source: internals/2016/linuxloginsmartcardwizard/trunk/project1/main.py @ 16332

Last change on this file since 16332 was 16332, checked in by dcorreia, 3 years ago

Added pam_pkcs11 configuration file creation.
Updated crl wget feature to avoid duplicate files.

File size: 1.5 KB
Line 
1#!/usr/bin/python3
2import configpkcs11
3import os
4PAMPKCS11_PACKAGE = "libpam-pkcs11"
5PAMPKCS11_DIRPATH = "/etc/pampkcs11"
6CACERTS_DIRPATH = "/etc/pampkcs11/cacerts"
7CRLS_DIRPATH = "/etc/pampkcs11/crls"
8CRL_FILENAME = "cc_ec_cidadao_crl001_crl.crl"
9ECRAIZ_CERT = "/usr/local/share/certs/ECRaizEstado_novo_assinado_GTE.der"
10CC001_CERT = "/usr/local/share/certs/CartaodeCidadao001.der"
11CC_CRL_HTTP = "https://pki.cartaodecidadao.pt/publico/lrc/cc_ec_cidadao_crl001_crl.crl"
12GUNZIP_DIRPATH = "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz"
13PAMPKCS11_CONFIG = "/etc/pampkcs11/pampkcs11.conf"
14
15
16# Install PKCS#11 module for PAM
17configpkcs11.installPackage(PAMPKCS11_PACKAGE)
18
19# Create directories to support configuration files
20configpkcs11.makeDirectory(PAMPKCS11_DIRPATH)
21configpkcs11.makeDirectory(CACERTS_DIRPATH)
22configpkcs11.makeDirectory(CRLS_DIRPATH)
23
24# Copy certificate files to cacerts directory and make hash links
25configpkcs11.copyFileToDirectory(ECRAIZ_CERT, CACERTS_DIRPATH)
26configpkcs11.copyFileToDirectory(CC001_CERT, CACERTS_DIRPATH)
27configpkcs11.makeHashLinks(CACERTS_DIRPATH)
28
29
30# Get crl file from web link
31if not os.path.exists(os.path.join(CRLS_DIRPATH,CRL_FILENAME)):
32    configpkcs11.getCRLFile(CC_CRL_HTTP, CRLS_DIRPATH)
33
34# Generate pam_pkcs11.conf file
35configpkcs11.makeConfigFile(GUNZIP_DIRPATH, PAMPKCS11_CONFIG, PAMPKCS11_DIRPATH)
36
37# TODO Add portuguese CC module to pam_pkcs11.conf file
38
39
40# TODO Change pkcs11 module to be used in pam_pkcs11.conf file
41
42
43# TODO Test this phase of configuration by running pkcs11_inspect
44
Note: See TracBrowser for help on using the repository browser.