Permalink
Browse files

Merge branch 'master' into python3_update_daplug_test

  • Loading branch information...
cornelinux committed Feb 5, 2019
2 parents f9a5d13 + 367f334 commit 913b996fb23115bdd642c321f6db270c8d08b393
@@ -28,7 +28,7 @@
This module is tested in tests/test_lib_caconnector.py
"""
from privacyidea.lib.error import CAError
from privacyidea.lib.utils import int_to_hex
from privacyidea.lib.utils import int_to_hex, to_unicode
from privacyidea.lib.caconnectors.baseca import BaseCAConnector
from OpenSSL import crypto
from subprocess import Popen, PIPE
@@ -201,7 +201,7 @@ def _get_crl_next_update(filename):
# Unfortunately pyOpenSSL does not support this. so we dump the
# CRL and parse the text :-/
# We do not want to add dependency to pyasn1
crl_text = crypto.dump_crl(crypto.FILETYPE_TEXT, crl_obj)
crl_text = to_unicode(crypto.dump_crl(crypto.FILETYPE_TEXT, crl_obj))
for line in crl_text.split("\n"):
if "Next Update: " in line:
key, value = line.split(":", 1)
@@ -332,15 +332,14 @@ def _filename_from_x509(x509_name, file_extension="pem"):
return a filename from the subject from an x509 object
:param x509_name: The X509Name object
:type x509_name: X509Name object
:param file_extension:
:type file_extension: str
:return: filename
:rtype: basestring
:rtype: str
"""
name_components = x509_name.get_components()
filename = ""
for (key, value) in name_components:
filename += value+"_"
filename = filename[:-1] + "." + file_extension
return filename
filename = "_".join([to_unicode(value) for (key, value) in name_components])
return '.'.join([filename, file_extension])

def sign_request(self, csr, options=None):
"""
@@ -402,31 +401,26 @@ def sign_request(self, csr, options=None):
csr_obj.get_subject(), file_extension="pem")
#csr_extensions = csr_obj.get_extensions()
csr_filename = csr_filename.replace(" ", "_")
if type(csr_filename) == str:
csr_filename = csr_filename.decode("utf-8")
csr_filename = csr_filename.encode("ascii", "ignore")
certificate_filename = certificate_filename.replace(" ", "_")
if type(certificate_filename) == str:
certificate_filename = certificate_filename.decode("utf-8")
certificate_filename = certificate_filename.encode("ascii", "ignore")
# dump the file
with open(csrdir + "/" + csr_filename, "w") as f:
csr_filename = to_unicode(csr_filename.encode('ascii', 'ignore'))
with open(os.path.join(csrdir, csr_filename), "w") as f:
f.write(csr)

# TODO: use the template name to set the days and the extention!
if spkac:
cmd = CA_SIGN_SPKAC.format(cakey=self.cakey, cacert=self.cacert,
days=days, config=config,
extension=extension,
spkacfile=csrdir + "/" + csr_filename,
certificate=certificatedir + "/" +
certificate_filename)
spkacfile=os.path.join(csrdir, csr_filename),
certificate=os.path.join(certificatedir,
certificate_filename))
else:
cmd = CA_SIGN.format(cakey=self.cakey, cacert=self.cacert,
days=days, config=config, extension=extension,
csrfile=csrdir + "/" + csr_filename,
certificate=certificatedir + "/" +
certificate_filename)
csrfile=os.path.join(csrdir, csr_filename),
certificate=os.path.join(certificatedir,
certificate_filename))
# run the command
args = shlex.split(cmd)
p = Popen(args, stdout=PIPE, stderr=PIPE, cwd=workingdir)
@@ -435,7 +429,7 @@ def sign_request(self, csr, options=None):
# Some error occurred
raise CAError(error)

with open(certificatedir + "/" + certificate_filename, "r") as f:
with open(os.path.join(certificatedir, certificate_filename), "rb") as f:
certificate = f.read()

