You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@labs.apache.org by dr...@apache.org on 2007/12/14 18:02:56 UTC
svn commit: r604227 - in /labs/badca: BaDCA/baseCA.py
tests/04baseCATestCase.py tests/ca/ tests/ca/test01/ tests/ca/test01/conf.py
Author: dreid
Date: Fri Dec 14 09:02:56 2007
New Revision: 604227
URL: http://svn.apache.org/viewvc?rev=604227&view=rev
Log:
Start fleshing out the baseCA module a little more.
- add parsing of configuration file (a python file)
- create directories for the CA
- add test directories as needed
This is probably a good time to add some form of logging for the CA,
so any suggestions on how to do it?
Added:
labs/badca/tests/ca/
labs/badca/tests/ca/test01/ (with props)
labs/badca/tests/ca/test01/conf.py
Modified:
labs/badca/BaDCA/baseCA.py
labs/badca/tests/04baseCATestCase.py
Modified: labs/badca/BaDCA/baseCA.py
URL: http://svn.apache.org/viewvc/labs/badca/BaDCA/baseCA.py?rev=604227&r1=604226&r2=604227&view=diff
==============================================================================
--- labs/badca/BaDCA/baseCA.py (original)
+++ labs/badca/BaDCA/baseCA.py Fri Dec 14 09:02:56 2007
@@ -1,28 +1,101 @@
import os, sys
+from stat import *
from BaDCA.Utils import getSHA1
+def extractConfig(s, n, default = None):
+ try:
+ if s[n] is not None:
+ return s[n]
+ except KeyError:
+ return default
+ return default
+
+def sortedDict(adict):
+ keys = adict.keys()
+ keys.sort()
+ return map(adict.get, keys)
+
class baseCA:
name = None
baseDir = None
keys = []
certs = []
crls = []
+ settings = {}
+ options = {}
+ subject = {}
+ minStrength = 0
+ rootValidity = 0
+ issuedValidity = 0
+ configOK = 0
def __init__(self, baseDir = None):
if baseDir is not None:
if os.path.isdir(baseDir):
self.baseDir = os.path.abspath(baseDir)
- self.getConfig()
+ self.configOK = self.getConfig()
def getConfig(self):
configFn = os.path.join(self.baseDir, 'conf.py')
if not os.path.exists(configFn):
- return
- print "configFn = " + configFn
+ return 0
+
+ # Is this the best way of doing this?
+ settings = {}
+ # Load file & eval
+ execfile(configFn, globals(), settings)
+ # add filtering here if required!
+ self.name = extractConfig(settings, 'name')
+
+ self.subject = extractConfig(settings, 'subject')
+
+ self.minStrength = extractConfig(settings, 'minStrength', 1024)
+ self.rootValidity = extractConfig(settings, 'rootValidity', 365)
+ self.issuedValidity = extractConfig(settings, 'issuedValidity', 365)
+
+ self.options['remove'] = extractConfig(settings, 'remove')
+ self.options['ignore'] = extractConfig(settings, 'ignore')
+ self.options['attributes'] = extractConfig(settings, 'attributes')
+
+ print str(self.options)
+ print str(self.subject)
+
+ return self.checkDirectories()
+
+ # This function tries to create all the directories we need with
+ # correct permissions (this isn't meant for Windows).
