diff --git a/certidude/api.py b/certidude/api.py
index 895cb9d..7d4a4b9 100644
--- a/certidude/api.py
+++ b/certidude/api.py
@@ -7,8 +7,10 @@ import json
import types
import click
from time import sleep
-from certidude.wrappers import Request, Certificate, CertificateAuthorityConfig
+from certidude.wrappers import Request, Certificate, CertificateAuthority, \
+ CertificateAuthorityConfig
from certidude.auth import login_required
+from OpenSSL import crypto
from pyasn1.codec.der import decoder
from datetime import datetime, date
from jinja2 import Environment, PackageLoader, Template
@@ -26,6 +28,7 @@ def event_source(func):
if req.get_header("Accept") == "text/event-stream":
resp.status = falcon.HTTP_SEE_OTHER
resp.location = ca.push_server + "/ev/" + ca.uuid
+ resp.body = "Redirecting to:" + resp.location
print("Delegating EventSource handling to:", resp.location)
return func(self, req, resp, ca, *args, **kwargs)
return wrapped
@@ -72,7 +75,24 @@ def validate_common_name(func):
class MyEncoder(json.JSONEncoder):
+ REQUEST_ATTRIBUTES = "signable", "subject", "changed", "common_name", \
+ "organizational_unit", "given_name", "surname", "fqdn", "email_address", \
+ "key_type", "key_length", "md5sum", "sha1sum", "sha256sum", "key_usage"
+
+ CERTIFICATE_ATTRIBUTES = "revokable", "subject", "changed", "common_name", \
+ "organizational_unit", "given_name", "surname", "fqdn", "email_address", \
+ "key_type", "key_length", "sha256sum", "serial_number", "key_usage"
+
def default(self, obj):
+ if isinstance(obj, crypto.X509Name):
+ try:
+ return "".join(["/%s=%s" % (k.decode("ascii"),v.decode("utf-8")) for k, v in obj.get_components()])
+ except UnicodeDecodeError: # Work around old buggy pyopenssl
+ return "".join(["/%s=%s" % (k.decode("ascii"),v.decode("iso8859")) for k, v in obj.get_components()])
+ if isinstance(obj, ipaddress._IPAddressBase):
+ return str(obj)
+ if isinstance(obj, set):
+ return tuple(obj)
if isinstance(obj, datetime):
return obj.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"
if isinstance(obj, date):
@@ -81,6 +101,26 @@ class MyEncoder(json.JSONEncoder):
return tuple(obj)
if isinstance(obj, types.GeneratorType):
return tuple(obj)
+ if isinstance(obj, Request):
+ return dict([(key, getattr(obj, key)) for key in self.REQUEST_ATTRIBUTES \
+ if hasattr(obj, key) and getattr(obj, key)])
+ if isinstance(obj, Certificate):
+ return dict([(key, getattr(obj, key)) for key in self.CERTIFICATE_ATTRIBUTES \
+ if hasattr(obj, key) and getattr(obj, key)])
+ if isinstance(obj, CertificateAuthority):
+ return dict(
+ slug = obj.slug,
+ certificate = obj.certificate,
+ admin_users = obj.admin_users,
+ autosign_subnets = obj.autosign_subnets,
+ request_subnets = obj.request_subnets,
+ admin_subnets=obj.admin_subnets,
+ requests=obj.get_requests(),
+ signed=obj.get_signed(),
+ revoked=obj.get_revoked()
+ )
+ if hasattr(obj, "serialize"):
+ return obj.serialize()
return json.JSONEncoder.default(self, obj)
@@ -94,7 +134,7 @@ def serialize(func):
resp.set_header("Pragma", "no-cache");
resp.set_header("Expires", "0");
r = func(instance, req, resp, **kwargs)
- if not resp.body:
+ if resp.body is None:
if not req.client_accepts_json:
raise falcon.HTTPUnsupportedMediaType(
"This API only supports the JSON media type.",
@@ -118,6 +158,9 @@ def templatize(path):
resp.set_header("Pragma", "no-cache");
resp.set_header("Expires", "0");
resp.set_header("Content-Type", "application/json")
+ r.pop("req")
+ r.pop("resp")
+ r.pop("user")
resp.body = json.dumps(r, cls=MyEncoder)
return r
else:
@@ -174,7 +217,7 @@ class SignedCertificateListResource(CertificateAuthorityBase):
l=j.city,
o=j.organization,
ou=j.organizational_unit,
- fingerprint=j.fingerprint)
+ fingerprint=j.fingerprint())
class RequestDetailResource(CertificateAuthorityBase):
@@ -330,13 +373,22 @@ class CertificateAuthorityResource(CertificateAuthorityBase):
resp.append_header("Content-Disposition", "attachment; filename=%s.crt" % ca.slug)
class IndexResource(CertificateAuthorityBase):
+ @serialize
@login_required
@pop_certificate_authority
@authorize_admin
@event_source
- @templatize("index.html")
def on_get(self, req, resp, ca, user):
- return locals()
+ return ca
+
+class AuthorityListResource(CertificateAuthorityBase):
+ @serialize
+ @login_required
+ def on_get(self, req, resp, user):
+ return dict(
+ authorities=(self.config.ca_list), # TODO: Check if user is CA admin
+ username=user[0]
+ )
class ApplicationConfigurationResource(CertificateAuthorityBase):
@pop_certificate_authority
@@ -377,14 +429,16 @@ class StaticResource(object):
if not path.startswith(self.root):
raise falcon.HTTPForbidden
+ if os.path.isdir(path):
+ path = os.path.join(path, "index.html")
print("Serving:", path)
+
if os.path.exists(path):
content_type, content_encoding = mimetypes.guess_type(path)
if content_type:
resp.append_header("Content-Type", content_type)
if content_encoding:
resp.append_header("Content-Encoding", content_encoding)
- resp.append_header("Content-Disposition", "attachment")
resp.stream = open(path, "rb")
else:
resp.status = falcon.HTTP_404
@@ -396,14 +450,14 @@ def certidude_app():
config = CertificateAuthorityConfig()
app = falcon.API()
- app.add_route("/api/{ca}/ocsp/", CertificateStatusResource(config))
- app.add_route("/api/{ca}/signed/{cn}/openvpn", ApplicationConfigurationResource(config))
- app.add_route("/api/{ca}/certificate/", CertificateAuthorityResource(config))
- app.add_route("/api/{ca}/revoked/", RevocationListResource(config))
- app.add_route("/api/{ca}/signed/{cn}/", SignedCertificateDetailResource(config))
- app.add_route("/api/{ca}/signed/", SignedCertificateListResource(config))
- app.add_route("/api/{ca}/request/{cn}/", RequestDetailResource(config))
- app.add_route("/api/{ca}/request/", RequestListResource(config))
- app.add_route("/api/{ca}/", IndexResource(config))
-
+ app.add_route("/api/ca/{ca}/ocsp/", CertificateStatusResource(config))
+ app.add_route("/api/ca/{ca}/signed/{cn}/openvpn", ApplicationConfigurationResource(config))
+ app.add_route("/api/ca/{ca}/certificate/", CertificateAuthorityResource(config))
+ app.add_route("/api/ca/{ca}/revoked/", RevocationListResource(config))
+ app.add_route("/api/ca/{ca}/signed/{cn}/", SignedCertificateDetailResource(config))
+ app.add_route("/api/ca/{ca}/signed/", SignedCertificateListResource(config))
+ app.add_route("/api/ca/{ca}/request/{cn}/", RequestDetailResource(config))
+ app.add_route("/api/ca/{ca}/request/", RequestListResource(config))
+ app.add_route("/api/ca/{ca}/", IndexResource(config))
+ app.add_route("/api/ca/", AuthorityListResource(config))
return app
diff --git a/certidude/static/authority.html b/certidude/static/authority.html
new file mode 100644
index 0000000..9615696
--- /dev/null
+++ b/certidude/static/authority.html
@@ -0,0 +1,82 @@
+{{authority.slug}} management
+
+Hi {{session.username}},
+
+Request submission is allowed from: {% if authority.request_subnets %}{% for i in authority.request_subnets %}{{ i }} {% endfor %}{% else %}anywhere{% endif %}
+Autosign is allowed from: {% if authority.autosign_subnets %}{% for i in authority.autosign_subnets %}{{ i }} {% endfor %}{% else %}nowhere{% endif %}
+Authority administration is allowed from: {% if authority.admin_subnets %}{% for i in authority.admin_subnets %}{{ i }} {% endfor %}{% else %}anywhere{% endif %}
+
Authority administration allowed for: {% for i in authority.admin_users %}{{ i }} {% endfor %}
+
+{% set s = authority.certificate.subject %}
+
+Pending requests
+
+
+ {% for j in authority.requests %}
+ {% include "request.html" %}
+ {% else %}
+ Great job! No certificate signing requests to sign.
