1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
#!/usr/bin/env python
###
# ============LICENSE_START=======================================================
# Simulator
# ================================================================================
# Copyright (C) 2019 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
###
import os
import sys
import logging
import logging.config
logging.basicConfig()
logger = logging.getLogger()
logger.setLevel(logging.INFO)
# Placeholders definition - this needs to match placeholders in
# load_server_certs_xml_file and tls_listen_xml_file
SERVER_KEY_NAME = "SERVER_KEY_NAME"
SERVER_CERT_NAME = "SERVER_CERT_NAME"
SERVER_CERTIFICATE_HERE = "SERVER_CERTIFICATE_HERE"
CA_CERT_NAME = "CA_CERT_NAME"
CA_CERTIFICATE_HERE = "CA_CERTIFICATE_HERE"
CA_FINGERPRINT_HERE = "CA_FINGERPRINT_HERE"
CA_FINGERPRINT_ENV = "CA_FINGERPRINT"
SERVER_CERTIFICATE_ENV = "SERVER_CERTIFICATE_ENV"
CA_CERTIFICATE_ENV = "CA_CERTIFICATE_ENV"
class FileHelper(object):
@classmethod
def get_file_contents(cls, filename):
with open(filename, "r") as f:
return f.read()
@classmethod
def write_file_contents(cls, filename, data):
with open(filename, "w+") as f:
f.write(data)
class CertHelper(object):
@classmethod
def get_pem_content_stripped(cls, pem_dir, pem_filename):
cmd = "cat {}/{} | grep -v '^-'".format(pem_dir, pem_filename)
content = CertHelper.system(cmd)
return content
@classmethod
def get_cert_fingerprint(cls, directory, cert_filename):
cmd = "openssl x509 -fingerprint -noout -in {}/{} | sed -e " \
"'s/SHA1 Fingerprint//; s/=//; s/=//p'" \
.format(directory, cert_filename)
fingerprint = CertHelper.system(cmd)
return fingerprint
@classmethod
def print_certs_info(cls, ca_cert, ca_fingerprint, server_cert):
logger.info("Will use server certificate: " + server_cert)
logger.info("Will use CA certificate: " + ca_cert)
logger.info("CA certificate fingerprint: " + ca_fingerprint)
@classmethod
def system(cls, cmd):
return os.popen(cmd).read().replace("\n", "")
class App(object):
@classmethod
def patch_server_certs(cls, data, server_key_filename_noext,
server_cert_filename_noext, ca_cert_filename_noext,
server_cert, ca_cert):
data = data.replace(SERVER_KEY_NAME, server_key_filename_noext)
data = data.replace(SERVER_CERT_NAME, server_cert_filename_noext)
data = data.replace(CA_CERT_NAME, ca_cert_filename_noext)
data = data.replace(SERVER_CERTIFICATE_HERE, server_cert)
data = data.replace(CA_CERTIFICATE_HERE, ca_cert)
return data
@classmethod
def patch_tls_listen(cls, data, server_cert_filename_noext, ca_fingerprint,
server_cert, ca_cert):
data = data.replace(SERVER_CERT_NAME, server_cert_filename_noext)
data = data.replace(CA_FINGERPRINT_HERE, ca_fingerprint)
data = data.replace(SERVER_CERTIFICATE_HERE, server_cert)
data = data.replace(CA_CERTIFICATE_HERE, ca_cert)
return data
@classmethod
def run(cls):
# name things
cert_dir = sys.argv[1]
ca_cert_filename = sys.argv[2]
server_cert_filename = sys.argv[3]
server_key_filename = sys.argv[4]
load_server_certs_xml_file = sys.argv[5]
tls_listen_xml_file = sys.argv[6]
# strip extensions
ca_cert_filename_noext = ca_cert_filename.replace(".crt", "")
server_cert_filename_noext = server_cert_filename.replace(".crt", "")
server_key_filename_noext = server_key_filename.replace(".pem", "")
# get certificates from files
server_cert = CertHelper.get_pem_content_stripped(cert_dir,
server_cert_filename)
ca_cert = CertHelper.get_pem_content_stripped(cert_dir,
ca_cert_filename)
ca_fingerprint = CertHelper.get_cert_fingerprint(cert_dir,
ca_cert_filename)
CertHelper.print_certs_info(ca_cert, ca_fingerprint, server_cert)
# patch TLS configuration files
data_srv = FileHelper.get_file_contents(load_server_certs_xml_file)
patched_srv = App.patch_server_certs(data_srv, server_key_filename_noext,
server_cert_filename_noext,
ca_cert_filename_noext,
server_cert, ca_cert)
FileHelper.write_file_contents(load_server_certs_xml_file, patched_srv)
data_tls = FileHelper.get_file_contents(tls_listen_xml_file)
patched_tls = App.patch_tls_listen(data_tls, server_cert_filename_noext,
ca_fingerprint, server_cert, ca_cert)
FileHelper.write_file_contents(tls_listen_xml_file, patched_tls)
def main():
if len(sys.argv) is not 7:
print("Usage: {1} <cert_dir> <ca_cert_filename> <server_cert_filename> "
"<server_key_filename> <load_server_certs_xml_full_path> "
"<tls_listen_full_path>", sys.argv[0])
return 1
App.run()
logger.info("XML files patched successfully")
if __name__ == '__main__':
main()
|