpath)
  176. 

  177.     # ensure ssh_cas ad ssl_cas directories
  178.     # exists in MANAGER_PATH
  179.     for dirname in directories:
  180.         dirpath = os.path.join(paths[0], dirname)
  181. 

  182.         if not os.path.exists(dirpath):
  183.             os.mkdir(dirpath)
  184. 

  185.     # ensure the database exists
  186.     # in MANAGER_PATH
  187.     if not os.path.exists(db_path):
  188.         conn = sqlite3.connect(db_path)
  189.         c = conn.cursor()
  190.         c.execute("""CREATE TABLE cas (id text, name text, type text)""")
  191.         conn.commit()
  192.         conn.close()
  193. 

  194. def list_cas(ca_manager):
  195.     for ca_id, ca_name, ca_type in ca_manager.get_cas_list():
  196.         print("- [%3s] %-15s (%s)" % (ca_type, ca_id, ca_name))
  197. 

  198. def sign_request(ca_manager, choosen_request, choosen_ca):
  199. 

  200.     authorities = ca_manager.get_cas_list()
  201. 

  202.     try:
  203.         ca_selection = int(choosen_ca)
  204.         (authority_id, authority_name, authority_type) = authorities[ca_selection]
  205.         authority = ca_manager.get_ca(authority_name)
  206.     except IndexError:
  207.         print("Could not find CA '%d'" % choosen_ca)
  208.         return
  209. 

  210.     requests = ca_manager.get_requests()
  211. 

  212.     try:
  213.         req_selection = int(choosen_request)
  214.         request = requests[req_selection]
  215.     except IndexError:
  216.         return
  217. 

  218.     h = hashlib.sha256()
  219.     h.update(request.key_data.encode('utf-8'))
  220.     print("Request hash: %s" % h.hexdigest())
  221. 

  222.     print("You are about to sign this request with the following CA:")
  223.     print("- %s (%s)" % (authority.ca_id, authority.name))
  224. 

  225.     cert_path = authority.sign(request)
  226.     ca_manager.drop_request(request)
  227. 

  228.     shutil.copy(cert_path, os.path.join(RESULTS_PATH, request.req_id))
  229. 

  230. 

  231. if __name__ == '__main__':
  232.     main()