+ {% endfor %}
+
+
+Signed certificates
+
+
+ {% for j in authority.signed | sort | reverse %}
+
+ Fetch
+ Revoke
+
+
+ {% include 'iconmonstr-certificate-15-icon.svg' %}
+ {{j.subject}}
+
+
+ {% if j.email_address %}
+ {% include 'iconmonstr-email-2-icon.svg' %} {{ j.email_address }}
+ {% endif %}
+
+
+ {% include 'iconmonstr-key-2-icon.svg' %}
+
+ {{ j.sha256sum }}
+
+ {{ j.key_length }}-bit
+ {{ j.key_type }}
+
+
+
+ {% include 'iconmonstr-flag-3-icon.svg' %}
+ {{j.key_usage}}
+
+
+
+
+ {% endfor %}
+
+
+Revoked certificates
+
+To fetch certificate revocation list:
+
+curl {{request.url}}/revoked/ | openssl crl -text -noout
+
+
+
+ {% for j in authority.revoked %}
+
+ {{j.changed}}
+ {{j.serial_number}} {{j.distinguished_name}}
+
+ {% else %}
+ Great job! No certificate signing requests to sign.
+ {% endfor %}
+
+
diff --git a/certidude/static/css/style.css b/certidude/static/css/style.css
index 49e18be..5414c59 100644
--- a/certidude/static/css/style.css
+++ b/certidude/static/css/style.css
@@ -1,3 +1,24 @@
+@font-face {
+ font-family: 'PT Sans Narrow';
+ font-style: normal;
+ font-weight: 400;
+ src: local('PT Sans Narrow'), local('PTSans-Narrow'), url('../fonts/pt-sans.woff2') format('woff2');
+}
+
+@font-face {
+ font-family: 'Ubuntu Mono';
+ font-style: normal;
+ font-weight: 400;
+ src: local('Ubuntu Mono'), local('UbuntuMono-Regular'), url('../fonts/ubuntu-mono.woff2') format('woff2');
+}
+
+@font-face {
+ font-family: 'Gentium Basic';
+ font-style: normal;
+ font-weight: 400;
+ src: local('Gentium Basic'), local('GentiumBasic'), url('../fonts/gentium-basic.woff2') format('woff2');
+}
+
svg {
position: relative;
top: 0.5em;
@@ -55,7 +76,7 @@ html,body {
body {
background: #222;
- background-image: url('//fc00.deviantart.net/fs71/i/2013/078/9/6/free_hexa_pattern_cc0_by_black_light_studio-d4ig12f.png');
+ background-image: url('../img/free_hexa_pattern_cc0_by_black_light_studio.png');
background-position: center;
}
diff --git a/certidude/static/fonts/gentium-basic.woff2 b/certidude/static/fonts/gentium-basic.woff2
new file mode 100644
index 0000000..917e1de
Binary files /dev/null and b/certidude/static/fonts/gentium-basic.woff2 differ
diff --git a/certidude/static/fonts/pt-sans.woff2 b/certidude/static/fonts/pt-sans.woff2
new file mode 100644
index 0000000..299b6c6
Binary files /dev/null and b/certidude/static/fonts/pt-sans.woff2 differ
diff --git a/certidude/static/fonts/ubuntu-mono.woff2 b/certidude/static/fonts/ubuntu-mono.woff2
new file mode 100644
index 0000000..42fed3d
Binary files /dev/null and b/certidude/static/fonts/ubuntu-mono.woff2 differ
diff --git a/certidude/static/iconmonstr-certificate-15-icon.svg b/certidude/static/iconmonstr-certificate-15-icon.svg
new file mode 100644
index 0000000..8b27cec
--- /dev/null
+++ b/certidude/static/iconmonstr-certificate-15-icon.svg
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
diff --git a/certidude/static/iconmonstr-email-2-icon.svg b/certidude/static/iconmonstr-email-2-icon.svg
new file mode 100644
index 0000000..258086e
--- /dev/null
+++ b/certidude/static/iconmonstr-email-2-icon.svg
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/certidude/static/iconmonstr-flag-3-icon.svg b/certidude/static/iconmonstr-flag-3-icon.svg
new file mode 100644
index 0000000..8e12498
--- /dev/null
+++ b/certidude/static/iconmonstr-flag-3-icon.svg
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
diff --git a/certidude/static/iconmonstr-key-2-icon.svg b/certidude/static/iconmonstr-key-2-icon.svg
new file mode 100644
index 0000000..1301a5c
--- /dev/null
+++ b/certidude/static/iconmonstr-key-2-icon.svg
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
diff --git a/certidude/static/iconmonstr-time-13-icon.svg b/certidude/static/iconmonstr-time-13-icon.svg
new file mode 100644
index 0000000..189521b
--- /dev/null
+++ b/certidude/static/iconmonstr-time-13-icon.svg
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
diff --git a/certidude/static/img/free_hexa_pattern_cc0_by_black_light_studio.png b/certidude/static/img/free_hexa_pattern_cc0_by_black_light_studio.png
new file mode 100644
index 0000000..8c5c542
Binary files /dev/null and b/certidude/static/img/free_hexa_pattern_cc0_by_black_light_studio.png differ
diff --git a/certidude/static/index.html b/certidude/static/index.html
new file mode 100644
index 0000000..50bbf5a
--- /dev/null
+++ b/certidude/static/index.html
@@ -0,0 +1,24 @@
+
+
+
+ Certidude server
+
+ Loading certificate authority...
+
+
+
+
+
+
+
diff --git a/certidude/static/js/certidude.js b/certidude/static/js/certidude.js
index 446a4f2..ae6f1c5 100644
--- a/certidude/static/js/certidude.js
+++ b/certidude/static/js/certidude.js
@@ -1,30 +1,56 @@
$(document).ready(function() {
- console.info("Opening EventSource from:", window.location.href);
+ console.info("Loading CA, to debug: curl " + window.location.href + " --negotiate -u : -H 'Accept: application/json'");
- var source = new EventSource(window.location.href);
+ $.ajax({
+ method: "GET",
+ url: "/api/ca/",
+ dataType: "json",
+ success: function(session, status, xhr) {
+ console.info("Loaded CA list:", session);
- source.onmessage = function(event) {
- console.log("Received server-sent event:", event);
- }
+ if (!session.authorities) {
+ alert("No certificate authorities to manage! Have you created one yet?");
+ return;
+ }
- source.addEventListener("request_deleted", function(e) {
- console.log("Removing deleted request #" + e.data);
- $("#request_" + e.data).remove();
+ $.ajax({
+ method: "GET",
+ url: "/api/ca/" + session.authorities[0],
+ dataType: "json",
+ success: function(authority, status, xhr) {
+ console.info("Got CA:", authority);
+
+ console.info("Opening EventSource from:", "/api/ca/" + authority.slug);
+
+ var source = new EventSource("/api/" + authority.slug);
+
+ source.onmessage = function(event) {
+ console.log("Received server-sent event:", event);
+ }
+
+ source.addEventListener("request_deleted", function(e) {
+ console.log("Removing deleted request #" + e.data);
+ $("#request_" + e.data).remove();
+ });
+
+ source.addEventListener("request_submitted", function(e) {
+ console.log("Request submitted:", e.data);
+ });
+
+ source.addEventListener("request_signed", function(e) {
+ console.log("Request signed:", e.data);
+ $("#request_" + e.data).remove();
+ // TODO: Insert to signed certs list
+ });
+
+ source.addEventListener("certificate_revoked", function(e) {
+ console.log("Removing revoked certificate #" + e.data);
+ $("#certificate_" + e.data).remove();
+ });
+
+ $("#container").html(nunjucks.render('authority.html', { authority: authority, session: session }));
+ }
+ });
+ }
});
-
- source.addEventListener("request_submitted", function(e) {
- console.log("Request submitted:", e.data);
- });
-
- source.addEventListener("request_signed", function(e) {
- console.log("Request signed:", e.data);
- $("#request_" + e.data).remove();
- // TODO: Insert to signed certs list
- });
-
- source.addEventListener("certificate_revoked", function(e) {
- console.log("Removing revoked certificate #" + e.data);