+ def checkDirectories(self):
+ privateMode = S_IRWXU
+ publicMode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+ rqdDirs = {
+ '00private': privateMode,
+ '01private/keys': privateMode,
+ '02certs': publicMode,
+ '03certs/ca': publicMode,
+ '04certs/issued': publicMode,
+ '05csr': publicMode,
+ '06csr/received': publicMode,
+ '07crl': publicMode,
+ }
+ dirList = rqdDirs.keys()
+ dirList.sort()
+ for d in dirList:
+ ckdir = os.path.join(self.baseDir, d[2:])
+ if not os.path.isdir(ckdir):
+ try:
+ os.mkdir(ckdir, rqdDirs[d])
+ except:
+ print "Unable to create '%s'" % ckdir
+ return 0
+ print "Created directory '%s'" % ckdir
+ return 1
def isValid(self):
- if self.name is None:
+ if self.configOK == 0:
+ return False
+ if self.name is None or self.minStrength == 0 or \
+ self.rootValidity == 0:
return False
return True
Modified: labs/badca/tests/04baseCATestCase.py
URL: http://svn.apache.org/viewvc/labs/badca/tests/04baseCATestCase.py?rev=604227&r1=604226&r2=604227&view=diff
==============================================================================
--- labs/badca/tests/04baseCATestCase.py (original)
+++ labs/badca/tests/04baseCATestCase.py Fri Dec 14 09:02:56 2007
@@ -15,7 +15,8 @@
""" Testing basic creation of baseCA with data"""
ca = baseCA.baseCA(baseDir='tests/ca/test01')
assert ca is not None, "Failed to create a baseCA object"
- assert not ca.isValid(), "baseCA should not be valid!"
+ assert ca.isValid(), "baseCA isn't valid!"
+
if __name__ == "__main__":
unittest.main()
Propchange: labs/badca/tests/ca/test01/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Fri Dec 14 09:02:56 2007
@@ -0,0 +1,5 @@
+private
+cert
+csr
+crl
+
Added: labs/badca/tests/ca/test01/conf.py
URL: http://svn.apache.org/viewvc/labs/badca/tests/ca/test01/conf.py?rev=604227&view=auto
==============================================================================
--- labs/badca/tests/ca/test01/conf.py (added)
+++ labs/badca/tests/ca/test01/conf.py Fri Dec 14 09:02:56 2007
@@ -0,0 +1,66 @@
+# conf.py
+#
+# BaDCA configuration file!
+#
+# This file should be formatted according to standard Python rules.
+#
+
+# Settings that are required have '[RQD]' besides them. All others can
+# be omitted or set to None.
+
+# Name of the CA [RQD]
+name = "BaDCA Test 01"
+
+# CA Subject Information
+# When creating the root certificate the following information will be
+# used to construct the X509 subject for the certificate.
+# Either the short or long name may be used, ie 'C' and 'Country' are
+# acceptable.
+subject = {
+ 'C': 'GB',
+ 'O': 'Apache Software Foundation',
+ 'OU': 'Labs',
+ 'CN': 'ASF Labs',
+ 'emailAddress': 'dreid@apache.org'
+ }
+
+# Minimum key strength
+# This is the minimum number of bits that a key used to generate a
+# certificate request MUST be. If the key used was generated with fewer
+# bits than this figure, no certificate will be created.
+# Default value is 1024
+#minStrength = 1024
+
+# Root validity period
+# How long (in days) is the root certificate for this CA valid?
+# Default is 365 days (1 year)
+#rootValidity = 365
+
+# Issued validity period
+# How long (in days) should certificates issued by this CA be valid for?
+# Default is 365 days (1 year)
+#issuedValidity = 365
+
+# This should be set to a list of the fields that may be present in an
+# X509 Certificate Request subject that should be ignored when the final
+# certificate is created.
+# Either the short or long name may be used, ie 'C' and 'Country' are
+# acceptable.
+ignore = [ 'C', 'O', 'OU', 'ST' ]
+
+# This should be set to a list of the fields that may be present in the
+# CA certificate that should NOT be copied when creating the subject for
+# a certificate created following receipt of a certificate request.
+# Either the short or long name may be used, ie 'C' and 'Country' are
+# acceptable.
+remove = [ 'CN', 'emailAddress', 'ST' ]
+
+# Attributes listed here will ALWAYS be applied to certificates created.
+attributes = {
+ 'subjectKeyIdentifier': 'hash',
+ 'authorityKeyIdentifier': 'keyid:always,issuer:always',
+ 'subjectAltName': 'email:copy',
+ 'issuerAltName': 'issuer:copy',
+ }
+
+
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@labs.apache.org
For additional commands, e-mail: commits-help@labs.apache.org