Merge pull request #290 from kevgliss/289-java-export-intermediates

Fixes #289 and #275
This commit is contained in:
kevgliss 2016-04-21 16:46:11 -07:00
commit 2c6d494c32

View File

@ -10,10 +10,11 @@ import subprocess
from flask import current_app
from cryptography.fernet import Fernet
from lemur.utils import mktempfile, mktemppath
from lemur.plugins.bases import ExportPlugin
from lemur.plugins import lemur_java as java
from lemur.common.utils import get_psuedo_random_string
def run_process(command):
@ -29,6 +30,7 @@ def run_process(command):
if p.returncode != 0:
current_app.logger.debug(" ".join(command))
current_app.logger.error(stderr)
current_app.logger.error(stdout)
raise Exception(stderr)
@ -85,39 +87,36 @@ def create_truststore(cert, chain, jks_tmp, alias, passphrase):
])
def create_keystore(cert, jks_tmp, key, alias, passphrase):
with mktempfile() as key_tmp:
with open(key_tmp, 'w') as f:
f.write(key)
def create_keystore(cert, chain, jks_tmp, key, alias, passphrase):
# Create PKCS12 keystore from private key and public certificate
with mktempfile() as cert_tmp:
with open(cert_tmp, 'w') as f:
f.writelines([key + "\n", cert + "\n", chain + "\n"])
# Create PKCS12 keystore from private key and public certificate
with mktempfile() as cert_tmp:
with open(cert_tmp, 'w') as f:
f.write(cert)
with mktempfile() as p12_tmp:
run_process([
"openssl",
"pkcs12",
"-export",
"-nodes",
"-name", alias,
"-in", cert_tmp,
"-out", p12_tmp,
"-password", "pass:{}".format(passphrase)
])
with mktempfile() as p12_tmp:
run_process([
"openssl",
"pkcs12",
"-export",
"-name", alias,
"-in", cert_tmp,
"-inkey", key_tmp,
"-out", p12_tmp,
"-password", "pass:{}".format(passphrase)
])
# Convert PKCS12 keystore into a JKS keystore
run_process([
"keytool",
"-importkeystore",
"-destkeystore", jks_tmp,
"-srckeystore", p12_tmp,
"-srcstoretype", "PKCS12",
"-alias", alias,
"-srcstorepass", passphrase,
"-deststorepass", passphrase
])
# Convert PKCS12 keystore into a JKS keystore
run_process([
"keytool",
"-importkeystore",
"-destkeystore", jks_tmp,
"-srckeystore", p12_tmp,
"-srcstoretype", "pkcs12",
"-deststoretype", "JKS",
"-alias", alias,
"-srcstorepass", passphrase,
"-deststorepass", passphrase
])
class JavaTruststoreExportPlugin(ExportPlugin):
@ -165,7 +164,7 @@ class JavaTruststoreExportPlugin(ExportPlugin):
if self.get_option('passphrase', options):
passphrase = self.get_option('passphrase', options)
else:
passphrase = get_psuedo_random_string()
passphrase = Fernet.generate_key()
with mktemppath() as jks_tmp:
create_truststore(body, chain, jks_tmp, alias, passphrase)
@ -215,7 +214,7 @@ class JavaKeystoreExportPlugin(ExportPlugin):
if self.get_option('passphrase', options):
passphrase = self.get_option('passphrase', options)
else:
passphrase = get_psuedo_random_string()
passphrase = Fernet.generate_key()
if self.get_option('alias', options):
alias = self.get_option('alias', options)
@ -226,8 +225,7 @@ class JavaKeystoreExportPlugin(ExportPlugin):
if not key:
raise Exception("Unable to export, no private key found.")
create_truststore(body, chain, jks_tmp, alias, passphrase)
create_keystore(body, jks_tmp, key, alias, passphrase)
create_keystore(body, chain, jks_tmp, key, alias, passphrase)
with open(jks_tmp, 'rb') as f:
raw = f.read()