cle_clock
Home > wikikonf >  jss/actions/by kikonf > ssl







Ssl

print

Action : jss.ssl   (Category : jss, Name : ssl, By : kikonf)
Complete Name : jss.ssl.by.kikonf
Version : 5.0        License : Modified BSD License

Purpose of the jss category :
Easy to customize. This category use in background the Java Keytools command to create and configure SSL JKS keystores (keys, certificates and PKCS12 keys).
You can use it to manage your JKS keystores, keys and csr requests.

Purpose of this ssl plugin : Manages Java SSL keystore and certficates

The following shows the main Source Code File for the Action : jss.ssl

Toggle lines
##  Copyright (c) 2008, Patrick Germain Placidoux
##  All rights reserved.
##
##  This file is part of Kiko Public Software.
##
##  Kiko Public Software is released under the modified BSD License,
##  which should accompany it or any part of it in the file "COPYING".
##  If you do not have this file you can access the license 
##  through the WWW at http://www.kickconf.com/license/bsd/license.txt.
## 
##  Home: http://www.kickconf.com
##  Contact: kickconf@gmx.com



from actions.jss.tools import *



class Ssl(jssAction):

    def inject(self):
        self_funct='inject'
        # Get top nodes
        ssl_node = self.getTop()        
        ssl_attrs = ssl_node.getAttrs()      

        self.verbose(name=ssl_attrs.name, dir=ssl_attrs.dir)
        from os import path
        indent=self.getIndent() + 3*' '

        ## Clearing Variables
        doc=dop12=False

        # Cert infos
        cert_label=None
        cert_format=None
        cert_path=None
        
        # p12 infos
        p12_kname=None
        p12_kpassword=None
        p12_password=None
        p12_expire=None
        p12_alg=None
        p12_dn=None        
        p12_label=None        
     
        cert_attrs = None
        if ssl_node.hasNode('cert'):
            cert_attrs = ssl_node.getNode('cert')[0].getAttrs()
            
        p12_attrs = None
        if ssl_node.hasNode('p12'):
            p12_attrs = ssl_node.getNode('p12')[0].getAttrs()

        ## Feeding Variables
        # keystore infos
        dir=ssl_attrs.dir
        name=ssl_attrs.name
        password=ssl_attrs.password
        expire=ssl_attrs.expire
        # - Required Self Sign Certificate infos
        sclabel=ssl_attrs.sclabel
        scpath=path.realpath(path.normpath(dir + '/' + ssl_attrs.scfile))
        scpassword=ssl_attrs.scpassword
        scexpire=ssl_attrs.scexpire
        scalg=ssl_attrs.scalg                
        scdn=ssl_attrs.scdn
        scsize=ssl_attrs.scsize

        # Cert infos
        if cert_attrs != None:
            doc=True
            cert_label=cert_attrs.label
            cert_format=cert_attrs.format
            cert_path=path.realpath(path.normpath(dir + '/' + cert_attrs.file))
        
        # P12 infos
        if p12_attrs != None:
            dop12=True
            p12_kname=p12_attrs.name
            p12_kpassword=p12_attrs.kpassword
            p12_password=p12_attrs.password
            p12_expire=p12_attrs.expire
            p12_dn=p12_attrs.dn
            p12_label=p12_attrs.label
            p12_alg=p12_attrs.alg
           
        ## Checks ##
        if not path.isdir(dir):raise xception.kikonfActionSystemException(self, self_funct, 'The keystore directory: ' + dir + ' should exist !')

        ## Call
        self.mkSslKeys(dir, name,
                    expire=expire, password=password,
                    sclabel=sclabel, scpath=scpath, scpassword=scpassword, scexpire=scexpire, scalg=scalg, scdn=scdn,
                    scsize=scsize,
                    doc=doc, cert_label=cert_label, cert_format=cert_format, cert_path=cert_path,
                    dop12=dop12, p12_kname=p12_kname, p12_kpassword=p12_kpassword, p12_password=p12_password, p12_expire=p12_expire, p12_alg=p12_alg, p12_dn=p12_dn, p12_label=p12_label,
                    indent=indent
            )

    def mkSslKeys(self, dir, name,
                        expire=0, password=None,
                        sclabel=None, scpath=None, scpassword=None, scexpire=0, scalg=None, scdn=None, 
                        scsize=0,
                        doc=False, cert_label=None, cert_format=None, cert_path=None,                        
                        dop12=False, p12_kname=None, p12_kpassword=None, p12_password=None, p12_expire=0, p12_alg=None, p12_dn=None, p12_label=None,
                        indent=''
                ):                

        self_funct='mkSslKeys'
        from os import path
        doPrint=False
        if self.getVerbose()>=5:doPrint=True
        kpath=path.realpath(path.normpath(dir + '/' + name + '.jks'))
        keytool_cde = '\"' + path.realpath(path.normpath(self.getCAttr('software_jss_home') + '/bin/keytool' + self.getBinarySufix())) + '\"'

    
        if not path.isfile(kpath):                    
            verbose('keystore and Self Sign Certificate at:' + kpath + ' creating.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
            