- $("#certificate_" + e.data).remove();
- });
-
});
diff --git a/certidude/static/js/nunjucks.min.js b/certidude/static/js/nunjucks.min.js
new file mode 100644
index 0000000..0e7c3ee
--- /dev/null
+++ b/certidude/static/js/nunjucks.min.js
@@ -0,0 +1,4 @@
+/*! Browser bundle of nunjucks 2.1.0 */
+var nunjucks=function(e){function t(i){if(n[i])return n[i].exports;var r=n[i]={exports:{},id:i,loaded:!1};return e[i].call(r.exports,r,r.exports,t),r.loaded=!0,r.exports}var n={};return t.m=e,t.c=n,t.p="",t(0)}([function(e,t,n){"use strict";var i=n(4),r=n(10),s=n(15),o=n(14),a=n(3);e.exports={},e.exports.Environment=r.Environment,e.exports.Template=r.Template,e.exports.Loader=s,e.exports.FileSystemLoader=o.FileSystemLoader,e.exports.PrecompiledLoader=o.PrecompiledLoader,e.exports.WebLoader=o.WebLoader,e.exports.compiler=n(1),e.exports.parser=n(6),e.exports.lexer=n(7),e.exports.runtime=n(9),e.exports.lib=i,e.exports.installJinjaCompat=n(18);var l;e.exports.configure=function(e,t){t=t||{},i.isObject(e)&&(t=e,e=null);var n;return o.FileSystemLoader?n=new o.FileSystemLoader(e,{watch:t.watch,noCache:t.noCache}):o.WebLoader&&(n=new o.WebLoader(e,{useCache:t.web&&t.web.useCache,async:t.web&&t.web.async})),l=new r.Environment(n,t),t&&t.express&&l.express(t.express),l},e.exports.compile=function(t,n,i,r){return l||e.exports.configure(),new e.exports.Template(t,n,i,r)},e.exports.render=function(t,n,i){return l||e.exports.configure(),l.render(t,n,i)},e.exports.renderString=function(t,n,i){return l||e.exports.configure(),l.renderString(t,n,i)},a&&(e.exports.precompile=a.precompile,e.exports.precompileString=a.precompileString)},function(e,t,n){"use strict";function i(e){return function(t,n){this.compile(t.left,n),this.emit(e),this.compile(t.right,n)}}var r=n(4),s=n(6),o=n(8),a=n(2),l=n(5),c=n(9).Frame,h={"==":"==","!=":"!=","<":"<",">":">","<=":"<=",">=":">="},u=l.extend({init:function(e,t){this.templateName=e,this.codebuf=[],this.lastId=0,this.buffer=null,this.bufferStack=[],this.scopeClosers="",this.inBlock=!1,this.throwOnUndefined=t},fail:function(e,t,n){throw void 0!==t&&(t+=1),void 0!==n&&(n+=1),new r.TemplateError(e,t,n)},pushBufferId:function(e){this.bufferStack.push(this.buffer),this.buffer=e,this.emit("var "+this.buffer+' = "";')},popBufferId:function(){this.buffer=this.bufferStack.pop()},emit:function(e){this.codebuf.push(e)},emitLine:function(e){this.emit(e+"\n")},emitLines:function(){r.each(r.toArray(arguments),function(e){this.emitLine(e)},this)},emitFuncBegin:function(e){this.buffer="output",this.scopeClosers="",this.emitLine("function "+e+"(env, context, frame, runtime, cb) {"),this.emitLine("var lineno = null;"),this.emitLine("var colno = null;"),this.emitLine("var "+this.buffer+' = "";'),this.emitLine("try {")},emitFuncEnd:function(e){e||this.emitLine("cb(null, "+this.buffer+");"),this.closeScopeLevels(),this.emitLine("} catch (e) {"),this.emitLine(" cb(runtime.handleError(e, lineno, colno));"),this.emitLine("}"),this.emitLine("}"),this.buffer=null},addScopeLevel:function(){this.scopeClosers+="})"},closeScopeLevels:function(){this.emitLine(this.scopeClosers+";"),this.scopeClosers=""},withScopedSyntax:function(e){var t=this.scopeClosers;this.scopeClosers="",e.call(this),this.closeScopeLevels(),this.scopeClosers=t},makeCallback:function(e){var t=this.tmpid();return"function("+t+(e?","+e:"")+") {\nif("+t+") { cb("+t+"); return; }"},tmpid:function(){return this.lastId++,"t_"+this.lastId},_templateName:function(){return null==this.templateName?"undefined":JSON.stringify(this.templateName)},_compileChildren:function(e,t){for(var n=e.children,i=0,r=n.length;r>i;i++)this.compile(n[i],t)},_compileAggregate:function(e,t,n,i){n&&this.emit(n);for(var r=0;r0&&this.emit(","),this.compile(e.children[r],t);i&&this.emit(i)},_compileExpression:function(e,t){this.assertType(e,a.Literal,a.Symbol,a.Group,a.Array,a.Dict,a.FunCall,a.Caller,a.Filter,a.LookupVal,a.Compare,a.InlineIf,a.In,a.And,a.Or,a.Not,a.Add,a.Concat,a.Sub,a.Mul,a.Div,a.FloorDiv,a.Mod,a.Pow,a.Neg,a.Pos,a.Compare,a.NodeList),this.compile(e,t)},assertType:function(e){for(var t=r.toArray(arguments).slice(1),n=!1,i=0;i0&&this.emit(","),e){var i=this.tmpid();this.emitLine("function(cb) {"),this.emitLine("if(!cb) { cb = function(err) { if(err) { throw err; }}}"),this.pushBufferId(i),this.withScopedSyntax(function(){this.compile(e,t),this.emitLine("cb(null, "+i+");")}),this.popBufferId(),this.emitLine("return "+i+";"),this.emitLine("}")}else this.emit("null")},this),n){var l=this.tmpid();this.emitLine(", "+this.makeCallback(l)),this.emitLine(this.buffer+" += runtime.suppressValue("+l+", "+o+" && env.opts.autoescape);"),this.addScopeLevel()}else this.emit(")"),this.emit(", "+o+" && env.opts.autoescape);\n")},compileCallExtensionAsync:function(e,t){this.compileCallExtension(e,t,!0)},compileNodeList:function(e,t){this._compileChildren(e,t)},compileLiteral:function(e){if("string"==typeof e.value){var t=e.value.replace(/\\/g,"\\\\");t=t.replace(/"/g,'\\"'),t=t.replace(/\n/g,"\\n"),t=t.replace(/\r/g,"\\r"),t=t.replace(/\t/g,"\\t"),this.emit('"'+t+'"')}else null===e.value?this.emit("null"):this.emit(e.value.toString())},compileSymbol:function(e,t){var n,i=e.value;(n=t.lookup(i))?this.emit(n):this.emit('runtime.contextOrFrameLookup(context, frame, "'+i+'")')},compileGroup:function(e,t){this._compileAggregate(e,t,"(",")")},compileArray:function(e,t){this._compileAggregate(e,t,"[","]")},compileDict:function(e,t){this._compileAggregate(e,t,"{","}")},compilePair:function(e,t){var n=e.key,i=e.value;n instanceof a.Symbol?n=new a.Literal(n.lineno,n.colno,n.value):n instanceof a.Literal&&"string"==typeof n.value||this.fail("compilePair: Dict keys must be strings or names",n.lineno,n.colno),this.compile(n,t),this.emit(": "),this._compileExpression(i,t)},compileInlineIf:function(e,t){this.emit("("),this.compile(e.cond,t),this.emit("?"),this.compile(e.body,t),this.emit(":"),null!==e.else_?this.compile(e.else_,t):this.emit('""'),this.emit(")")},compileIn:function(e,t){this.emit("("),this.compile(e.right,t),this.emit(".indexOf("),this.compile(e.left,t),this.emit(") !== -1)")},compileOr:i(" || "),compileAnd:i(" && "),compileAdd:i(" + "),compileConcat:i(' + "" + '),compileSub:i(" - "),compileMul:i(" * "),compileDiv:i(" / "),compileMod:i(" % "),compileNot:function(e,t){this.emit("!"),this.compile(e.target,t)},compileFloorDiv:function(e,t){this.emit("Math.floor("),this.compile(e.left,t),this.emit(" / "),this.compile(e.right,t),this.emit(")")},compilePow:function(e,t){this.emit("Math.pow("),this.compile(e.left,t),this.emit(", "),this.compile(e.right,t),this.emit(")")},compileNeg:function(e,t){this.emit("-"),this.compile(e.target,t)},compilePos:function(e,t){this.emit("+"),this.compile(e.target,t)},compileCompare:function(e,t){this.compile(e.expr,t);for(var n=0;n0||!i))for(var o=0;n>o;o++)t.stdout.write(" ");s===r.length-1?t.stdout.write(r[s]):t.stdout.write(r[s]+"\n")}}if(n=n||0,i(e.typename+": ",n),e instanceof c)i("\n"),s.each(e.children,function(e){r(e,n+2)});else if(e instanceof re)i(e.extName+"."