+
+
+import os, sys
+import logging
+from utils import *
+from templates import *
+from paths import *
+from cfg import *
+
+
+def gen(tag):
+
+ info = cfg2dict(cfg, tag)
+
+ conf_file = getpath('conf', tag)
+ rsa_key_file = getpath('rsa_key', tag)
+ dsa_key_file = getpath('dsa_key', tag)
+ dsa_parms_file = getpath('dsa_parms', tag)
+ csr_file = getpath('rsa_csr', tag)
+ dsa_csr_file = getpath('dsa_csr', tag)
+ ext_file = getpath('ext', tag)
+ public_crt_file = getpath('public_crt', tag)
+ crt_file = getpath('rsa_crt', tag)
+ dsa_crt_file = getpath('dsa_crt', tag)
+ sf_file = getpath('singlefile', tag)
+
+ if os.path.exists(public_crt_file):
+ print
+ if expired(getcertdate(public_crt_file)):
+ print 'Certificate has expired. Ready to re-generate.'
+ else:
+ print
+ ans = raw_input('This certificate seems to exist already (in %s).\nAre you really sure that you want to re-create it? [y/N] ' % crt_file)
+ if not ans or ans[0].lower() != 'y':
+ sys.exit(0)
+
+ # create custom config file
+ template(conf_file,
+ openssl_conf_template,
+ dict(
+ ca_dir = ca_base,
+ default_days = ca['default_days'],
+ country = d2get(info, ca, 'country'),
+ org = d2get(info, ca, 'org'),
+ ou = d2get(info, ca, 'ou', ''),
+ cn = info['cn'],
+ email = d2get(info, ca, 'email')))
+
+ # create dsa parameters
+ openssl('dsaparam', '-out', dsa_parms_file, '1024')
+
+ # create rsa key
+ openssl('req', '-batch', '-new', '-keyout', rsa_key_file,
+ '-config', conf_file, '-nodes', '-out', csr_file)
+ openssl('req', '-batch', '-new', '-newkey', 'dsa:' + dsa_parms_file,
+ '-keyout', dsa_key_file, '-nodes',
+ '-config', conf_file, '-out', dsa_csr_file)
+
+ # create ext file
+ altnames = [ x.strip() for x in info['alt_names'].split(',') ]
+ altnames_s = ''
+ for i in range(len(altnames)):
+ altnames_s += 'DNS.%d=%s\n' % (i + 1, altnames[i])
+ template(ext_file,
+ ext_template,
+ dict(
+ ca_name = ca['name'],
+ ca_base_url = ca['base_url'],
+ alt_names = altnames_s))
+
+ # sign requests
+ openssl('ca', '-days', ca['default_days'],
+ '-config', conf_file, '-batch',
+ '-policy', 'policy_anything',
+ '-out', crt_file,
+ '-extfile', ext_file,
+ '-infiles', csr_file)
+ openssl('ca', '-days', ca['default_days'],
+ '-config', conf_file, '-batch',
+ '-policy', 'policy_anything',
+ '-out', dsa_crt_file,
+ '-extfile', ext_file,
+ '-infiles', dsa_csr_file)
+ f = open(public_crt_file, 'w')
+ f.write(open(crt_file, 'r').read())
+ f.write(open(dsa_crt_file, 'r').read())
+ f.close()
+
+ # create single-file file
+ f = open(sf_file, 'w')
+ f.write(open(crt_file, 'r').read())
+ f.write(open(dsa_crt_file, 'r').read())
+ f.write(open(rsa_key_file, 'r').read())
+ f.write(open(dsa_key_file, 'r').read())
+ f.close()
+
+ logging.info('created certificate %s [%s]' % (tag, info['cn']))
+
+ print '''
+Certificate '%s':
+
+ CN: %s
+ AltNames: %s
+
+ RSA key: %s
+ DSA key: %s
+ public crt: %s
+ all-in-one: %s
+
+''' % (tag, info['cn'], ', '.join(altnames),
+ rsa_key_file, dsa_key_file, public_crt_file, sf_file)