-
-import os, logging
-from utils import *
-from templates import *
-from cfg import *
-
-
-def newca():
-
- conf_file = os.path.join(ca_base, 'conf/ca.conf')
- ca_file = os.path.join(ca_base, 'public/ca.pem')
- ca_dsa_file = os.path.join(ca_base, 'public/ca-dsa.tmp')
- ca_key_file = os.path.join(ca_base, 'private/ca.key')
- ca_dsa_key_file = os.path.join(ca_base, 'private/ca-dsa.key')
- ca_csr_file = os.path.join(ca_base, 'newcerts/ca.csr')
- ca_dsa_csr_file = os.path.join(ca_base, 'newcerts/ca-dsa.csr')
- dsa_parms_file = os.path.join(ca_base, 'private/ca.dsap')
-
- serial_file = os.path.join(ca_base, 'serial')
- index_file = os.path.join(ca_base, 'index')
- if not os.path.exists(serial_file):
- open(serial_file, 'w').write('01')
- if not os.path.exists(index_file):
- open(index_file, 'w').close()
-
- template(conf_file,
- openssl_conf_template,
- dict(
- ca_dir = ca_base,
- default_days = ca['default_days'],
- country = ca['country'],
- org = ca['org'],
- ou = ca.get('ou', ''),
- cn = ca['name'],
- email = ca['email']))
- if not os.path.exists(dsa_parms_file):
- openssl('dsaparam', '-out', dsa_parms_file, '1024')
- logging.info('generated CA DSA parameters')
- if not os.path.exists(ca_file):
- openssl('req', '-new', '-keyout', ca_key_file,
- '-config', conf_file, '-batch',
- '-out', ca_csr_file)
- openssl('req', '-new', '-newkey', 'dsa:' + dsa_parms_file,
- '-config', conf_file, '-batch',
- '-keyout', ca_dsa_key_file,
- '-out', ca_dsa_csr_file)
- openssl('ca',
- '-config', conf_file, '-batch',
- '-keyfile', ca_key_file,
- '-extensions', 'v3_ca',
- '-out', ca_file, '-selfsign',
- '-infiles', ca_csr_file)
- openssl('ca',
- '-config', conf_file, '-batch',
- '-keyfile', ca_dsa_key_file,
- '-extensions', 'v3_ca',
- '-out', ca_dsa_file, '-selfsign',
- '-infiles', ca_dsa_csr_file)
- open(ca_file, 'a').write(open(ca_dsa_file, 'r').read())
- os.remove(ca_dsa_file)
- logging.info('created CA certificates')
-
v.licheni.net / stack / cam.git / blobdiff