+e.prop),i("\n"),e.args&&r(e.args,n+2),e.contentArgs&&s.each(e.contentArgs,function(e){r(e,n+2)});else{var o=null,l=null;if(e.iterFields(function(e,t){e instanceof a?(o=o||{},o[t]=e):(l=l||{},l[t]=e)}),l?i(JSON.stringify(l,null,2)+"\n",null,!0):i("\n"),o)for(var h in o)r(o[h],n+2)}}var s=n(4),o=n(5),a=o.extend("Node",{init:function(e,t){this.lineno=e,this.colno=t;for(var n=this.fields,i=0,r=n.length;r>i;i++){var s=n[i],o=arguments[i+2];void 0===o&&(o=null),this[s]=o}},findAll:function(e,t){t=t||[];var n,r;if(this instanceof c){var s=this.children;for(n=0,r=s.length;r>n;n++)i(s[n],e,t)}else{var o=this.fields;for(n=0,r=o.length;r>n;n++)i(this[o[n]],e,t)}return t},iterFields:function(e){s.each(this.fields,function(t){e(this[t],t)},this)}}),l=a.extend("Value",{fields:["value"]}),c=a.extend("NodeList",{fields:["children"],init:function(e,t,n){this.parent(e,t,n||[])},addChild:function(e){this.children.push(e)}}),h=c.extend("Root"),u=l.extend("Literal"),p=l.extend("Symbol"),f=c.extend("Group"),m=c.extend("Array"),d=a.extend("Pair",{fields:["key","value"]}),v=c.extend("Dict"),g=a.extend("LookupVal",{fields:["target","val"]}),y=a.extend("If",{fields:["cond","body","else_"]}),k=y.extend("IfAsync"),x=a.extend("InlineIf",{fields:["cond","body","else_"]}),b=a.extend("For",{fields:["arr","name","body","else_"]}),E=b.extend("AsyncEach"),w=b.extend("AsyncAll"),T=a.extend("Macro",{fields:["name","args","body"]}),L=T.extend("Caller"),_=a.extend("Import",{fields:["template","target","withContext"]}),O=a.extend("FromImport",{fields:["template","names","withContext"],init:function(e,t,n,i,r){this.parent(e,t,n,i||new c,r)}}),A=a.extend("FunCall",{fields:["name","args"]}),S=A.extend("Filter"),N=S.extend("FilterAsync",{fields:["name","args","symbol"]}),C=v.extend("KeywordArgs"),B=a.extend("Block",{fields:["name","body"]}),F=a.extend("Super",{fields:["blockName","symbol"]}),R=a.extend("TemplateRef",{fields:["template"]}),K=R.extend("Extends"),I=R.extend("Include"),M=a.extend("Set",{fields:["targets","value"]}),P=c.extend("Output"),D=u.extend("TemplateData"),V=a.extend("UnaryOp",{fields:["target"]}),j=a.extend("BinOp",{fields:["left","right"]}),U=j.extend("In"),W=j.extend("Or"),G=j.extend("And"),Y=V.extend("Not"),H=j.extend("Add"),$=j.extend("Concat"),z=j.extend("Sub"),X=j.extend("Mul"),q=j.extend("Div"),J=j.extend("FloorDiv"),Q=j.extend("Mod"),Z=j.extend("Pow"),ee=V.extend("Neg"),te=V.extend("Pos"),ne=a.extend("Compare",{fields:["expr","ops"]}),ie=a.extend("CompareOperand",{fields:["expr","type"]}),re=a.extend("CallExtension",{fields:["extName","prop","args","contentArgs"],init:function(e,t,n,i){this.extName=e._name||e,this.prop=t,this.args=n||new c,this.contentArgs=i||[],this.autoescape=e.autoescape}}),se=re.extend("CallExtensionAsync");e.exports={Node:a,Root:h,NodeList:c,Value:l,Literal:u,Symbol:p,Group:f,Array:m,Pair:d,Dict:v,Output:P,TemplateData:D,If:y,IfAsync:k,InlineIf:x,For:b,AsyncEach:E,AsyncAll:w,Macro:T,Caller:L,Import:_,FromImport:O,FunCall:A,Filter:S,FilterAsync:N,KeywordArgs:C,Block:B,Super:F,Extends:K,Include:I,Set:M,LookupVal:g,BinOp:j,In:U,Or:W,And:G,Not:Y,Add:H,Concat:$,Sub:z,Mul:X,Div:q,FloorDiv:J,Mod:Q,Pow:Z,Neg:ee,Pos:te,Compare:ne,CompareOperand:ie,CallExtension:re,CallExtensionAsync:se,printNodes:r}}).call(t,n(3))},function(e,t){},function(e,t){"use strict";var n=Array.prototype,i=Object.prototype,r={"&":"&",'"':""","'":"'","<":"<",">":">"},s=/[&"'<>]/g,o=function(e){return r[e]},t=e.exports={};t.prettifyError=function(e,n,i){if(i.Update||(i=new t.TemplateError(i)),i.Update(e),!n){var r=i;i=new Error(r.message),i.name=r.name}return i},t.TemplateError=function(e,t,n){var i=this;if(e instanceof Error){i=e,e=e.name+": "+e.message;try{i.name=""}catch(r){i=this}}else Error.captureStackTrace&&Error.captureStackTrace(i);return i.name="Template render error",i.message=e,i.lineno=t,i.colno=n,i.firstUpdate=!0,i.Update=function(e){var t="("+(e||"unknown path")+")";return this.firstUpdate&&(this.lineno&&this.colno?t+=" [Line "+this.lineno+", Column "+this.colno+"]":this.lineno&&(t+=" [Line "+this.lineno+"]")),t+="\n ",this.firstUpdate&&(t+=" "),this.message=t+(this.message||""),this.firstUpdate=!1,this},i},t.TemplateError.prototype=Error.prototype,t.escape=function(e){return e.replace(s,o)},t.isFunction=function(e){return"[object Function]"===i.toString.call(e)},t.isArray=Array.isArray||function(e){return"[object Array]"===i.toString.call(e)},t.isString=function(e){return"[object String]"===i.toString.call(e)},t.isObject=function(e){return"[object Object]"===i.toString.call(e)},t.groupBy=function(e,n){for(var i={},r=t.isFunction(n)?n:function(e){return e[n]},s=0;si;i++)n+=e;return n},t.each=function(e,t,i){if(null!=e)if(n.each&&e.each===n.each)e.forEach(t,i);else if(e.length===+e.length)for(var r=0,s=e.length;s>r;r++)t.call(i,e[r],r,e)},t.map=function(e,t){var i=[];if(null==e)return i;if(n.map&&e.map===n.map)return e.map(t);for(var r=0;ra?n(t,e[t],a,o,r):i()}var s=t.keys(e),o=s.length,a=-1;r()},t.indexOf=Array.prototype.indexOf?function(e,t,n){return Array.prototype.indexOf.call(e,t,n)}:function(e,t,n){var i=this.length>>>0;for(n=+n||0,Math.abs(n)===1/0&&(n=0),0>n&&(n+=i,0>n&&(n=0));i>n;n++)if(e[n]===t)return n;return-1},Array.prototype.map||(Array.prototype.map=function(){throw new Error("map is unimplemented for this js engine")}),t.keys=function(e){if(Object.prototype.keys)return e.keys();var t=[];for(var n in e)e.hasOwnProperty(n)&&t.push(n);return t}},function(e,t){"use strict";function n(e,t,i){var r=function(){};r.prototype=e.prototype;var s=new r,o=/xyz/.test(function(){xyz})?/\bparent\b/:/.*/;i=i||{};for(var a in i){var l=i[a],c=s[a];"function"==typeof c&&"function"==typeof l&&o.test(l)?s[a]=function(e,t){return function(){var n=this.parent;this.parent=t;var i=e.apply(this,arguments);return this.parent=n,i}}(l,c):s[a]=l}s.typename=t;var h=function(){s.init&&s.init.apply(this,arguments)};return h.prototype=s,h.prototype.constructor=h,h.extend=function(e,t){return"object"==typeof e&&(t=e,e="anonymous"),n(h,e,t)},h}e.exports=n(Object,"Object",{})},function(e,t,n){"use strict";var i=n(7),r=n(2),s=n(5),o=n(4),a=s.extend({init:function(e){this.tokens=e,this.peeked=null,this.breakOnBlocks=null,this.dropLeadingWhitespace=!1,this.extensions=[]},nextToken:function(e){var t;if(this.peeked){if(e||this.peeked.type!==i.TOKEN_WHITESPACE)return t=this.peeked,this.peeked=null,t;this.peeked=null}if(t=this.tokens.nextToken(),!e)for(;t&&t.type===i.TOKEN_WHITESPACE;)t=this.tokens.nextToken();return t},peekToken:function(){return this.peeked=this.peeked||this.nextToken(),this.peeked},pushToken:function(e){if(this.peeked)throw new Error("pushToken: can only push one token on between reads");this.peeked=e},fail:function(e,t,n){if((void 0===t||void 0===n)&&this.peekToken()){var i=this.peekToken();t=i.lineno,n=i.colno}throw void 0!==t&&(t+=1),void 0!==n&&(n+=1),new o.TemplateError(e,t,n)},skip:function(e){var t=this.nextToken();return t&&t.type===e?!0:(this.pushToken(t),!1)},expect:function(e){var t=this.nextToken();return t.type!