            ## Creating keystore and Self sig 509 cert
            cde=keytool_cde + ' -genkey -dname ' + scdn + ' -alias ' + sclabel + ' -keystore ' + kpath + ' -storepass ' + password + ' -keypass ' + scpassword + ' -keyalg ' + scalg + ' -validity ' + str(scexpire)

            #-- Infos:
            # -keyalg dft sha1, md5/sha1/sha224/sha256/sha384/sha512

            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Creating the keytsore !')
            verbose('keystore and Self Sign Certificate at:' + kpath + ' created.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
            
            ## Extracting Self Sign cert
            verbose('Self Sign Certificate: ' + sclabel + ' extracting.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
            cde=keytool_cde + ' -export -alias ' + sclabel + ' -keystore ' + kpath + ' -storepass ' + password + ' -keypass ' + scpassword + ' -file ' + scpath + ' -rfc'
            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Extracting the Self Sign Certificate !')
            verbose('Self Sign Certificate: ' + sclabel + ' extracted.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
          
        else:
            verbose('Pre-existing keytstore at:' + kpath + ' retreived.\n', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())


        ## Receiving the personal Cert
        if doc:
        
            if not path.isfile(cert_path):raise xception.kikonfActionSystemException(self, self_funct, 'Unable to find the Certificate file at:' + cert_path + ' please check  your action file !')
            
            verbose('Certificate:' + cert_path + ' receiving.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
            cde=keytool_cde + ' -import -noprompt -trustcacerts -alias ' + cert_label + ' -file ' + cert_path + ' -keystore ' + kpath + ' -storepass ' + password
            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed receiving Certificate into keytsore !')
            verbose('Certificate:' + cert_path + ' received.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())


        ## PKCS12 cert
        if dop12:
            p12_kpath=path.realpath(path.normpath(dir + '/' + p12_kname + '.p12'))
            p12_cpath=path.realpath(path.normpath(dir + '/' + p12_label + '.cert'))
        
            verbose('PKCS12 Keystore: ' + p12_kpath + ' creating.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
            cde=keytool_cde + ' -v -genkey -dname ' + p12_dn + ' -alias ' + p12_label + ' -keystore ' + p12_kpath + ' -storepass ' + p12_kpassword + ' -keypass ' + p12_password + ' -keyalg ' + p12_alg + ' -validity ' + str(p12_expire) + ' -storetype PKCS12'
            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Creating PKCS12 key !')
            verbose('PKCS12 Keystore: ' + p12_kpath + ' created.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())        

            verbose('PKCS12 Certicate: ' + p12_cpath + ' exporting.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())            
            cde=keytool_cde + ' -export -alias ' + p12_label + ' -keystore ' + p12_kpath + ' -storepass ' + p12_kpassword + ' -storetype PKCS12 -rfc -file ' + p12_cpath
            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Exporting PKCS12 Certificate !')
            verbose('PKCS12 Certicate: ' + p12_cpath + ' exported.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())        
            
            verbose('PKCS12 Certicate: ' + p12_cpath + ' importing.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
            cde=keytool_cde + '  -import -noprompt -alias ' + p12_label + ' -file ' + p12_cpath + ' -keystore ' + kpath + ' -storepass ' + password
            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed Importing PKCS12 Certificate !')
            verbose('PKCS12 Certicate: ' + p12_cpath + ' imported.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())            

        if self.getVerbose()>=4:
            verbose('Keystore: ' + kpath + ' listing.', level=self.getVerbose(), ifLevel=4, indent=indent, logFile=self.getLogFile())
            cde=keytool_cde + '  -list' + ' -keystore ' + kpath + ' -storepass ' + password
            # exec:
            ret, stdout, sdterr=subprocess(cde, doPrint=doPrint)
            if verbose>=5:
                print stdout
                print sdterr
                print
                
            if ret!=0:raise xception.kikonfActionSystemException(self, self_funct, 'Failed listing keystore !')
            verbose('Keystore: ' + kpath + ' listed.\n', level=self.getVerbose(), ifLevel=3, indent=indent, logFile=self.getLogFile())
        
    def getBinarySufix(self):
        if getOsType()=='windows':sufix='.exe'
        else:sufix='.sh'        
        
        return sufix
    
    def verbose(self, name=None, dir=None):        
        verbose('JSSE keysStore:' + name + ', at path:' + str(dir) + '.', level=self.getVerbose(), ifLevel=2, indent=self.getIndent(), logFile=self.getLogFile())
							
(Source: <KIKONF_INSTALLATION_DIR>/plugins/actions/jss/ssl/by/kikonf/ssl.py)


  • Line 1 to 3 say something , say something , say something
  • Line 10 to 17 say something , say something , say something , say something , say something
  • Line 20 to 25 say something



Trademarks :
  • "Java" and "JVM" are a registred trademarks of Oracle and/or its affiliates.
  • Other names may be trademarks of their respective owners.

Copyright © 2011 - Patrick Placidoux, Hélène Malamoud