From: Simo Sorce <simo@redhat.com>
Date: Tue, 18 Mar 2014 18:43:04 +0000 (-0400)
Subject: Simple certificate generator class
X-Git-Tag: v0.2.2~67
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=76520e6e044dc5ef04158242753e5a1653d77c25

Simple certificate generator class

For now just generates self-signed certificates.
In future this calss should connect to a CA, or other service like
certmnger's getcert to retrieve a certificate from a CA.

Signed-off-by: Simo Sorce <simo@redhat.com>
---

diff --git a/ipsilon/providers/saml2/certs.py b/ipsilon/providers/saml2/certs.py
new file mode 100755
index 0000000..dc08e08
--- /dev/null
+++ b/ipsilon/providers/saml2/certs.py
@@ -0,0 +1,57 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2014  Simo Sorce <simo@redhat.com>
+#
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from subprocess import Popen
+import os
+import string
+
+
+class Certificate(object):
+
+    def __init__(self, path=None):
+        self.subject = None
+        self.path = path
+        self.key = None
+        self.cert = None
+
+    def generate(self, prefix, subject):
+        self.key = '%s.key' % prefix
+        self.cert = '%s.pem' % prefix
+        self.subject = '/CN=%s' % subject
+        command = ['openssl',
+                   'req', '-x509', '-batch', '-days', '1825',
+                   '-newkey', 'rsa:2048', '-nodes', '-subj', self.subject,
+                   '-keyout', os.path.join(self.path, self.key),
+                   '-out', os.path.join(self.path, self.cert)]
+        proc = Popen(command)
+        proc.wait()
+
+    def get_cert(self):
+        if not self.cert:
+            raise NameError('Invalid certificate name: %s' % self.cert)
+        with open(os.path.join(self.path, self.cert), 'r') as f:
+            cert = f.readlines()
+
+        #poor man stripping of BEGIN/END lines
+        if cert[0] == '-----BEGIN CERTIFICATE-----\n':
+            cert = cert[1:]
+        if cert[-1] == '-----END CERTIFICATE-----\n':
+            cert = cert[:-1]
+
+        return string.join(cert)