Return-Path: 
 <commits-return-541-apmail-labs-commits-archive=labs.apache.org@labs.apache.org>
Delivered-To: apmail-labs-commits-archive@locus.apache.org
Received: (qmail 64145 invoked from network); 14 Dec 2007 17:03:18 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 14 Dec 2007 17:03:18 -0000
Received: (qmail 35723 invoked by uid 500); 14 Dec 2007 17:03:07 -0000
Delivered-To: apmail-labs-commits-archive@labs.apache.org
Received: (qmail 35616 invoked by uid 500); 14 Dec 2007 17:03:07 -0000
Mailing-List: contact commits-help@labs.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@labs.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@labs.apache.org>
List-Post: <mailto:commits@labs.apache.org>
List-Id: <commits.labs.apache.org>
Reply-To: labs@labs.apache.org
Delivered-To: mailing list commits@labs.apache.org
Received: (qmail 35605 invoked by uid 99); 14 Dec 2007 17:03:07 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2007 09:03:07 -0800
X-ASF-Spam-Status: No, hits=-100.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2007 17:02:53 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 351C61A984E; Fri, 14 Dec 2007 09:02:57 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r604227 - in /labs/badca: BaDCA/baseCA.py
 tests/04baseCATestCase.py tests/ca/ tests/ca/test01/ tests/ca/test01/conf.py
Date: Fri, 14 Dec 2007 17:02:56 -0000
To: commits@labs.apache.org
From: dreid@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20071214170257.351C61A984E@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: dreid
Date: Fri Dec 14 09:02:56 2007
New Revision: 604227

URL: http://svn.apache.org/viewvc?rev=604227&view=rev
Log:
Start fleshing out the baseCA module a little more.
- add parsing of configuration file (a python file)
- create directories for the CA
- add test directories as needed

This is probably a good time to add some form of logging for the CA,
so any suggestions on how to do it?

Added:
    labs/badca/tests/ca/
    labs/badca/tests/ca/test01/   (with props)
    labs/badca/tests/ca/test01/conf.py
Modified:
    labs/badca/BaDCA/baseCA.py
    labs/badca/tests/04baseCATestCase.py

Modified: labs/badca/BaDCA/baseCA.py
URL: http://svn.apache.org/viewvc/labs/badca/BaDCA/baseCA.py?rev=604227&r1=604226&r2=604227&view=diff
==============================================================================
--- labs/badca/BaDCA/baseCA.py (original)
+++ labs/badca/BaDCA/baseCA.py Fri Dec 14 09:02:56 2007
@@ -1,28 +1,101 @@
 import os, sys
+from stat import *
 
 from BaDCA.Utils import getSHA1
 
+def extractConfig(s, n, default = None):
+    try:
+        if s[n] is not None:
+            return s[n]
+    except KeyError:
+        return default
+    return default
+
+def sortedDict(adict):
+    keys = adict.keys()
+    keys.sort()
+    return map(adict.get, keys)
+
 class baseCA:
     name = None
     baseDir = None
     keys = []
     certs = []
     crls = []
+    settings = {}
+    options = {}
+    subject = {}
+    minStrength = 0
+    rootValidity = 0
+    issuedValidity = 0
+    configOK = 0
 
     def __init__(self, baseDir = None):
         if baseDir is not None:
             if os.path.isdir(baseDir):
                 self.baseDir = os.path.abspath(baseDir)
-                self.getConfig()
+                self.configOK = self.getConfig()
 
     def getConfig(self):
         configFn = os.path.join(self.baseDir, 'conf.py')
         if not os.path.exists(configFn):
-            return
-        print "configFn = " + configFn
+            return 0
+
+        # Is this the best way of doing this?
+        settings = {}
+        # Load file & eval
+        execfile(configFn, globals(), settings)
+        # add filtering here if required!
+        self.name = extractConfig(settings, 'name')
+
+        self.subject = extractConfig(settings, 'subject')
+
+        self.minStrength = extractConfig(settings, 'minStrength', 1024)
+        self.rootValidity = extractConfig(settings, 'rootValidity', 365)
+        self.issuedValidity = extractConfig(settings, 'issuedValidity', 365)
+
+        self.options['remove'] = extractConfig(settings, 'remove')
+        self.options['ignore'] = extractConfig(settings, 'ignore')
+        self.options['attributes'] = extractConfig(settings, 'attributes')
+
+        print str(self.options)
+        print str(self.subject)
+
+        return self.checkDirectories() 
+
+    # This function tries to create all the directories we need with
+    # correct permissions (this isn't meant for Windows).
+    def checkDirectories(self):
+        privateMode = S_IRWXU
+        publicMode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+        rqdDirs = {
+                '00private': privateMode,
+                '01private/keys': privateMode,
+                '02certs': publicMode,
+                '03certs/ca': publicMode,
+                '04certs/issued': publicMode,
+                '05csr': publicMode,
+                '06csr/received': publicMode,
+                '07crl': publicMode,
+                  }
+        dirList = rqdDirs.keys()
+        dirList.sort()
+        for d in dirList:
+            ckdir = os.path.join(self.baseDir, d[2:])
+            if not os.path.isdir(ckdir):
+                try:
+                    os.mkdir(ckdir, rqdDirs[d])
+                except:
+                    print "Unable to create '%s'" % ckdir
+                    return 0
+                print "Created directory '%s'" % ckdir
+        return 1
 