==e&&this.fail("expected "+e+", got "+t.type,t.lineno,t.colno),t},skipValue:function(e,t){var n=this.nextToken();return n&&n.type===e&&n.value===t?!0:(this.pushToken(n),!1)},skipSymbol:function(e){return this.skipValue(i.TOKEN_SYMBOL,e)},advanceAfterBlockEnd:function(e){var t;return e||(t=this.peekToken(),t||this.fail("unexpected end of file"),t.type!==i.TOKEN_SYMBOL&&this.fail("advanceAfterBlockEnd: expected symbol token or explicit name to be passed"),e=this.nextToken().value),t=this.nextToken(),t&&t.type===i.TOKEN_BLOCK_END?"-"===t.value.charAt(0)&&(this.dropLeadingWhitespace=!0):this.fail("expected block end in "+e+" statement"),t},advanceAfterVariableEnd:function(){this.skip(i.TOKEN_VARIABLE_END)||this.fail("expected variable end")},parseFor:function(){var e,t,n=this.peekToken();this.skipSymbol("for")?(e=new r.For(n.lineno,n.colno),t="endfor"):this.skipSymbol("asyncEach")?(e=new r.AsyncEach(n.lineno,n.colno),t="endeach"):this.skipSymbol("asyncAll")?(e=new r.AsyncAll(n.lineno,n.colno),t="endall"):this.fail("parseFor: expected for{Async}",n.lineno,n.colno),e.name=this.parsePrimary(),e.name instanceof r.Symbol||this.fail("parseFor: variable name expected for loop");var s=this.peekToken().type;if(s===i.TOKEN_COMMA){var o=e.name;for(e.name=new r.Array(o.lineno,o.colno),e.name.addChild(o);this.skip(i.TOKEN_COMMA);){var a=this.parsePrimary();e.name.addChild(a)}}return this.skipSymbol("in")||this.fail('parseFor: expected "in" keyword for loop',n.lineno,n.colno),e.arr=this.parseExpression(),this.advanceAfterBlockEnd(n.value),e.body=this.parseUntilBlocks(t,"else"),this.skipSymbol("else")&&(this.advanceAfterBlockEnd("else"),e.else_=this.parseUntilBlocks(t)),this.advanceAfterBlockEnd(),e},parseMacro:function(){var e=this.peekToken();this.skipSymbol("macro")||this.fail("expected macro");var t=this.parsePrimary(!0),n=this.parseSignature(),i=new r.Macro(e.lineno,e.colno,t,n);return this.advanceAfterBlockEnd(e.value),i.body=this.parseUntilBlocks("endmacro"),this.advanceAfterBlockEnd(),i},parseCall:function(){var e=this.peekToken();this.skipSymbol("call")||this.fail("expected call");var t=this.parseSignature(!0)||new r.NodeList,n=this.parsePrimary();this.advanceAfterBlockEnd(e.value);var i=this.parseUntilBlocks("endcall");this.advanceAfterBlockEnd();var s=new r.Symbol(e.lineno,e.colno,"caller"),o=new r.Caller(e.lineno,e.colno,s,t,i),a=n.args.children;a[a.length-1]instanceof r.KeywordArgs||a.push(new r.KeywordArgs);var l=a[a.length-1];return l.addChild(new r.Pair(e.lineno,e.colno,s,o)),new r.Output(e.lineno,e.colno,[n])},parseWithContext:function(){var e=this.peekToken(),t=null;return this.skipSymbol("with")?t=!0:this.skipSymbol("without")&&(t=!1),null!==t&&(this.skipSymbol("context")||this.fail("parseFrom: expected context after with/without",e.lineno,e.colno)),t},parseImport:function(){var e=this.peekToken();this.skipSymbol("import")||this.fail("parseImport: expected import",e.lineno,e.colno);var t=this.parseExpression();this.skipSymbol("as")||this.fail('parseImport: expected "as" keyword',e.lineno,e.colno);var n=this.parsePrimary(),i=this.parseWithContext(),s=new r.Import(e.lineno,e.colno,t,n,i);return this.advanceAfterBlockEnd(e.value),s},parseFrom:function(){var e=this.peekToken();this.skipSymbol("from")||this.fail("parseFrom: expected from");var t=this.parsePrimary();this.skipSymbol("import")||this.fail("parseFrom: expected import",e.lineno,e.colno);for(var n,s=new r.NodeList;;){var o=this.peekToken();if(o.type===i.TOKEN_BLOCK_END){s.children.length||this.fail("parseFrom: Expected at least one import name",e.lineno,e.colno),"-"===o.value.charAt(0)&&(this.dropLeadingWhitespace=!0),this.nextToken();break}s.children.length>0&&!this.skip(i.TOKEN_COMMA)&&this.fail("parseFrom: expected comma",e.lineno,e.colno);var a=this.parsePrimary();if("_"===a.value.charAt(0)&&this.fail("parseFrom: names starting with an underscore cannot be imported",a.lineno,a.colno),this.skipSymbol("as")){var l=this.parsePrimary();s.addChild(new r.Pair(a.lineno,a.colno,a,l))}else s.addChild(a);n=this.parseWithContext()}return new r.FromImport(e.lineno,e.colno,t,s,n)},parseBlock:function(){var e=this.peekToken();this.skipSymbol("block")||this.fail("parseBlock: expected block",e.lineno,e.colno);var t=new r.Block(e.lineno,e.colno);return t.name=this.parsePrimary(),t.name instanceof r.Symbol||this.fail("parseBlock: variable name expected",e.lineno,e.colno),this.advanceAfterBlockEnd(e.value),t.body=this.parseUntilBlocks("endblock"),this.peekToken()||this.fail("parseBlock: expected endblock, got end of file"),this.advanceAfterBlockEnd(),t},parseTemplateRef:function(e,t){var n=this.peekToken();this.skipSymbol(e)||this.fail("parseTemplateRef: expected "+e);var i=new t(n.lineno,n.colno);return i.template=this.parseExpression(),this.advanceAfterBlockEnd(n.value),i},parseExtends:function(){return this.parseTemplateRef("extends",r.Extends);
+},parseInclude:function(){return this.parseTemplateRef("include",r.Include)},parseIf:function(){var e,t=this.peekToken();this.skipSymbol("if")||this.skipSymbol("elif")?e=new r.If(t.lineno,t.colno):this.skipSymbol("ifAsync")?e=new r.IfAsync(t.lineno,t.colno):this.fail("parseIf: expected if or elif",t.lineno,t.colno),e.cond=this.parseExpression(),this.advanceAfterBlockEnd(t.value),e.body=this.parseUntilBlocks("elif","else","endif");var n=this.peekToken();switch(n&&n.value){case"elif":e.else_=this.parseIf();break;case"else":this.advanceAfterBlockEnd(),e.else_=this.parseUntilBlocks("endif"),this.advanceAfterBlockEnd();break;case"endif":e.else_=null,this.advanceAfterBlockEnd();break;default:this.fail("parseIf: expected endif, else, or endif, got end of file")}return e},parseSet:function(){var e=this.peekToken();this.skipSymbol("set")||this.fail("parseSet: expected set",e.lineno,e.colno);for(var t,n=new r.Set(e.lineno,e.colno,[]);(t=this.parsePrimary())&&(n.targets.push(t),this.skip(i.TOKEN_COMMA)););return this.skipValue(i.TOKEN_OPERATOR,"=")||this.fail("parseSet: expected = in set tag",e.lineno,e.colno),n.value=this.parseExpression(),this.advanceAfterBlockEnd(e.value),n},parseStatement:function(){var e,t=this.peekToken();if(t.type!==i.TOKEN_SYMBOL&&this.fail("tag name expected",t.lineno,t.colno),this.breakOnBlocks&&-1!==o.indexOf(this.breakOnBlocks,t.value))return null;switch(t.value){case"raw":return this.parseRaw();case"if":case"ifAsync":return this.parseIf();case"for":case"asyncEach":case"asyncAll":return this.parseFor();case"block":return this.parseBlock();case"extends":return this.parseExtends();case"include":return this.parseInclude();case"set":return this.parseSet();case"macro":return this.parseMacro();case"call":return this.parseCall();case"import":return this.parseImport();case"from":return this.parseFrom();case"filter":return this.parseFilterStatement();default:if(this.extensions.length)for(var n=0;n0;){var o=i[0],a=i[1],l=i[2];"raw"===l?t+=1:"endraw"===l&&(t-=1),0===t?(n+=a,this.tokens.backN(o.length-a.length)):n+=o}return new r.Output(s.lineno,s.colno,[new r.TemplateData(s.lineno,s.colno,n)])},parsePostfix:function(e){for(var t,n=this.peekToken();n;){if(n.type===i.TOKEN_LEFT_PAREN)e=new r.FunCall(n.lineno,n.colno,e,this.parseSignature());else if(n.type===i.TOKEN_LEFT_BRACKET)t=this.parseAggregate(),t.children.length>1&&this.fail("invalid index"),e=new r.LookupVal(n.lineno,n.colno,e,t.children[0]);else{if(n.type!==i.TOKEN_OPERATOR||"."!==n.value)break;this.nextToken();var s=this.nextToken();s.type!==i.TOKEN_SYMBOL&&this.fail("expected name as lookup value, got "+s.value,s.lineno,s.colno),t=new r.Literal(s.lineno,s.colno,s.value),e=new r.LookupVal(n.lineno,n.colno,e,t)}n=this.peekToken()}return e},parseExpression:function(){var e=this.parseInlineIf();return e},parseInlineIf:function(){var e=this.parseOr();if(this.skipSymbol("if")){var t=this.parseOr(),n=e;e=new r.InlineIf(e.lineno,e.colno),e.body=n,e.cond=t,this.skipSymbol("else")?e.else_=this.parseOr():e.else_=null}return e},parseOr:function(){for(var e=this.parseAnd();this.skipSymbol("or");){var t=this.parseAnd();e=new r.Or(e.lineno,e.colno,e,t)}return e},parseAnd:function(){for(var e=this.parseNot();this.skipSymbol("and");){var t=this.parseNot();e=new r.And(e.lineno,e.colno,e,t)}return e},parseNot:function(){var e=this.peekToken();return this.skipSymbol("not")?new r.Not(e.lineno,e.colno,this.parseNot()):this.parseIn()},parseIn:function(){for(var e=this.parseCompare();;){var t=this.nextToken();if(!t)break;var n=t.type===i.TOKEN_SYMBOL&&"not"===t.value;if(n||this.pushToken(t),!this.skipSymbol("in")){n&&this.pushToken(t);break}var s=this.parseCompare();e=new r.In(e.lineno,e.colno,e,s),n&&(e=new r.Not(e.lineno,e.colno,e))}return e},parseCompare:function(){for(var e=["==","!=","<",">","<=",">="],t=this.parseConcat(),n=[];;){var i=this.nextToken();if(!i)break;if(-1===o.indexOf(e,i.value)){this.pushToken(i);break}n.push(new r.CompareOperand(i.lineno,i.colno,this.parseConcat(),i.value))}return n.length?new r.Compare(n[0].lineno,n[0].colno,t,n):t},parseConcat:function(){for(var e=this.parseAdd();this.skipValue(i.TOKEN_TILDE,"~");){var t=this.parseAdd();e=new r.Concat(e.lineno,e.colno,e,t)}return e},parseAdd:function(){for(var e=this.parseSub();this.skipValue(i.TOKEN_OPERATOR,"+");){var t=this.parseSub();e=new r.Add(e.lineno,e.colno,e,t)}return e},parseSub:function(){for(var e=this.parseMul();this.skipValue(i.TOKEN_OPERATOR,"-");){var t=this.parseMul();e=new r.Sub(e.lineno,e.colno,e,t)}return e},parseMul:function(){for(var e=this.parseDiv();this.skipValue(i.TOKEN_OPERATOR,"*");){var t=this.parseDiv();e=new r.Mul(e.lineno,e.colno,e,t)}return e},parseDiv:function(){for(var e=this.parseFloorDiv();this.skipValue(i.TOKEN_OPERATOR,"/");){var t=this.parseFloorDiv();e=new r.Div(e.lineno,e.colno,e,t)}return e},parseFloorDiv:function(){for(var e=this.parseMod();this.skipValue(i.TOKEN_OPERATOR,"//");){var t=this.parseMod();e=new r.FloorDiv(e.lineno,e.colno,e,t)}return e},parseMod:function(){for(var e=this.parsePow();this.skipValue(i.TOKEN_OPERATOR,"%");){var t=this.parsePow();e=new r.Mod(e.lineno,e.colno,e,t)}return e},parsePow:function(){for(var e=this.parseUnary();this.skipValue(i.TOKEN_OPERATOR,"**");){var t=this.parseUnary();e=new r.Pow(e.lineno,e.colno,e,t)}return e},parseUnary:function(e){var t,n=this.peekToken();return t=this.skipValue(i.TOKEN_OPERATOR,"-")?new r.Neg(n.lineno,n.colno,this.parseUnary(!0)):this.skipValue(i.TOKEN_OPERATOR,"+")?new r.Pos(n.lineno,n.colno,this.parseUnary(!0)):this.parsePrimary(),e||(t=this.parseFilter(t)),t},parsePrimary:function(e){var t,n=this.nextToken(),s=null;return n?n.type===i.TOKEN_STRING?t=n.value:n.type===i.TOKEN_INT?t=parseInt(n.value,10):n.type===i.TOKEN_FLOAT?t=parseFloat(n.value):n.type===i.TOKEN_BOOLEAN?"true"===n.value?t=!0:"false"===n.value?t=!1:this.fail("invalid boolean: "+n.value,n.lineno,n.colno):n.type===i.TOKEN_NONE?t=null:n.type===i.TOKEN_REGEX&&(t=new RegExp(n.value.body,n.value.flags)):this.fail("expected expression, got end of file"),void 0!==t?s=new r.Literal(n.lineno,n.colno,t):n.type===i.TOKEN_SYMBOL?(s=new r.Symbol(n.lineno,n.colno,n.value),e||(s=this.parsePostfix(s))):(this.pushToken(n),s=this.parseAggregate()),s?s:void this.fail("unexpected token: "+n.value,n.lineno,n.colno)},parseFilterName:function(){for(var e=this.expect(i.TOKEN_SYMBOL),t=e.value;this.skipValue(i.TOKEN_OPERATOR,".");)t+="."+this.expect(i.TOKEN_SYMBOL).value;return new r.Symbol(e.lineno,e.colno,t)},parseFilterArgs:function(e){if(this.peekToken().type===i.TOKEN_LEFT_PAREN){var t=this.parsePostfix(e);return t.args.children}return[]},parseFilter:function(e){for(;this.skip(i.TOKEN_PIPE);){var t=this.parseFilterName();e=new r.Filter(t.lineno,t.colno,t,new r.NodeList(t.lineno,t.colno,[e].concat(this.parseFilterArgs(e))))}return e},parseFilterStatement:function(){var e=this.peekToken();this.skipSymbol("filter")||this.fail("parseFilterStatement: expected filter");var t=this.parseFilterName(),n=this.parseFilterArgs(t);this.advanceAfterBlockEnd(e.value);var i=this.parseUntilBlocks("endfilter");this.advanceAfterBlockEnd();var s=new r.Filter(t.lineno,t.colno,t,new r.NodeList(t.lineno,t.colno,i.children[0].children.concat(n)));return new r.Output(t.lineno,t.colno,[s])},parseAggregate:function(){var e,t=this.nextToken();switch(t.type){case i.TOKEN_LEFT_PAREN:e=new r.Group(t.lineno,t.colno);break;case i.TOKEN_LEFT_BRACKET:e=new r.Array(t.lineno,t.colno);break;case i.TOKEN_LEFT_CURLY:e=new r.Dict(t.lineno,t.colno);break;default:return null}for(;;){var n=this.peekToken().type;if(n===i.TOKEN_RIGHT_PAREN||n===i.TOKEN_RIGHT_BRACKET||n===i.TOKEN_RIGHT_CURLY){this.nextToken();break}if(e.children.length>0&&(this.skip(i.TOKEN_COMMA)||this.fail("parseAggregate: expected comma after expression",t.lineno,t.colno)),e instanceof r.Dict){var s=this.parsePrimary();this.skip(i.TOKEN_COLON)||this.fail("parseAggregate: expected colon after dict key",t.lineno,t.colno);var o=this.parseExpression();e.addChild(new r.Pair(s.lineno,s.colno,s,o))}else{var a=this.parseExpression();e.addChild(a)}}return e},parseSignature:function(e,t){var n=this.peekToken();if(!t&&n.type!==i.TOKEN_LEFT_PAREN){if(e)return null;this.fail("expected arguments",n.lineno,n.colno)}n.type===i.TOKEN_LEFT_PAREN&&(n=this.nextToken());for(var s=new r.NodeList(n.lineno,n.colno),o=new r.KeywordArgs(n.lineno,n.colno),a=!1;;){if(n=this.peekToken(),!t&&n.type===i.TOKEN_RIGHT_PAREN){this.nextToken();break}if(t&&n.type===i.TOKEN_BLOCK_END)break;if(a&&!this.skip(i.TOKEN_COMMA))this.fail("parseSignature: expected comma after expression",n.lineno,n.colno);else{var l=this.parseExpression();this.skipValue(i.TOKEN_OPERATOR,"=")?o.addChild(new r.Pair(l.lineno,l.colno,l,this.parseExpression())):s.addChild(l)}a=!0}return o.children.length&&s.addChild(o),s},parseUntilBlocks:function(){var e=this.breakOnBlocks;this.breakOnBlocks=o.toArray(arguments);var t=this.parse();return this.breakOnBlocks=e,t},parseNodes:function(){for(var e,t=[];e=this.nextToken();)if(e.type===i.TOKEN_DATA){var n=e.value,s=this.peekToken(),o=s&&s.value;this.dropLeadingWhitespace&&(n=n.replace(/^\s*/,""),this.dropLeadingWhitespace=!1),s&&s.type===i.TOKEN_BLOCK_START&&"-"===o.charAt(o.length-1)&&(n=n.replace(/\s*$/,"")),t.push(new r.Output(e.lineno,e.colno,[new r.TemplateData(e.lineno,e.colno,n)]))}else if(e.type===i.TOKEN_BLOCK_START){var a=this.parseStatement();if(!a)break;t.push(a)}else if(e.type===i.TOKEN_VARIABLE_START){var l=this.parseExpression();this.advanceAfterVariableEnd(),t.push(new r.Output(e.lineno,e.colno,[l]))}else e.type!