kevgliss
parent
b463fcf61b
commit
dbd1279226
|
|
@ -10,10 +10,11 @@ import subprocess
|
||||||
|
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
|
||||||
|
from cryptography.fernet import Fernet
|
||||||
|
|
||||||
from lemur.utils import mktempfile, mktemppath
|
from lemur.utils import mktempfile, mktemppath
|
||||||
from lemur.plugins.bases import ExportPlugin
|
from lemur.plugins.bases import ExportPlugin
|
||||||
from lemur.plugins import lemur_java as java
|
from lemur.plugins import lemur_java as java
|
||||||
from lemur.common.utils import get_psuedo_random_string
|
|
||||||
|
|
||||||
|
|
||||||
def run_process(command):
|
def run_process(command):
|
||||||
|
|
@ -29,6 +30,7 @@ def run_process(command):
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
current_app.logger.debug(" ".join(command))
|
current_app.logger.debug(" ".join(command))
|
||||||
current_app.logger.error(stderr)
|
current_app.logger.error(stderr)
|
||||||
|
current_app.logger.error(stdout)
|
||||||
raise Exception(stderr)
|
raise Exception(stderr)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -85,39 +87,36 @@ def create_truststore(cert, chain, jks_tmp, alias, passphrase):
|
||||||
])
|
])
|
||||||
|
|
||||||
|
|
||||||
def create_keystore(cert, jks_tmp, key, alias, passphrase):
|
def create_keystore(cert, chain, jks_tmp, key, alias, passphrase):
|
||||||
with mktempfile() as key_tmp:
|
# Create PKCS12 keystore from private key and public certificate
|
||||||
with open(key_tmp, 'w') as f:
|
with mktempfile() as cert_tmp:
|
||||||
f.write(key)
|
with open(cert_tmp, 'w') as f:
|
||||||
|
f.writelines([key + "\n", cert + "\n", chain + "\n"])
|
||||||
|
|
||||||
# Create PKCS12 keystore from private key and public certificate
|
with mktempfile() as p12_tmp:
|
||||||
with mktempfile() as cert_tmp:
|
run_process([
|
||||||
with open(cert_tmp, 'w') as f:
|
"openssl",
|
||||||
f.write(cert)
|
"pkcs12",
|
||||||
|
"-export",
|
||||||
|
"-nodes",
|
||||||
|
"-name", alias,
|
||||||
|
"-in", cert_tmp,
|
||||||
|
"-out", p12_tmp,
|
||||||
|
"-password", "pass:{}".format(passphrase)
|
||||||
|
])
|
||||||
|
|
||||||
with mktempfile() as p12_tmp:
|
# Convert PKCS12 keystore into a JKS keystore
|
||||||
run_process([
|
run_process([
|
||||||
"openssl",
|
"keytool",
|
||||||
"pkcs12",
|
"-importkeystore",
|
||||||
"-export",
|
"-destkeystore", jks_tmp,
|
||||||
"-name", alias,
|
"-srckeystore", p12_tmp,
|
||||||
"-in", cert_tmp,
|
"-srcstoretype", "pkcs12",
|
||||||
"-inkey", key_tmp,
|
"-deststoretype", "JKS",
|
||||||
"-out", p12_tmp,
|
"-alias", alias,
|
||||||
"-password", "pass:{}".format(passphrase)
|
"-srcstorepass", passphrase,
|
||||||
])
|
"-deststorepass", passphrase
|
||||||
|
])
|
||||||
# Convert PKCS12 keystore into a JKS keystore
|
|
||||||
run_process([
|
|
||||||
"keytool",
|
|
||||||
"-importkeystore",
|
|
||||||
"-destkeystore", jks_tmp,
|
|
||||||
"-srckeystore", p12_tmp,
|
|
||||||
"-srcstoretype", "PKCS12",
|
|
||||||
"-alias", alias,
|
|
||||||
"-srcstorepass", passphrase,
|
|
||||||
"-deststorepass", passphrase
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
class JavaTruststoreExportPlugin(ExportPlugin):
|
class JavaTruststoreExportPlugin(ExportPlugin):
|
||||||
|
|
@ -165,7 +164,7 @@ class JavaTruststoreExportPlugin(ExportPlugin):
|
||||||
if self.get_option('passphrase', options):
|
if self.get_option('passphrase', options):
|
||||||
passphrase = self.get_option('passphrase', options)
|
passphrase = self.get_option('passphrase', options)
|
||||||
else:
|
else:
|
||||||
passphrase = get_psuedo_random_string()
|
passphrase = Fernet.generate_key()
|
||||||
|
|
||||||
with mktemppath() as jks_tmp:
|
with mktemppath() as jks_tmp:
|
||||||
create_truststore(body, chain, jks_tmp, alias, passphrase)
|
create_truststore(body, chain, jks_tmp, alias, passphrase)
|
||||||
|
|
@ -215,7 +214,7 @@ class JavaKeystoreExportPlugin(ExportPlugin):
|
||||||
if self.get_option('passphrase', options):
|
if self.get_option('passphrase', options):
|
||||||
passphrase = self.get_option('passphrase', options)
|
passphrase = self.get_option('passphrase', options)
|
||||||
else:
|
else:
|
||||||
passphrase = get_psuedo_random_string()
|
passphrase = Fernet.generate_key()
|
||||||
|
|
||||||
if self.get_option('alias', options):
|
if self.get_option('alias', options):
|
||||||
alias = self.get_option('alias', options)
|
alias = self.get_option('alias', options)
|
||||||
|
|
@ -226,8 +225,7 @@ class JavaKeystoreExportPlugin(ExportPlugin):
|
||||||
if not key:
|
if not key:
|
||||||
raise Exception("Unable to export, no private key found.")
|
raise Exception("Unable to export, no private key found.")
|
||||||
|
|
||||||
create_truststore(body, chain, jks_tmp, alias, passphrase)
|
create_keystore(body, chain, jks_tmp, key, alias, passphrase)
|
||||||
create_keystore(body, jks_tmp, key, alias, passphrase)
|
|
||||||
|
|
||||||
with open(jks_tmp, 'rb') as f:
|
with open(jks_tmp, 'rb') as f:
|
||||||
raw = f.read()
|
raw = f.read()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue