|
|
|
|
|
Ssl
Action : jss.ssl (Category : jss, Name : ssl, By : kikonf)
Complete Name : jss.ssl.by.kikonf Version : 5.0 License : Modified BSD License Purpose of the jss category : Easy to customize. This category use in background the Java Keytools ® command to create and configure SSL JKS keystores (keys, certificates and PKCS12 keys). You can use it to manage your JKS keystores, keys and csr requests. Purpose of this ssl plugin : Manages Java SSL keystore and certficates The following shows the main Source Code File for the Action : jss.ssl Toggle lines
## Copyright (c) 2008, Patrick Germain Placidoux
## All rights reserved.
##
## This file is part of Kiko Public Software.
##
## Kiko Public Software is released under the modified BSD License,
## which should accompany it or any part of it in the file "COPYING".
## If you do not have this file you can access the license
## through the WWW at http://www.kickconf.com/license/bsd/license.txt.
##
## Home: http://www.kickconf.com
## Contact: kickconf@gmx.com
from actions.jss.tools import *
class Ssl(jssAction):
def inject(self):
self_funct='inject'
# Get top nodes
ssl_node = self.getTop()
ssl_attrs = ssl_node.getAttrs()
self.verbose(name=ssl_attrs.name, dir=ssl_attrs.dir)
from os import path
indent=self.getIndent() + 3*' '
## Clearing Variables
doc=dop12=False
# Cert infos
cert_label=None
cert_format=None
cert_path=None
# p12 infos
p12_kname=None
p12_kpassword=None
p12_password=None
p12_expire=None
p12_alg=None
p12_dn=None
p12_label=None
cert_attrs = None
if ssl_node.hasNode('cert'):
cert_attrs = ssl_node.getNode('cert')[0].getAttrs()
p12_attrs = None
if ssl_node.hasNode('p12'):
p12_attrs = ssl_node.getNode('p12')[0].getAttrs()
## Feeding Variables
# keystore infos
dir=ssl_attrs.dir
name=ssl_attrs.name
password=ssl_attrs.password
expire=ssl_attrs.expire
# - Required Self Sign Certificate infos
sclabel=ssl_attrs.sclabel
scpath=path.realpath(path.normpath(dir + '/' + ssl_attrs.scfile))
scpassword=ssl_attrs.scpassword
scexpire=ssl_attrs.scexpire
scalg=ssl_attrs.scalg
scdn=ssl_attrs.scdn
scsize=ssl_attrs.scsize
# Cert infos
if cert_attrs != None:
doc=True
cert_label=cert_attrs.label
cert_format=cert_attrs.format
cert_path=path.realpath(path.normpath(dir + '/' + cert_attrs.file))
# P12 infos
if p12_attrs != None:
dop12=True
p12_kname=p12_attrs.name
p12_kpassword=p12_attrs.kpassword
p12_password=p12_attrs.password
p12_expire=p12_attrs.expire
p12_dn=p12_attrs.dn
p12_label=p12_attrs.label
p12_alg=p12_attrs.alg
## Checks ##
if not path.isdir(dir):raise xception.kikonfActionSystemException(self, self_funct, 'The keystore directory: ' + dir + ' should exist !')
## Call
self.mkSslKeys(dir, name,
expire=expire, password=password,
sclabel=sclabel, scpath=scpath, scpassword=scpassword, scexpire=scexpire, scalg=scalg, scdn=scdn,
scsize=scsize,
doc=doc, cert_label=cert_label, cert_format=cert_format, cert_path=cert_path,
dop12=dop12, p12_kname=p12_kname, p12_kpassword=p12_kpassword, p12_password=p12_password, p12_expire=p12_expire, p12_alg=p12_alg, p12_dn=p12_dn, p12_label=p12_label,
indent=indent
)
def mkSslKeys(self, dir, name,
expire=0, password=None,
sclabel=None, scpath=None, scpassword=None, scexpire=0, scalg=None, scdn=None,
scsize=0,
doc=False, cert_label=None, cert_format=None, cert_path=None,
dop12=False, p12_kname=None, p12_kpassword=None, p12_password=None, p12_expire=0, p12_alg=None, p12_dn=None, p12_label=None,
indent=''
):
self_funct='mkSslKeys'
from os import path
doPrint=False
if self.getVerbose()>=5:doPrint=True
kpath=path.realpath(path.normpath(dir + '/' + name + '.jks'))
keytool_cde = '\"' + path.realpath(path.normpath(self.getCAttr('software_jss_home') + '/bin/keytool' + self.getBinarySufix())) + '\"'
if not path.isfile(kpath):
verbose('keystore and Self Sign Certificate at:' + kpath + ' creating.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
## Creating keystore and Self sig 509 cert
cde=keytool_cde + ' -genkey -dname ' + scdn + ' -alias ' + sclabel + ' -keystore ' + kpath + ' -storepass ' + password + ' -keypass ' + scpassword + ' -keyalg ' + scalg + ' -validity ' + str(scexpire)
#-- Infos:
# -keyalg dft sha1, md5/sha1/sha224/sha256/sha384/sha512
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Creating the keytsore !')