==i.TOKEN_COMMENT&&this.fail("Unexpected token at top-level: "+e.type,e.lineno,e.colno);return t},parse:function(){return new r.NodeList(0,0,this.parseNodes())},parseAsRoot:function(){return new r.Root(0,0,this.parseNodes())}});e.exports={parse:function(e,t,n){var r=new a(i.lex(e,n));return void 0!==t&&(r.extensions=t),r.parseAsRoot()}}},function(e,t,n){"use strict";function i(e,t,n,i){return{type:e,value:t,lineno:n,colno:i}}function r(e,t){this.str=e,this.index=0,this.len=e.length,this.lineno=0,this.colno=0,this.in_code=!1,t=t||{};var n=t.tags||{};this.tags={BLOCK_START:n.blockStart||c,BLOCK_END:n.blockEnd||h,VARIABLE_START:n.variableStart||u,VARIABLE_END:n.variableEnd||p,COMMENT_START:n.commentStart||f,COMMENT_END:n.commentEnd||m},this.trimBlocks=!!t.trimBlocks,this.lstripBlocks=!!t.lstripBlocks}var s=n(4),o=" \n \r ",a="()[]{}%*-+~/#,:|.<>=!",l="0123456789",c="{%",h="%}",u="{{",p="}}",f="{#",m="#}",d="string",v="whitespace",g="data",y="block-start",k="block-end",x="variable-start",b="variable-end",E="comment",w="left-paren",T="right-paren",L="left-bracket",_="right-bracket",O="left-curly",A="right-curly",S="operator",N="comma",C="colon",B="tilde",F="pipe",R="int",K="float",I="boolean",M="none",P="symbol",D="special",V="regex";r.prototype.nextToken=function(){var e,t=this.lineno,n=this.colno;if(this.in_code){var r=this.current();if(this.is_finished())return null;if('"'===r||"'"===r)return i(d,this.parseString(r),t,n);if(e=this._extract(o))return i(v,e,t,n);if((e=this._extractString(this.tags.BLOCK_END))||(e=this._extractString("-"+this.tags.BLOCK_END)))return this.in_code=!1,this.trimBlocks&&(r=this.current(),"\n"===r&&this.forward()),i(k,e,t,n);if(e=this._extractString(this.tags.VARIABLE_END))return this.in_code=!1,i(b,e,t,n);if("r"===r&&"/"===this.str.charAt(this.index+1)){this.forwardN(2);for(var c="";!this.is_finished();){if("/"===this.current()&&"\\"!==this.previous()){this.forward();break}c+=this.current(),this.forward()}for(var h=["g","i","m","y"],u="";!this.is_finished();){var p=-1!==h.indexOf(this.current());if(!p)break;u+=this.current(),this.forward()}return i(V,{body:c,flags:u},t,n)}if(-1!==a.indexOf(r)){this.forward();var f,m=["==","!=","<=",">=","//","**"],D=r+this.current();switch(-1!==s.indexOf(m,D)&&(this.forward(),r=D),r){case"(":f=w;break;case")":f=T;break;case"[":f=L;break;case"]":f=_;break;case"{":f=O;break;case"}":f=A;break;case",":f=N;break;case":":f=C;break;case"~":f=B;break;case"|":f=F;break;default:f=S}return i(f,r,t,n)}if(e=this._extractUntil(o+a),e.match(/^[-+]?[0-9]+$/)){if("."===this.current()){this.forward();var j=this._extract(l);return i(K,e+"."+j,t,n)}return i(R,e,t,n)}if(e.match(/^(true|false)$/))return i(I,e,t,n);if("none"===e)return i(M,e,t,n);if(e)return i(P,e,t,n);throw new Error("Unexpected value while parsing: "+e)}var U=this.tags.BLOCK_START.charAt(0)+this.tags.VARIABLE_START.charAt(0)+this.tags.COMMENT_START.charAt(0)+this.tags.COMMENT_END.charAt(0);if(this.is_finished())return null;if((e=this._extractString(this.tags.BLOCK_START+"-"))||(e=this._extractString(this.tags.BLOCK_START)))return this.in_code=!0,i(y,e,t,n);if(e=this._extractString(this.tags.VARIABLE_START))return this.in_code=!0,i(x,e,t,n);e="";var W,G=!1;for(this._matches(this.tags.COMMENT_START)&&(G=!0,e=this._extractString(this.tags.COMMENT_START));null!==(W=this._extractUntil(U));){if(e+=W,(this._matches(this.tags.BLOCK_START)||this._matches(this.tags.VARIABLE_START)||this._matches(this.tags.COMMENT_START))&&!G){if(this.lstripBlocks&&this._matches(this.tags.BLOCK_START)&&this.colno>0&&this.colno<=e.length){var Y=e.slice(-this.colno);if(/^\s+$/.test(Y)&&(e=e.slice(0,-this.colno),!e.length))return this.nextToken()}break}if(this._matches(this.tags.COMMENT_END)){if(!G)throw new Error("unexpected end of comment");e+=this._extractString(this.tags.COMMENT_END);break}e+=this.current(),this.forward()}if(null===W&&G)throw new Error("expected end of comment, got end of file");return i(G?E:g,e,t,n)},r.prototype.parseString=function(e){this.forward();for(var t="";!this.is_finished()&&this.current()!==e;){var n=this.current();if("\\"===n){switch(this.forward(),this.current()){case"n":t+="\n";break;case"t":t+=" ";break;case"r":t+="\r";break;default:t+=this.current()}this.forward()}else t+=n,this.forward()}return this.forward(),t},r.prototype._matches=function(e){if(this.index+e.length>this.len)return null;var t=this.str.slice(this.index,this.index+e.length);return t===e},r.prototype._extractString=function(e){return this._matches(e)?(this.index+=e.length,e):null},r.prototype._extractUntil=function(e){return this._extractMatching(!0,e||"")},r.prototype._extract=function(e){return this._extractMatching(!1,e)},r.prototype._extractMatching=function(e,t){if(this.is_finished())return null;var n=t.indexOf(this.current());if(e&&-1===n||!e&&-1!==n){var i=this.current();this.forward();for(var r=t.indexOf(this.current());(e&&-1===r||!e&&-1!==r)&&!this.is_finished();)i+=this.current(),this.forward(),r=t.indexOf(this.current());return i}return""},r.prototype._extractRegex=function(e){var t=this.currentStr().match(e);return t?(this.forwardN(t[0].length),t):null},r.prototype.is_finished=function(){return this.index>=this.len},r.prototype.forwardN=function(e){for(var t=0;e>t;t++)this.forward()},r.prototype.forward=function(){this.index++,"\n"===this.previous()?(this.lineno++,this.colno=0):this.colno++},r.prototype.backN=function(e){for(var t=0;e>t;t++)this.back()},r.prototype.back=function(){if(this.index--,"\n"===this.current()){this.lineno--;var e=this.src.lastIndexOf("\n",this.index-1);-1===e?this.colno=this.index:this.colno=this.index-e}else this.colno--},r.prototype.current=function(){return this.is_finished()?"":this.str.charAt(this.index)},r.prototype.currentStr=function(){return this.is_finished()?"":this.str.substr(this.index)},r.prototype.previous=function(){return this.str.charAt(this.index-1)},e.exports={lex:function(e,t){return new r(e,t)},TOKEN_STRING:d,TOKEN_WHITESPACE:v,TOKEN_DATA:g,TOKEN_BLOCK_START:y,TOKEN_BLOCK_END:k,TOKEN_VARIABLE_START:x,TOKEN_VARIABLE_END:b,TOKEN_COMMENT:E,TOKEN_LEFT_PAREN:w,TOKEN_RIGHT_PAREN:T,TOKEN_LEFT_BRACKET:L,TOKEN_RIGHT_BRACKET:_,TOKEN_LEFT_CURLY:O,TOKEN_RIGHT_CURLY:A,TOKEN_OPERATOR:S,TOKEN_COMMA:N,TOKEN_COLON:C,TOKEN_TILDE:B,TOKEN_PIPE:F,TOKEN_INT:R,TOKEN_FLOAT:K,TOKEN_BOOLEAN:I,TOKEN_NONE:M,TOKEN_SYMBOL:P,TOKEN_SPECIAL:D,TOKEN_REGEX:V}},function(e,t,n){"use strict";function i(){return"hole_"+d++}function r(e,t){for(var n=null,i=0;ie.length){i=Array.prototype.slice.call(arguments,0,e.length);var c=Array.prototype.slice.call(arguments,i.length,a);for(r=0;ri;i++)s.push(n);r.push(s)}return r},capitalize:function(e){e=i(e,"");var t=e.toLowerCase();return s.copySafeness(e,t.charAt(0).toUpperCase()+t.slice(1))},center:function(e,t){if(e=i(e,""),t=t||80,e.length>=t)return e;var n=t-e.length,o=r.repeat(" ",n/2-n%2),a=r.repeat(" ",n/2);return s.copySafeness(e,o+e+a)},"default":function(e,t,n){return n===!0||n===!1||o||(o=!0,console.log('[nunjucks] Warning: the "default" filter was used without specifying the type of comparison. 