LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
172 Commits
7 Branches
218 KiB
Tree: 7e899b5176
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7e899b5176'
${ noResults }
ca_manager/models/ssl.py

99 lines
2.7 KiB
Raw Normal View History

move ssh and ssl authority and requests to respective modules
8 years ago
 
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. 

  4. from peewee import *
  5. 

  6. import os
  7. import os.path
  8. import subprocess
  9. 

  10. from models.authority import Authority
  11. from models.certificate import Certificate
  12. from models.request import SignRequest
  13. from paths import *
  14. 

  15. class HostSSLRequest(SignRequest):
  16.     def __init__(self, req_id, host_name, key_data):
  17.         super(HostSSLRequest, self).__init__(req_id)
  18. 

  19.         self.host_name = host_name
  20.         self.key_data = key_data
  21. 

  22.     @property
  23.     def name(self):
  24.         return "Hostname: %s" % self.host_name
  25. 

  26.     @property
  27.     def fields(self):
  28.         return [
  29.             ("Hostname", self.host_name)
  30.         ]
  31. 

  32. 

  33. class SSLAuthority(Authority):
  34.     request_allowed = [ HostSSLRequest, ]
  35. 

  36.     ca_key_algorithm = 'des3'
  37.     key_length = '4096'
  38. 

  39.     key_algorithm = 'sha256'
  40.     ca_validity = '365'
  41.     cert_validity = '365'
  42. 

  43.     def generate(self):
  44.         if os.path.exists(self.path):
  45.             raise ValueError("A CA with the same id and type already exists")
  46. 

  47.         subprocess.check_output(['openssl',
  48.             'genrsa',
  49.             '-%s'%self.ca_key_algorithm,
  50.             '-out', '%s'%(self.path),
  51.             self.key_length])
  52. 

  53.         subprocess.check_output(['openssl',
  54.             'req',
  55.             '-new',
  56.             '-x509',
  57.             '-days', self.ca_validity,
  58.             '-key', self.path,
  59.             # '-extensions', 'v3_ca'
  60.             '-out', "%s.pub"%self.path,
  61.             # '-config', "%s.conf"%self.path
  62.             ])
  63. 

  64.         with open(self.path + '.serial', 'w') as stream:
  65.             stream.write(str(0))
  66. 

  67. 

  68.     def sign(self, request):
  69.         OUTPUT_PATH
  70. 

  71.         assert type(request) in self.request_allowed
  72. 

  73.         pub_key_path = os.path.join(OUTPUT_PATH, request.req_id + '.pub')
  74.         cert_path = os.path.join(OUTPUT_PATH, request.req_id + '-cert.pub')
  75. 

  76.         with open(self.path + '.serial', 'r') as stream:
  77.             next_serial = int(stream.read())
  78.         with open(self.path + '.serial', 'w') as stream:
  79.             stream.write(str(next_serial + 1))
  80. 

  81.         with open(pub_key_path, 'w') as stream:
  82.             stream.write(request.key_data)
  83. 

  84.         ca_private_key = self.path
  85. 

  86.         # openssl x509 -req -days 360 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt        # print()
  87.         subprocess.check_output(['openssl',
  88.                         'x509',
  89.                         '-req',
  90.                         '-days', self.ca_validity,
  91.                         '-in', pub_key_path,
  92.                         '-CA', "%s.pub"%self.path,
  93.                         '-CAkey', self.path,
  94.                         '-CAcreateserial',
  95.                         '-out', cert_path,
  96.                         '-%s'%self.key_algorithm])
  97. 

  98.         return cert_path
  99.