verbose('keystore and Self Sign Certificate at:' + kpath + ' created.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
## Extracting Self Sign cert
verbose('Self Sign Certificate: ' + sclabel + ' extracting.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
cde=keytool_cde + ' -export -alias ' + sclabel + ' -keystore ' + kpath + ' -storepass ' + password + ' -keypass ' + scpassword + ' -file ' + scpath + ' -rfc'
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Extracting the Self Sign Certificate !')
verbose('Self Sign Certificate: ' + sclabel + ' extracted.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
else:
verbose('Pre-existing keytstore at:' + kpath + ' retreived.\n', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
## Receiving the personal Cert
if doc:
if not path.isfile(cert_path):raise xception.kikonfActionSystemException(self, self_funct, 'Unable to find the Certificate file at:' + cert_path + ' please check your action file !')
verbose('Certificate:' + cert_path + ' receiving.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
cde=keytool_cde + ' -import -noprompt -trustcacerts -alias ' + cert_label + ' -file ' + cert_path + ' -keystore ' + kpath + ' -storepass ' + password
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed receiving Certificate into keytsore !')
verbose('Certificate:' + cert_path + ' received.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
## PKCS12 cert
if dop12:
p12_kpath=path.realpath(path.normpath(dir + '/' + p12_kname + '.p12'))
p12_cpath=path.realpath(path.normpath(dir + '/' + p12_label + '.cert'))
verbose('PKCS12 Keystore: ' + p12_kpath + ' creating.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
cde=keytool_cde + ' -v -genkey -dname ' + p12_dn + ' -alias ' + p12_label + ' -keystore ' + p12_kpath + ' -storepass ' + p12_kpassword + ' -keypass ' + p12_password + ' -keyalg ' + p12_alg + ' -validity ' + str(p12_expire) + ' -storetype PKCS12'
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Creating PKCS12 key !')
verbose('PKCS12 Keystore: ' + p12_kpath + ' created.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
verbose('PKCS12 Certicate: ' + p12_cpath + ' exporting.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
cde=keytool_cde + ' -export -alias ' + p12_label + ' -keystore ' + p12_kpath + ' -storepass ' + p12_kpassword + ' -storetype PKCS12 -rfc -file ' + p12_cpath
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Exporting PKCS12 Certificate !')
verbose('PKCS12 Certicate: ' + p12_cpath + ' exported.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
verbose('PKCS12 Certicate: ' + p12_cpath + ' importing.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
cde=keytool_cde + ' -import -noprompt -alias ' + p12_label + ' -file ' + p12_cpath + ' -keystore ' + kpath + ' -storepass ' + password
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Importing PKCS12 Certificate !')
verbose('PKCS12 Certicate: ' + p12_cpath + ' imported.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
if self.getVerbose()>=4:
verbose('Keystore: ' + kpath + ' listing.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
cde=keytool_cde + ' -list' + ' -keystore ' + kpath + ' -storepass ' + password
# exec:
ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
if verbose>=5:
print stdout
print sdterr
print
if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed listing keystore !')
verbose('Keystore: ' + kpath + ' listed.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
def getBinarySufix(self):
if getOsType()=='windows':sufix='.exe'
else:sufix='.sh'
return sufix
def verbose(self, name=None, dir=None):
verbose('JSSE keysStore:' + name + ', at path:' + str(dir) + '.', level=self.getVerbose(), ifLevel=2, indent=self.getIndent(), logFile=self.getLogFile())
Trademarks :
|
