+++ /dev/null
-
-
-import os, sys
-import logging
-from utils import *
-from templates import *
-from paths import *
-from cfg import *
-
-
-def gen(tag):
-
- info = cfg2dict(cfg, tag)
-
- conf_file = getpath('conf', tag)
- rsa_key_file = getpath('rsa_key', tag)
- dsa_key_file = getpath('dsa_key', tag)
- dsa_parms_file = getpath('dsa_parms', tag)
- csr_file = getpath('rsa_csr', tag)
- dsa_csr_file = getpath('dsa_csr', tag)
- ext_file = getpath('ext', tag)
- public_crt_file = getpath('public_crt', tag)
- crt_file = getpath('rsa_crt', tag)
- dsa_crt_file = getpath('dsa_crt', tag)
- sf_file = getpath('singlefile', tag)
-
- if os.path.exists(public_crt_file):
- print
- if expired(getcertdate(public_crt_file)):
- print 'Certificate has expired. Ready to re-generate.'
- else:
- print
- ans = raw_input('This certificate seems to exist already (in %s).\nAre you really sure that you want to re-create it? [y/N] ' % crt_file)
- if not ans or ans[0].lower() != 'y':
- sys.exit(0)
- print 'Revoking previous certificate...'
- openssl('ca', '-config', conf_file,
- '-revoke', public_crt_file)
-
-
- # create custom config file
- template(conf_file,
- openssl_conf_template,
- dict(
- ca_dir = ca_base,
- default_days = ca['default_days'],
- country = d2get(info, ca, 'country'),
- org = d2get(info, ca, 'org'),
- ou = d2get(info, ca, 'ou', ''),
- cn = info['cn'],
- email = d2get(info, ca, 'email')))
-
- # create dsa parameters
- openssl('dsaparam', '-out', dsa_parms_file, '1024')
-
- # create rsa key
- openssl('req', '-batch', '-new', '-keyout', rsa_key_file,
- '-config', conf_file, '-nodes', '-out', csr_file)
- openssl('req', '-batch', '-new', '-newkey', 'dsa:' + dsa_parms_file,
- '-keyout', dsa_key_file, '-nodes',
- '-config', conf_file, '-out', dsa_csr_file)
-
- # create ext file
- altnames = [ x.strip() for x in info['alt_names'].split(',') ]
- altnames_s = ''
- for i in range(len(altnames)):
- altnames_s += 'DNS.%d=%s\n' % (i + 1, altnames[i])
- template(ext_file,
- ext_template,
- dict(
- ca_name = ca['name'],
- ca_base_url = ca['base_url'],
- alt_names = altnames_s))
-
- # sign requests
- openssl('ca', '-days', ca['default_days'],
- '-config', conf_file, '-batch',
- '-policy', 'policy_anything',
- '-out', crt_file,
- '-extfile', ext_file,
- '-infiles', csr_file)
- openssl('ca', '-days', ca['default_days'],
- '-config', conf_file, '-batch',
- '-policy', 'policy_anything',
- '-out', dsa_crt_file,
- '-extfile', ext_file,
- '-infiles', dsa_csr_file)
- f = open(public_crt_file, 'w')
- f.write(open(crt_file, 'r').read())
- f.write(open(dsa_crt_file, 'r').read())
- f.close()
-
- # create single-file file
- f = open(sf_file, 'w')
- f.write(open(crt_file, 'r').read())
- f.write(open(dsa_crt_file, 'r').read())
- f.write(open(rsa_key_file, 'r').read())
- f.write(open(dsa_key_file, 'r').read())
- f.close()
-
- logging.info('created certificate %s [%s]' % (tag, info['cn']))
-
- print '''
-Certificate '%s':
-
- CN: %s
- AltNames: %s
-
- RSA key: %s
- DSA key: %s
- public crt: %s
- all-in-one: %s
-
-''' % (tag, info['cn'], ', '.join(altnames),
- rsa_key_file, dsa_key_file, public_crt_file, sf_file)
v.licheni.net / stack / cam.git / blobdiff