# We return the cert_obj.
@@ -32,6 +32,8 @@
"""

import logging

from privacyidea.lib.utils import to_unicode
from privacyidea.lib.tokenclass import TokenClass
from privacyidea.lib.log import log_with
from privacyidea.api.lib.utils import getParam
@@ -217,8 +219,8 @@ def update(self, param):
# req.get_subject().organizationName = 'xxx'
req.set_pubkey(key)
req.sign(key, "sha256")
x509object = cacon.sign_request(crypto.dump_certificate_request(
crypto.FILETYPE_PEM, req), options={"template": template_name})
csr = to_unicode(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
x509object = cacon.sign_request(csr, options={"template": template_name})
certificate = crypto.dump_certificate(crypto.FILETYPE_PEM,
x509object)
# Save the private key to the encrypted key field of the token
@@ -297,11 +297,15 @@ myApp.controller("tokenEnrollController", function ($scope, TokenFactory,
// A watch function to change the form data in case another user is selected
$scope.$watch(function(scope) {return scope.newUser.email;},
function(newValue, oldValue){
$scope.form.email = newValue;
if (newValue != '') {
$scope.form.email = newValue;
}
});
$scope.$watch(function(scope) {return scope.newUser.mobile;},
function(newValue, oldValue){
$scope.form.phone = newValue;
if (newValue != '') {
$scope.form.phone = newValue;
}
});

// Get the realms and fill the realm dropdown box
Binary file not shown.
Binary file not shown.
@@ -6,7 +6,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="Cornelius Kölbel" >
<link rel="icon" href="{{ instance }}/static/favicon.ico">
<link rel="icon" type="image/png" href="{{ instance }}/static/favicon.png">
<!-- Custom styles for this template -->
<link href="{{ instance }}/static/css/signin.css" rel="stylesheet">
<link href="{{ instance }}/static/contrib/css/animate.css" rel="stylesheet">
@@ -22,11 +22,9 @@
'test_api_users.py',
'test_api_validate.py',
'test_lib_applications.py',
'test_lib_caconnector.py',
'test_lib_challenges.py',
'test_lib_importotp.py',
'test_lib_smsprovider.py',
'test_lib_tokens_certificate.py',
'test_lib_tokens_foureyes.py',
'test_lib_tokens_motp.py',
'test_lib_tokens_passwordtoken.py',
@@ -10,7 +10,7 @@
from mock import patch
from privacyidea.lib.caconnectors.localca import LocalCAConnector, ATTR
from OpenSSL import crypto
from privacyidea.lib.utils import int_to_hex
from privacyidea.lib.utils import int_to_hex, to_unicode
from privacyidea.lib.error import CAError
from privacyidea.lib.caconnector import (get_caconnector_list,
get_caconnector_class,
@@ -199,15 +199,15 @@ def test_02_sign_cert(self):
r = cacon.create_crl()
self.assertEqual(r, "crl.pem")
# Check if the serial number is contained in the CRL!
filename = cwd + "/" + WORKINGDIR + "/crl.pem"
filename = os.path.join(cwd, WORKINGDIR, "crl.pem")
f = open(filename)
buff = f.read()
f.close()
crl = crypto.load_crl(crypto.FILETYPE_PEM, buff)
revoked_certs = crl.get_revoked()
found_revoked_cert = False
for revoked_cert in revoked_certs:
s = revoked_cert.get_serial()
s = to_unicode(revoked_cert.get_serial())
if s == serial_hex:
found_revoked_cert = True
break
@@ -272,7 +272,7 @@ def test_05_templates(self):
self.assertTrue("template3" in templates)
cert = cacon.sign_request(SPKAC, options={"spkac": 1,
"template": "webserver"})
expires = cert.get_notAfter()
expires = to_unicode(cert.get_notAfter())
import datetime
dt = datetime.datetime.strptime(expires, "%Y%m%d%H%M%SZ")
ddiff = dt - datetime.datetime.now()

0 comments on commit 913b996

Please sign in to comment.