     def isValid(self):
-        if self.name is None:
+        if self.configOK == 0:
+            return False
+        if self.name is None or self.minStrength == 0 or \
+           self.rootValidity == 0:
             return False
         return True
 

Modified: labs/badca/tests/04baseCATestCase.py
URL: http://svn.apache.org/viewvc/labs/badca/tests/04baseCATestCase.py?rev=604227&r1=604226&r2=604227&view=diff
==============================================================================
--- labs/badca/tests/04baseCATestCase.py (original)
+++ labs/badca/tests/04baseCATestCase.py Fri Dec 14 09:02:56 2007
@@ -15,7 +15,8 @@
         """ Testing basic creation of baseCA with data"""
         ca = baseCA.baseCA(baseDir='tests/ca/test01')
         assert ca is not None, "Failed to create a baseCA object"
-        assert not ca.isValid(), "baseCA should not be valid!"
+        assert ca.isValid(), "baseCA isn't valid!"
+
 
 if __name__ == "__main__":
     unittest.main()

Propchange: labs/badca/tests/ca/test01/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Fri Dec 14 09:02:56 2007
@@ -0,0 +1,5 @@
+private
+cert
+csr
+crl
+

Added: labs/badca/tests/ca/test01/conf.py
URL: http://svn.apache.org/viewvc/labs/badca/tests/ca/test01/conf.py?rev=604227&view=auto
==============================================================================
--- labs/badca/tests/ca/test01/conf.py (added)
+++ labs/badca/tests/ca/test01/conf.py Fri Dec 14 09:02:56 2007
@@ -0,0 +1,66 @@
+# conf.py
+#
+# BaDCA configuration file!
+#
+# This file should be formatted according to standard Python rules.
+#
+
+# Settings that are required have '[RQD]' besides them. All others can
+# be omitted or set to None.
+
+# Name of the CA [RQD]
+name = "BaDCA Test 01"
+
+# CA Subject Information
+# When creating the root certificate the following information will be
+# used to construct the X509 subject for the certificate.
+# Either the short or long name may be used, ie 'C' and 'Country' are
+# acceptable.
+subject = { 
+            'C': 'GB',
+            'O': 'Apache Software Foundation',
+            'OU': 'Labs',
+            'CN': 'ASF Labs',
+            'emailAddress': 'dreid@apache.org'
+           }
+
+# Minimum key strength
+# This is the minimum number of bits that a key used to generate a
+# certificate request MUST be. If the key used was generated with fewer
+# bits than this figure, no certificate will be created.
+# Default value is 1024
+#minStrength = 1024
+
+# Root validity period
+# How long (in days) is the root certificate for this CA valid?
+# Default is 365 days (1 year)
+#rootValidity = 365
+
+# Issued validity period
+# How long (in days) should certificates issued by this CA be valid for?
+# Default is 365 days (1 year)
+#issuedValidity = 365
+
+# This should be set to a list of the fields that may be present in an
+# X509 Certificate Request subject that should be ignored when the final
+# certificate is created.
+# Either the short or long name may be used, ie 'C' and 'Country' are
+# acceptable.
+ignore = [ 'C', 'O', 'OU', 'ST' ]
+
+# This should be set to a list of the fields that may be present in the
+# CA certificate that should NOT be copied when creating the subject for
+# a certificate created following receipt of a certificate request.
+# Either the short or long name may be used, ie 'C' and 'Country' are
+# acceptable.
+remove = [ 'CN', 'emailAddress', 'ST' ]
+
+# Attributes listed here will ALWAYS be applied to certificates created.
+attributes = {
+               'subjectKeyIdentifier': 'hash',
+               'authorityKeyIdentifier': 'keyid:always,issuer:always',
+               'subjectAltName': 'email:copy',
+               'issuerAltName': 'issuer:copy',
+             }
+
+



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@labs.apache.org
For additional commands, e-mail: commits-help@labs.apache.org