simpatiCA makes the client certificates already with needed fields.
Since you use openssl directly you can set all the fields you need in the
certificates by changing openssl.cnf in your openssl installation.
There is plenty of documentation on that.
OR you can extend the class X509Auth to fit your needs by overriding
get_user()
class MyX509Auth(X509Auth):
def get_user():
self.subject.surname = <put something here >
X509Auth.get_user(self)
mic
2012/11/7 Amit <[email protected]>
> Hi,
> I filled the email address in the certificate but what I think is problem
> with surname , please check below the log:
>
>
> *File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in
> get_user at line 91* code arguments variables
> Function argument list
>
> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>)
> Code listing
>
> 86.
> 87.
> 88.
> 89.
> 90.
> 91.
>
> 92.
> 93.
> 94.
> 95.
>
>
> p = profile = dict()
>
> username = p['username'] = reduce(lambda a,b: '%s | %s' % (a,b),
> self.subject.CN or self.subject.commonName)
>
> p['first_name'] = reduce(lambda a,b: '%s | %s' %
> (a,b),self.subject.givenName or username)
> p['last_name'] = reduce(lambda a,b: '%s | %s' %
> (a,b),self.subject.surname)
>
> p['email'] = reduce(lambda a,b: '%s | %s' % (a,b),self.subject.Email
> or self.subject.emailAddress)
>
> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER
> p['registration_id'] = self.serial
>
> Variables
> a undefined b undefined builtinreduce <built-in function reduce>
> self.subject.surname [] self <gluon.contrib.login_methods.x509_auth.X509Auth
> object> self.subject <Storage {'Email': ['[email protected]'],
> ...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p {'first_name': 'A
> | m | i | t | 1 | | K | h | a | w | a | r | e', 'username': 'Amit1 Khaware'}
>
> And while generating the certificates it is not asking about surname, it's
> asking below information:
>
> Country Name (2 letter code) [US]:
> State or Province Name (full name) [CA]:
> Locality Name (eg, city) [San Diego]:
> Organization Name (eg, company) [Cafesoft LLC]:
> Organizational Unit Name (eg, section) []:
> Common Name (eg, YOUR name) []:*Cafesoft CA*
> Email Address [[email protected]]:
>
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password []:*password*
> An optional company name []:
>
>
> please check the link :
>
>
> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>
> So x509_auth.py expects surname but above link doesn't provide option to
> fill surname :(
>
>
> Regards,
>
> Amit
>
>
>
>
>
>
>
>
> On Tue, Nov 6, 2012 at 8:34 PM, Michele Comitini <
> [email protected]> wrote:
>
>> self.subject.Email is [] i.e. an empty list. Check if that is the
>> problem.
>>
>> mic
>> Il giorno 06/nov/2012 14:32, "Amit" <[email protected]> ha scritto:
>>
>>> I have used below link to generate server certificates, client
>>> certificates and CA certificates, imported client and CA certificates to
>>> Mozilla Firefox browser and then deploy server certificates and CA
>>> certificate to the Rocket server :
>>>
>>> D:\web2py2.1.1\web2py>web2py.py -a password -i 127.0.0.1 -p 8000 -c
>>> C:\OpenSSL-Win32\bin\cirrusAwareCA\server\certificates\server.test.com.crt
>>> -k C:\OpenSSL-Win32\bin\cirrusAwareCA\server\keys\server.test.com.key
>>> --ca-cert=C:\OpenSSL-Win32\bin\cirrusAwareCA\CA\cirrusAwareCA.crt
>>>
>>> Then Open browser type https://127.0.0.1:8000/MyApp/default/index
>>>
>>> Now its giving error:
>>> <type 'exceptions.TypeError'> reduce() of empty sequence with no initial
>>> value Error snapshot [image: help]
>>>
>>> <type 'exceptions.TypeError'>(reduce() of empty sequence with no initial
>>> value)
>>>
>>> inspect attributes
>>> Frames
>>>
>>> -
>>>
>>> *File D:\web2py2.1.1\web2py\gluon\restricted.py in restricted at
>>> line 209* code arguments variables
>>> -
>>>
>>> *File
>>>
>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py
>>> in <module> at line 76* code arguments variables
>>> -
>>>
>>> *File D:\web2py2.1.1\web2py\gluon\globals.py in <lambda> at line 187*
>>> code arguments variables
>>> -
>>>
>>> *File
>>>
>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py
>>> in user at line 38* code arguments variables
>>> Code listing
>>>
>>> 33.
>>> 34.
>>> 35.
>>> 36.
>>> 37.
>>> 38.
>>>
>>> 39.
>>> 40.
>>> 41.
>>> 42.
