f036552bfe3dec27b1974318cb6a473c0da4cab7
[stack/cam.git] / lib / newca.py
1
2 import os, logging
3 from utils import *
4 from templates import *
5 from cfg import *
6
7
8 def newca():
9
10     conf_file = os.path.join(ca_base, 'conf/ca.conf')
11     ca_file = os.path.join(ca_base, 'public/ca.pem')
12     ca_dsa_file = os.path.join(ca_base, 'public/ca-dsa.tmp')
13     ca_key_file = os.path.join(ca_base, 'private/ca.key')
14     ca_dsa_key_file = os.path.join(ca_base, 'private/ca-dsa.key')
15     ca_csr_file = os.path.join(ca_base, 'newcerts/ca.csr')
16     ca_dsa_csr_file = os.path.join(ca_base, 'newcerts/ca-dsa.csr')
17     dsa_parms_file = os.path.join(ca_base, 'private/ca.dsap')
18
19     serial_file = os.path.join(ca_base, 'serial')
20     index_file = os.path.join(ca_base, 'index')
21     if not os.path.exists(serial_file):
22         open(serial_file, 'w').write('01')
23     if not os.path.exists(index_file):
24         open(index_file, 'w').close()
25
26     template(conf_file, 
27              openssl_conf_template,
28              dict(
29             ca_dir = ca_base,
30             default_days = ca['default_days'],
31             country = ca['country'],
32             org = ca['org'],
33             ou = ca.get('ou', ''),
34             cn = ca['name'],
35             email = ca['email']))
36     if not os.path.exists(dsa_parms_file):
37         openssl('dsaparam', '-out', dsa_parms_file, '1024')
38         logging.info('generated CA DSA parameters')
39     if not os.path.exists(ca_file):
40         openssl('req', '-new', '-keyout', ca_key_file, 
41                 '-config', conf_file, '-batch',
42                 '-out', ca_csr_file)
43         openssl('req', '-new', '-newkey', 'dsa:' + dsa_parms_file,
44                 '-config', conf_file, '-batch',
45                 '-keyout', ca_dsa_key_file,
46                 '-out', ca_dsa_csr_file)
47         openssl('ca', 
48                 '-config', conf_file, '-batch',
49                 '-keyfile', ca_key_file,
50                 '-extensions', 'v3_ca', '-selfsign',
51                 '-out', ca_file,
52                 '-infiles', ca_csr_file)
53         openssl('ca', 
54                 '-config', conf_file, '-batch',
55                 '-keyfile', ca_dsa_key_file,
56                 '-extensions', 'v3_ca', '-selfsign',
57                 '-out', ca_dsa_file,
58                 '-infiles', ca_dsa_csr_file)
59         open(ca_file, 'a').write(open(ca_dsa_file, 'r').read())
60         os.remove(ca_dsa_file)
61         logging.info('created CA certificates')
62