Révision bf9c3717
Ajouté par Remy Menard il y a environ 11 ans
| IoTa-Installer/lib/cert.py | ||
|---|---|---|
|
def __init__(self):
|
||
|
installer.Configurer.__init__(self, "Certificate and signing key", "cert", [
|
||
|
("Create a new private key/certificate?", "cert", "create_keystore", {"type":"YN"}),
|
||
|
("Enter the keystore file name", "cert", "keystore", {}),
|
||
|
("Enter the keystore file name", "cert", "keystore",
|
||
|
{"unless": ("cert", "create_keystore")}),
|
||
|
("Enter the keystore file name (PKCS#12)", "cert", "p12_keystore",
|
||
|
{"when": ("cert", "create_keystore")}),
|
||
|
("Enter the keystore password", "cert", "password", {}),
|
||
|
("Enter the key/certificate’s principal’s distinguished name (in the form: \"CN=<name>, OU=<unit>, O=<organization>, L=<location>, S=<state>, C=<country>\")",
|
||
|
"cert", "distinguished_name", {"when": ("cert", "create_keystore")}),
|
||
| ... | ... | |
|
("Enter the key/certificate’s password (may be empty)", "cert", "keypassword",
|
||
|
{"when": ("cert", "create_keystore")}),
|
||
|
("Export the keystore to JKS?", "cert", "exportkeystore_tojks", {"type":"YN"}),
|
||
|
("Export the private key/certificate (needed fort TLS)?", "cert", "create_certfile", {"type":"YN"}),
|
||
|
("Export the keystore to PEM (needed for EpcILoN using ETa, needs openssl)?", "cert", "exportkeystore_topem", {"type":"YN"}),
|
||
|
("Export the private key/certificate (needed for TLS)?", "cert", "create_certfile", {"type":"YN"}),
|
||
|
("Enter the certificate file name", "cert", "certfile",
|
||
|
{"when": ("cert", "create_certfile")}),
|
||
|
("Create truststore with the exported key/certificate?", "cert", "create_truststore", {"type":"YN"}),
|
||
|
("Enter the truststore file name", "cert", "truststore",
|
||
|
{"when": ("cert", "create_truststore")}),
|
||
|
("Enter the truststore’s password", "cert", "trustpassword",
|
||
|
{"when": ("cert", "create_truststore")}),
|
||
|
("Enter the truststore file name", "cert", "truststore", {}),
|
||
|
("Enter the truststore’s password", "cert", "trustpassword", {}),
|
||
|
("Create truststore in PEM format with the exported key/certificate (needed for EpcILoN using ETa, needs openssl and curl)?", "cert", "create_truststore_pem", {"type":"YN"}),
|
||
|
("Enter the key/certificate’s alias/name for the truststore", "cert", "trust_keyalias",
|
||
|
{"when": ("cert", "create_truststore")}),
|
||
|
("Enter the key/certificate’s password for the truststore (may be empty)", "cert", "trust_keypassword",
|
||
| ... | ... | |
|
|
||
|
def postConfigure(self):
|
||
|
if self.cisTrue("create_keystore"):
|
||
|
p12keystore = self.cget("p12_keystore")
|
||
|
utils.execKeytool("Creating the new key/certificate", "-genkeypair", "pkcs12",
|
||
|
self.cget("keystore"), self.cget("password"),
|
||
|
self.cget("p12_keystore"), self.cget("password"),
|
||
|
self.cget("keyalias"), self.cget("keypassword"),
|
||
|
[("-dname", self.cget("distinguished_name")),
|
||
|
("-keyalg", "RSA")])
|
||
|
self.cset("keystore", p12keystore)
|
||
|
if self.cisTrue("exportkeystore_tojks"):
|
||
|
jkskeystore = self.cget("keystore").rpartition(".")[0]
|
||
|
jkskeystore += ".jks"
|
||
|
self.cset("jks_keystore", jkskeystore)
|
||
|
utils.execSrcToDestKeyTool("Convert keystore type from PKCS#12 to JKS", "-importkeystore",
|
||
|
utils.execSrcToDestKeyTool("Convert keystore from PKCS#12 to JKS", "-importkeystore",
|
||
|
"pkcs12", self.cget("keystore"),
|
||
|
self.cget("password"), self.cget("keyalias"),
|
||
|
"jks", jkskeystore,
|
||
|
self.cget("password"), self.cget("keyalias"), [])
|
||
|
self.cset("jks_keystore", jkskeystore)
|
||
|
self.cset("keystore", jkskeystore)
|
||
|
if self.cisTrue("exportkeystore_topem"):
|
||
|
pemkeystore = self.cget("p12_keystore").rpartition(".")[0]
|
||
|
pemkeystore += ".pem"
|
||
|
utils.execSrcToDestOpenssl("Convert keystore from PKCS#12 to PEM", "pkcs12",
|
||
|
self.cget("p12_keystore"), self.cget("password"),
|
||
|
pemkeystore, self.cget("password"), [])
|
||
|
self.cset("pem_keystore", pemkeystore)
|
||
|
if self.cisTrue("create_certfile"):
|
||
|
utils.execKeytool("Exporting certificate", "-exportcert", "pkcs12",
|
||
|
typekeystore = "jks" if self.cget("keystore").endswith(".jks") else "pkcs12"
|
||
|
utils.execKeytool("Exporting certificate", "-exportcert", type,
|
||
|
self.cget("keystore"), self.cget("password"),
|
||
|
self.cget("keyalias"), self.cget("keypassword"),
|
||
|
[("-file", self.cget("certfile"))])
|
||
| ... | ... | |
|
self.cget("truststore"), self.cget("trustpassword"),
|
||
|
self.cget("trust_keyalias"), self.cget("trust_keypassword"),
|
||
|
[("-file", self.cget("certfile")), ("-noprompt", "")])
|
||
|
if self.cisTrue("create_truststore_pem"):
|
||
|
pemtruststore = self.cget("truststore").rpartition(".")[0]
|
||
|
pemtruststore += ".pem"
|
||
|
utils.execOpenssl("Creating truststore in PEM format", "x509",
|
||
|
[("-inform", "DES"),
|
||
|
("-in", self.cget("certfile")),
|
||
|
("-out", pemtruststore) ])
|
||
|
self.cset("pem_truststore", pemtruststore)
|
||
Formats disponibles : Unified diff
Version 1.99
- a few bugs fixed!
- new testing application to capture events
- new options to the command line to configure the public/private keys
for TLS and for signature
- new method more accurate than "traceEPC": the events are sorted by
EPCIS
- New options added to the command line
- user can be identified by alias, if the DN of his certificate is
incompatible with the LDAP directory
- new shell script to configure the LDAP directory (same
functionnalities as IoTa-Installer)
- installs and configures LaMBDa
- finer certificate mangagement
- EpcILoN correctly subscribe with TLS to ETa
- new figure for LaMBDa
- shows data flows between PHI and YPSilon
- sets DS and DSeTa in different schemas