Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

94 lines
2.4 KiB

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from playhouse.gfk import *
import os
import os.path
import subprocess
from models.authority import Authority
from models.certificate import Certificate
from models.request import SignRequest
from paths import *
class HostSSLRequest(SignRequest):
def __init__(self, req_id, host_name, key_data):
super(HostSSLRequest, self).__init__(req_id)
self.host_name = host_name
self.key_data = key_data
@property
def name(self):
return "Hostname: %s" % self.host_name
@property
def fields(self):
return [
("Hostname", self.host_name)
]
@property
def receiver(self):
return self.host_name
class SSLAuthority(Authority):
request_allowed = [ HostSSLRequest, ]
ca_key_algorithm = 'des3'
key_length = '4096'
key_algorithm = 'sha256'
ca_validity = '365'
cert_validity = '365'
def generate(self):
if os.path.exists(self.path):
raise ValueError("A CA with the same id and type already exists")
subprocess.check_output(['openssl',
'genrsa',
'-%s'%self.ca_key_algorithm,
'-out', '%s'%(self.path),
self.key_length])
subprocess.check_output(['openssl',
'req',
'-new',
'-x509',
'-days', self.ca_validity,
'-key', self.path,
# '-extensions', 'v3_ca'
'-out', "%s.pub"%self.path,
# '-config', "%s.conf"%self.path
])
with open(self.path + '.serial', 'w') as stream:
stream.write(str(0))
def generate_certificate(self, request):
"""
Sign a *SSLRequest with this certification authority
"""
pub_key_path = request.destination + '.pub'
cert_path = request.destination + '-cert.pub'
with open(pub_key_path, 'w') as stream:
stream.write(request.key_data)
subprocess.check_output(['openssl',
'x509',
'-req',
'-days', self.ca_validity,
'-in', pub_key_path,
'-CA', "%s.pub"%self.path,
'-CAkey', self.path,
'-CAcreateserial',
'-out', cert_path,
'-%s'%self.key_algorithm])
return self.ca_validity