Projet

Général

Profil

Télécharger (6,05 ko) Statistiques
| Branche: | Tag: | Révision:
# -*- coding: utf-8 -*-
#
# This program is a part of the IoTa project.
#
# Copyright © 2012-2013 Université de Caen Basse-Normandie, GREYC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# <http://www.gnu.org/licenses/>
#
# See AUTHORS for a list of contributors.
#
from config import CONFIG
import utils
import installer


class CertConfigurer(installer.Configurer):
def __init__(self):
installer.Configurer.__init__(self, "Certificate and signing key", "cert", [
("Create a new private key/certificate?", "cert", "create_keystore", {"type":"YN"}),
("Enter the keystore file name", "cert", "keystore",
{"unless": ("cert", "create_keystore")}),
("Enter the keystore file name (PKCS#12)", "cert", "p12_keystore",
{"when": ("cert", "create_keystore")}),
("Enter the keystore password", "cert", "password", {}),
("Enter the key/certificate’s principal’s distinguished name (in the form: \"CN=<name>, OU=<unit>, O=<organization>, L=<location>, S=<state>, C=<country>\")",
"cert", "distinguished_name", {"when": ("cert", "create_keystore")}),
("Enter the key/certificate’s alias/name", "cert", "keyalias",
{"when": ("cert", "create_keystore")}),
("Enter the key/certificate’s password (may be empty)", "cert", "keypassword",
{"when": ("cert", "create_keystore")}),
("Export the keystore to JKS?", "cert", "exportkeystore_tojks", {"type":"YN"}),
("Export the keystore to PEM (needed for EpcILoN using ETa, needs openssl)?", "cert", "exportkeystore_topem", {"type":"YN"}),
("Export the private key/certificate (needed for TLS)?", "cert", "create_certfile", {"type":"YN"}),
("Enter the certificate file name", "cert", "certfile",
{"when": ("cert", "create_certfile")}),
("Create truststore with the exported key/certificate?", "cert", "create_truststore", {"type":"YN"}),
("Enter the truststore file name", "cert", "truststore", {}),
("Enter the truststore’s password", "cert", "trustpassword", {}),
("Create truststore in PEM format with the exported key/certificate (needed for EpcILoN using ETa, needs openssl and curl)?", "cert", "create_truststore_pem", {"type":"YN"}),
("Enter the key/certificate’s alias/name for the truststore", "cert", "trust_keyalias",
{"when": ("cert", "create_truststore")}),
("Enter the key/certificate’s password for the truststore (may be empty)", "cert", "trust_keypassword",
{"when": ("cert", "create_truststore")})
])


def postConfigure(self):
if self.cisTrue("create_keystore"):
p12keystore = self.cget("p12_keystore")
utils.execKeytool("Creating the new key/certificate", "-genkeypair", "pkcs12",
self.cget("p12_keystore"), self.cget("password"),
self.cget("keyalias"), self.cget("keypassword"),
[("-dname", self.cget("distinguished_name")),
("-keyalg", "RSA")])
self.cset("keystore", p12keystore)
if self.cisTrue("exportkeystore_tojks"):
jkskeystore = self.cget("keystore").rpartition(".")[0]
jkskeystore += ".jks"
utils.execSrcToDestKeyTool("Convert keystore from PKCS#12 to JKS", "-importkeystore",
"pkcs12", self.cget("keystore"),
self.cget("password"), self.cget("keyalias"),
"jks", jkskeystore,
self.cget("password"), self.cget("keyalias"), [])
self.cset("jks_keystore", jkskeystore)
self.cset("keystore", jkskeystore)
if self.cisTrue("exportkeystore_topem"):
pemkeystore = self.cget("p12_keystore").rpartition(".")[0]
pemkeystore += ".pem"
utils.execSrcToDestOpenssl("Convert keystore from PKCS#12 to PEM", "pkcs12",
self.cget("p12_keystore"), self.cget("password"),
pemkeystore, self.cget("password"), [])
self.cset("pem_keystore", pemkeystore)
if self.cisTrue("create_certfile"):
typekeystore = "jks" if self.cget("keystore").endswith(".jks") else "pkcs12"
utils.execKeytool("Exporting certificate", "-exportcert", typekeystore,
self.cget("keystore"), self.cget("password"),
self.cget("keyalias"), self.cget("keypassword"),
[("-file", self.cget("certfile"))])
if self.cisTrue("create_truststore"):
utils.execKeytool("Creating truststore", "-importcert", "jks",
self.cget("truststore"), self.cget("trustpassword"),
self.cget("trust_keyalias"), self.cget("trust_keypassword"),
[("-file", self.cget("certfile")), ("-noprompt", "")])
if self.cisTrue("create_truststore_pem"):
pemtruststore = self.cget("truststore").rpartition(".")[0]
pemtruststore += ".pem"
utils.execOpenssl("Creating truststore in PEM format", "x509",
[("-inform", "DES"),
("-in", self.cget("certfile")),
("-out", pemtruststore) ])
self.cset("pem_truststore", pemtruststore)
(4-4/29)