>>>
>>> use @auth.requires_login()
>>> @auth.requires_membership('group name')
>>>
>>>
>>>
>>> @auth.requires_permission('read','table name',record_id)
>>>
>>>
>>>
>>> to decorate functions that need access control
>>> """
>>> return dict(form=auth())
>>>
>>>
>>>
>>> def download():
>>> """
>>>
>>> -
>>>
>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in __call__ at line 1205*
>>> code arguments variables
>>> -
>>>
>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in login at line 2016*
>>> code arguments variables
>>> -
>>>
>>> *File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py
>>> in get_user at line 91* code arguments variables
>>> Function argument list
>>>
>>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>)
>>> Code listing
>>>
>>> 86.
>>> 87.
>>> 88.
>>> 89.
>>> 90.
>>> 91.
>>>
>>> 92.
>>> 93.
>>> 94.
>>> 95.
>>>
>>>
>>> p = profile = dict()
>>>
>>> username = p['username'] = reduce(lambda a,b: '%s | %s' % (a,b),
>>> self.subject.CN or self.subject.commonName)
>>>
>>>
>>>
>>> p['first_name'] = reduce(lambda a,b: '%s | %s' %
>>> (a,b),self.subject.givenName or username)
>>>
>>>
>>> p['last_name'] = reduce(lambda a,b: '%s | %s' %
>>> (a,b),self.subject.surname)
>>>
>>>
>>>
>>> p['email'] = reduce(lambda a,b: '%s | %s' %
>>> (a,b),self.subject.Email or self.subject.emailAddress)
>>>
>>>
>>>
>>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER
>>> p['registration_id'] = self.serial
>>>
>>> Variables a undefined b undefined builtinreduce <built-in
>>> function reduce> self.subject.surname [] self
>>> <gluon.contrib.login_methods.x509_auth.X509Auth
>>> object> self.subject <Storage {'Email': [], 'C': ['IN'],
>>> 'serialNumbe...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p
>>> {'first_name':
>>> 'A | m | i | t', 'username': 'Amit'}
>>>
>>>
>>> Regards,
>>> Amit
>>>
>>>
>>>
>>>
>>> On Tue, Nov 6, 2012 at 6:42 PM, Michele Comitini <
>>> [email protected]> wrote:
>>>
>>>> https://github.com/web2py/web2py/blob/master/gluon/main.py#L824
>>>>
>>>> The log seems to say that your certificate file is not there, or not
>>>> accessible
>>>>
>>>> mic
>>>>
>>>>
>>>> 2012/11/6 Amit <[email protected]>
>>>>
>>>>> I am using Python 2.7.2.
>>>>>
>>>>> On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> What is your python version?
>>>>>>
>>>>>>
>>>>>> 2012/11/6 Amit <[email protected]>
>>>>>>
>>>>>>> Hi Michele,
>>>>>>> I used Simpatica to generates the certificates but failed to deploy
>>>>>>> to the web2py server, please check once the first mail in this mail
>>>>>>> chain
>>>>>>> where I explained the problem in details.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Amit
>>>>>>>
>>>>>>> On Tue, Nov 6, 2012 at 4:52 PM, Michele Comitini <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> I suggest looking at code gluon/contrib/login_methods/x509_auth.py.
>>>>>>>> Basically you can extract anything from client supplied cert and use
>>>>>>>> it
>>>>>>>> with the auth tables of web2py. That is really simple.
>>>>>>>> The tedious part id getting to know what stuff you can put in the
>>>>>>>> cert. That is more related to managing a CA than to web2py itself.
>>>>>>>>
>>>>>>>> I have written a simple but functional app for managing a little
>>>>>>>> CA: simpatiCA <http://goo.gl/nrAhS> ; it is simple enough to be
>>>>>>>> used as an example and extended to your needs. If you need a real CA
>>>>>>>> there
>>>>>>>> are more featured solutions around...
>>>>>>>>
>>>>>>>> mic
>>>>>>>>
>>>>>>>>
>>>>>>>> > PS: the man behind X509 auth code in web2py is mcm, sadly for
>>>>>>>> your it's documented how it works but not how to organize the certs
>>>>>>>> (which
>>>>>>>> in > theory you should know in advance)
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>> 2012/11/6 Niphlod <[email protected]>
>>>>>>>>
>>>>>>>>> hem... one thing is helping you to create certs and key for a SSL
>>>>>>>>> protected webserver, quite another to help you managing a credential
>>>>>>>>> store
>>>>>>>>> (I really don't have time for that).
>>>>>>>>> You have problems on finding out what OpenSSL is and want to
>>>>>>>>> manage X509 ? Really ?
>>>>>>>>> Maybe it's time to read some docs.
>>>>>>>>>
>>>>>>>>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> PS: the man behind X509 auth code in web2py is mcm, sadly for your
>>>>>>>>> it's documented how it works but not how to organize the certs (which
>>>>>>>>> in
>>>>>>>>> theory you should know in advance)
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>> --
>>
>>
>>
>>
>
> --
>
>
>
>
--
