You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 lines
3.0 KiB
135 lines
3.0 KiB
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
|
|
import cmd
|
|
import hashlib
|
|
import json
|
|
import os
|
|
import os.path
|
|
import shutil
|
|
import tempfile
|
|
|
|
from peewee import *
|
|
|
|
from lookup import CALookup, RequestLookup, CertificateLookup
|
|
|
|
from models.ssh import SSHAuthority
|
|
from models.ssl import SSLAuthority
|
|
from models.certificate import Certificate
|
|
|
|
from paths import *
|
|
|
|
__doc__= """
|
|
Define classes to interact with certificate requests and Certification Authority
|
|
"""
|
|
|
|
db = SqliteDatabase(os.path.join(MANAGER_PATH, 'ca_manager.db'))
|
|
|
|
class CAManager(object):
|
|
"""
|
|
Middleware to interact with ssh-keygen
|
|
"""
|
|
|
|
def __init__(self, path):
|
|
self.path = path
|
|
|
|
self.ca = CALookup()
|
|
self.request = RequestLookup()
|
|
self.certificate = CertificateLookup()
|
|
|
|
@property
|
|
def db_path(self):
|
|
return os.path.join(self.path, 'ca_manager.db')
|
|
|
|
@property
|
|
def ssh_ca_dir(self):
|
|
return os.path.join(self.path, 'ssh_cas')
|
|
|
|
@property
|
|
def ssl_ca_dir(self):
|
|
return os.path.join(self.path, 'ssl_cas')
|
|
|
|
def init_manager(paths):
|
|
"""
|
|
Initiate the manager by creating the
|
|
directories to store CAs and requests.
|
|
|
|
Create a database to store the information
|
|
"""
|
|
directories = ['ssh_cas', 'ssl_cas', ]
|
|
|
|
# ensure the directories needed by CAManager
|
|
# exists
|
|
for dirpath in paths:
|
|
if not os.path.exists(dirpath):
|
|
os.makedirs(dirpath)
|
|
|
|
# ensure ssh_cas ad ssl_cas directories
|
|
# exists in MANAGER_PATH
|
|
for dirname in directories:
|
|
dirpath = os.path.join(paths[0], dirname)
|
|
|
|
if not os.path.exists(dirpath):
|
|
os.mkdir(dirpath)
|
|
|
|
# ensure the database exists
|
|
# in MANAGER_PATH and create the
|
|
# tables for Authority and Certificate
|
|
db.connect()
|
|
|
|
models_required = [
|
|
SSHAuthority,
|
|
SSLAuthority,
|
|
Certificate,
|
|
]
|
|
|
|
db.create_tables(
|
|
models_required,
|
|
safe = True,
|
|
)
|
|
|
|
def sign_request(ca_manager, request_id, authority_id):
|
|
|
|
authority, request = None, None
|
|
|
|
try:
|
|
authority = ca_manager.ca[authority_id]
|
|
except IndexError:
|
|
print("Could not find CA '%d'" % authority_id)
|
|
return
|
|
|
|
try:
|
|
request = ca_manager.request[request_id]
|
|
except IndexError:
|
|
print("Could not find request '%d'" % request_id)
|
|
|
|
h = hashlib.sha256()
|
|
h.update(request.key_data.encode('utf-8'))
|
|
print("Request hash: %s" % h.hexdigest())
|
|
|
|
print("You are about to sign this request with the following CA:")
|
|
confirm = input('Proceed? (type yes)> ')
|
|
if confirm != 'yes':
|
|
print ("user abort")
|
|
return
|
|
|
|
cert_path = authority.sign(request)
|
|
del ca_manager.request[request_id]
|
|
|
|
shutil.copy(cert_path, os.path.join(RESULTS_PATH, request.req_id))
|
|
|
|
|
|
if __name__ == '__main__':
|
|
from shell import CAManagerShell
|
|
|
|
init_manager([
|
|
MANAGER_PATH,
|
|
REQUESTS_PATH,
|
|
OUTPUT_PATH,
|
|
RESULTS_PATH,
|
|
])
|
|
|
|
|
|
ca_manager = CAManager(MANAGER_PATH)
|
|
|
|
CAManagerShell(ca_manager).cmdloop()
|