Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes #289 and #275

This commit is contained in:
kevgliss 2016-04-21 16:22:19 -07:00
parent b463fcf61b
commit dbd1279226
1 changed files with 34 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lemur/plugins/lemur_java/plugin.py
View File

@ -10,10 +10,11 @@ import subprocess
from flask import current_app from flask import current_app
from cryptography.fernet import Fernet
from lemur.utils import mktempfile, mktemppath from lemur.utils import mktempfile, mktemppath
from lemur.plugins.bases import ExportPlugin from lemur.plugins.bases import ExportPlugin
from lemur.plugins import lemur_java as java from lemur.plugins import lemur_java as java
from lemur.common.utils import get_psuedo_random_string
def run_process(command): def run_process(command):
@ -29,6 +30,7 @@ def run_process(command):
if p.returncode != 0: if p.returncode != 0:
current_app.logger.debug(" ".join(command)) current_app.logger.debug(" ".join(command))
current_app.logger.error(stderr) current_app.logger.error(stderr)
current_app.logger.error(stdout)
raise Exception(stderr) raise Exception(stderr)
@ -85,24 +87,20 @@ def create_truststore(cert, chain, jks_tmp, alias, passphrase):
]) ])
def create_keystore(cert, jks_tmp, key, alias, passphrase): def create_keystore(cert, chain, jks_tmp, key, alias, passphrase):
with mktempfile() as key_tmp:
with open(key_tmp, 'w') as f:
f.write(key)
# Create PKCS12 keystore from private key and public certificate # Create PKCS12 keystore from private key and public certificate
with mktempfile() as cert_tmp: with mktempfile() as cert_tmp:
with open(cert_tmp, 'w') as f: with open(cert_tmp, 'w') as f:
f.write(cert) f.writelines([key + "\n", cert + "\n", chain + "\n"])
with mktempfile() as p12_tmp: with mktempfile() as p12_tmp:
run_process([ run_process([
"openssl", "openssl",
"pkcs12", "pkcs12",
"-export", "-export",
"-nodes",
"-name", alias, "-name", alias,
"-in", cert_tmp, "-in", cert_tmp,
"-inkey", key_tmp,
"-out", p12_tmp, "-out", p12_tmp,
"-password", "pass:{}".format(passphrase) "-password", "pass:{}".format(passphrase)
]) ])
@ -113,7 +111,8 @@ def create_keystore(cert, jks_tmp, key, alias, passphrase):
"-importkeystore", "-importkeystore",
"-destkeystore", jks_tmp, "-destkeystore", jks_tmp,
"-srckeystore", p12_tmp, "-srckeystore", p12_tmp,
"-srcstoretype", "PKCS12", "-srcstoretype", "pkcs12",
"-deststoretype", "JKS",
"-alias", alias, "-alias", alias,
"-srcstorepass", passphrase, "-srcstorepass", passphrase,
"-deststorepass", passphrase "-deststorepass", passphrase
@ -165,7 +164,7 @@ class JavaTruststoreExportPlugin(ExportPlugin):
if self.get_option('passphrase', options): if self.get_option('passphrase', options):
passphrase = self.get_option('passphrase', options) passphrase = self.get_option('passphrase', options)
else: else:
passphrase = get_psuedo_random_string() passphrase = Fernet.generate_key()
with mktemppath() as jks_tmp: with mktemppath() as jks_tmp:
create_truststore(body, chain, jks_tmp, alias, passphrase) create_truststore(body, chain, jks_tmp, alias, passphrase)
@ -215,7 +214,7 @@ class JavaKeystoreExportPlugin(ExportPlugin):
if self.get_option('passphrase', options): if self.get_option('passphrase', options):
passphrase = self.get_option('passphrase', options) passphrase = self.get_option('passphrase', options)
else: else:
passphrase = get_psuedo_random_string() passphrase = Fernet.generate_key()
if self.get_option('alias', options): if self.get_option('alias', options):
alias = self.get_option('alias', options) alias = self.get_option('alias', options)
@ -226,8 +225,7 @@ class JavaKeystoreExportPlugin(ExportPlugin):
if not key: if not key:
raise Exception("Unable to export, no private key found.") raise Exception("Unable to export, no private key found.")
create_truststore(body, chain, jks_tmp, alias, passphrase) create_keystore(body, chain, jks_tmp, key, alias, passphrase)
create_keystore(body, jks_tmp, key, alias, passphrase)
with open(jks_tmp, 'rb') as f: with open(jks_tmp, 'rb') as f:
raw = f.read() raw = f.read()