2.0 changed the default behavior from boolean (val ? val : def) to strictly undefined, so you should make sure that doesn\'t break anything. Be explicit about this to make this warning go away, or wait until 2.1. See http://mozilla.github.io/nunjucks/templating.html#defaultvalue-default-boolean')),n?e?e:t:void 0!==e?e:t},dictsort:function(e,t,n){if(!r.isObject(e))throw new r.TemplateError("dictsort filter: val must be an object");var i=[];for(var s in e)i.push([s,e[s]]);var o;if(void 0===n||"key"===n)o=0;else{if("value"!==n)throw new r.TemplateError("dictsort filter: You can only sort by either key or value");o=1}return i.sort(function(e,n){var i=e[o],s=n[o];return t||(r.isString(i)&&(i=i.toUpperCase()),r.isString(s)&&(s=s.toUpperCase())),i>s?1:i===s?0:-1}),i},dump:function(e){return JSON.stringify(e)},escape:function(e){return"string"==typeof e||e instanceof s.SafeString?r.escape(e):e},safe:function(e){return s.markSafe(e)},first:function(e){return e[0]},groupby:function(e,t){return r.groupBy(e,t)},indent:function(e,t,n){if(e=i(e,""),""===e)return"";t=t||4;for(var o="",a=e.split("\n"),l=r.repeat(" ",t),c=0;c-1&&(-1===i||i>c);)o+=e.substring(l,a)+n,l=a+t.length,c++,a=e.indexOf(t,l);return la;a++){var l=s+a*i;r>a&&s++;var c=s+(a+1)*i,h=e.slice(l,c);n&&a>=r&&h.push(n),o.push(h)}return o},sort:s.makeMacro(["value","reverse","case_sensitive","attribute"],[],function(e,t,n,i){return e=r.map(e,function(e){return e}),e.sort(function(e,s){var o,a;return i?(o=e[i],a=s[i]):(o=e,a=s),!n&&r.isString(o)&&r.isString(a)&&(o=o.toLowerCase(),a=a.toLowerCase()),a>o?t?1:-1:o>a?t?-1:1:0}),e}),string:function(e){return s.copySafeness(e,e)},title:function(e){e=i(e,"");for(var t=e.split(" "),n=0;n"+c.substr(0,t)+"":a.test(c)?'"+c.substr(0,t)+" ":s.test(c)?''+c+" ":l.test(c)?'"+c.substr(0,t)+" ":e});return c.join(" ")},wordcount:function(e){e=i(e,"");var t=e?e.match(/\w+/g):null;return t?t.length:null},"float":function(e,t){var n=parseFloat(e);return isNaN(n)?t:n},"int":function(e,t){var n=parseInt(e,10);return isNaN(n)?t:n}};a.d=a["default"],a.e=a.escape,e.exports=a},function(e,t,n){"use strict";function i(){if(l.length)throw l.shift()}function r(e){var t;t=a.length?a.pop():new s,t.task=e,o(t)}function s(){this.task=null}var o=n(13),a=[],l=[],c=o.makeRequestCallFromTimer(i);e.exports=r,s.prototype.call=function(){try{this.task.call()}catch(e){r.onerror?r.onerror(e):(l.push(e),c())}finally{this.task=null,a[a.length]=this}}},function(e,t){(function(t){"use strict";function n(e){a.length||(o(),l=!0),a[a.length]=e}function i(){for(;ch){for(var t=0,n=a.length-c;n>t;t++)a[t]=a[t+c];a.length-=c,c=0}}a.length=0,c=0,l=!1}function r(e){var t=1,n=new u(e),i=document.createTextNode("");return n.observe(i,{characterData:!0}),function(){t=-t,i.data=t}}function s(e){return function(){function t(){clearTimeout(n),clearInterval(i),e()}var n=setTimeout(t,0),i=setInterval(t,50)}}e.exports=n;var o,a=[],l=!1,c=0,h=1024,u=t.MutationObserver||t.WebKitMutationObserver;o="function"==typeof u?r(i):s(i),n.requestFlush=o,n.makeRequestCallFromTimer=s}).call(t,function(){return this}())},function(e,t,n){"use strict";var i=n(15),r=n(16),s=i.extend({init:function(e,t){this.baseURL=e||".",t=t||{},this.useCache=!!t.useCache,this.async=!!t.async},resolve:function(e,t){throw new Error("relative templates not support in the browser yet")},getSource:function(e,t){var n,i=this.useCache;return this.fetch(this.baseURL+"/"+e,function(r,s){if(r){if(!t)throw r;t(r)}else n={src:s,path:e,noCache:!i},t&&t(null,n)}),n},fetch:function(e,t){var n,i=!0;window.XMLHttpRequest?n=new XMLHttpRequest:window.ActiveXObject&&(n=new ActiveXObject("Microsoft.XMLHTTP")),n.onreadystatechange=function(){4===n.readyState&&i&&(i=!1,0===n.status||200===n.status?t(null,n.responseText):t(n.responseText))},e+=(-1===e.indexOf("?")?"?":"&")+"s="+(new Date).getTime(),n.open("GET",e,this.async),n.send()}});e.exports={WebLoader:s,PrecompiledLoader:r}},function(e,t,n){"use strict";var i=n(3),r=n(5),s=n(4),o=r.extend({on:function(e,t){this.listeners=this.listeners||{},this.listeners[e]=this.listeners[e]||[],this.listeners[e].push(t)},emit:function(e){var t=Array.prototype.slice.call(arguments,1);this.listeners&&this.listeners[e]&&s.each(this.listeners[e],function(e){e.apply(null,t)})},resolve:function(e,t){return i.resolve(i.dirname(e),t)},isRelative:function(e){return 0===e.indexOf("./")||0===e.indexOf("../")}});e.exports=o},function(e,t,n){"use strict";var i=n(15),r=i.extend({init:function(e){this.precompiled=e||{}},getSource:function(e){return this.precompiled[e]?{src:{type:"code",obj:this.precompiled[e]},path:e}:null}});e.exports=r},function(e,t){"use strict";function n(e){var t=-1;return{current:null,reset:function(){t=-1,this.current=null},next:function(){return t++,t>=e.length&&(t=0),this.current=e[t],this.current}}}function i(e){e=e||",";var t=!0;return function(){var n=t?"":e;return t=!1,n}}var r={range:function(e,t,n){t?n||(n=1):(t=e,e=0,n=1);for(var i=[],r=e;t>r;r+=n)i.push(r);return i},cycler:function(){return n(Array.prototype.slice.call(arguments))},joiner:function(e){return i(e)}};e.exports=r},function(e,t){function n(){"use strict";var e=this.runtime,t=this.lib,n=e.contextOrFrameLookup;e.contextOrFrameLookup=function(e,t,i){var r=n.apply(this,arguments);if(void 0===r)switch(i){case"True":return!0;case"False":return!1;case"None":return null}return r};var i=e.memberLookup,r={pop:function(e){if(void 0===e)return this.pop();if(e>=this.length||0>e)throw new Error("KeyError");return this.splice(e,1)},remove:function(e){for(var t=0;t
+
+Fetch
+{% if j.signable %}
+Sign
+{% else %}
+Sign
+{% endif %}
+Delete
+
+
+
+{% include 'iconmonstr-certificate-15-icon.svg' %}
+{{j.subject}}
+
+
+{% if j.email_address %}
+{% include 'iconmonstr-email-2-icon.svg' %} {{ j.email_address }}
+{% endif %}
+
+
+{% include 'iconmonstr-key-2-icon.svg' %}
+
+{{ j.sha256sum }}
+
+{{ j.key_length }}-bit
+{{ j.key_type }}
+
+
+{% set key_usage = j.key_usage %}
+{% if key_usage %}
+
+{% include 'iconmonstr-flag-3-icon.svg' %}
+{{j.key_usage}}
+
+{% endif %}
+
+
+
diff --git a/certidude/wrappers.py b/certidude/wrappers.py
index 19715b5..2348ec7 100644
--- a/certidude/wrappers.py
+++ b/certidude/wrappers.py
@@ -299,11 +299,21 @@ class CertificateBase:
assert len(h) * 4 == self.key_length, "%s is not %s" % (len(h)*4, self.key_length)
return re.findall("\d\d", h)
- def fingerprint(self):
- import binascii
- m, _ = self.pubkey
- return "%x" % m
- return ":".join(re.findall("..", hashlib.sha1(binascii.unhexlify("%x" % m)).hexdigest()))
+ def fingerprint(self, algorithm="sha256"):
+ return hashlib.new(algorithm, self.buf.encode("ascii")).hexdigest()
+
+ @property
+ def md5sum(self):
+ return self.fingerprint("md5")
+
+ @property
+ def sha1sum(self):
+ return self.fingerprint("sha1")
+
+ @property
+ def sha256sum(self):
+ return self.fingerprint("sha256")
+
class Request(CertificateBase):
def __init__(self, mixed=None):