LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 Commits
7 Branches
218 KiB
Tree: ee88529f1d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee88529f1d'
${ noResults }
ca_manager/models/ssl.py

104 lines
2.9 KiB
Raw Normal View History

move ssh and ssl authority and requests to respective modules
8 years ago
 
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. 

  4. from peewee import *
  5. 

  6. import os
  7. import os.path
  8. import subprocess
  9. 

  10. from models.authority import Authority
  11. from models.certificate import Certificate
  12. from models.request import SignRequest
  13. from paths import *
  14. 

  15. class HostSSLRequest(SignRequest):
  16.     def __init__(self, req_id, host_name, key_data):
  17.         super(HostSSLRequest, self).__init__(req_id)
  18. 

  19.         self.host_name = host_name
  20.         self.key_data = key_data
  21. 

  22.     @property
  23.     def name(self):
  24.         return "Hostname: %s" % self.host_name
  25. 

  26.     @property
  27.     def fields(self):
  28.         return [
  29.             ("Hostname", self.host_name)
  30.         ]
  31. 

  32. 

  33. class SSLAuthority(Authority):
  34.     request_allowed = [ HostSSLRequest, ]
  35. 

  36.     ca_key_algorithm = 'des3'
  37.     key_length = '4096'
  38. 

  39.     key_algorithm = 'sha256'
  40.     ca_validity = '365'
  41.     cert_validity = '365'
  42. 

  43.     def __init__(self, ca_id):
  44.         ssl_ca_dir = os.path.join(MANAGER_PATH, 'ssl_ca')
  45. 

  46.         super(SSLAuthority, self).__init__(ca_id, ssl_ca_dir)
  47. 

  48.     def generate(self):
  49.         if os.path.exists(self.path):
  50.             raise ValueError("A CA with the same id and type already exists")
  51. 

  52.         subprocess.check_output(['openssl',
  53.             'genrsa',
  54.             '-%s'%self.ca_key_algorithm,
  55.             '-out', '%s'%(self.path),
  56.             self.key_length])
  57. 

  58.         subprocess.check_output(['openssl',
  59.             'req',
  60.             '-new',
  61.             '-x509',
  62.             '-days', self.ca_validity,
  63.             '-key', self.path,
  64.             # '-extensions', 'v3_ca'
  65.             '-out', "%s.pub"%self.path,
  66.             # '-config', "%s.conf"%self.path
  67.             ])
  68. 

  69.         with open(self.path + '.serial', 'w') as stream:
  70.             stream.write(str(0))
  71. 

  72. 

  73.     def sign(self, request):
  74.         OUTPUT_PATH
  75. 

  76.         assert type(request) in self.request_allowed
  77. 

  78.         pub_key_path = os.path.join(OUTPUT_PATH, request.req_id + '.pub')
  79.         cert_path = os.path.join(OUTPUT_PATH, request.req_id + '-cert.pub')
  80. 

  81.         with open(self.path + '.serial', 'r') as stream:
  82.             next_serial = int(stream.read())
  83.         with open(self.path + '.serial', 'w') as stream:
  84.             stream.write(str(next_serial + 1))
  85. 

  86.         with open(pub_key_path, 'w') as stream:
  87.             stream.write(request.key_data)
  88. 

  89.         ca_private_key = self.path
  90. 

  91.         # openssl x509 -req -days 360 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt        # print()
  92.         subprocess.check_output(['openssl',
  93.                         'x509',
  94.                         '-req',
  95.                         '-days', self.ca_validity,
  96.                         '-in', pub_key_path,
  97.                         '-CA', "%s.pub"%self.path,
  98.                         '-CAkey', self.path,
  99.                         '-CAcreateserial',
  100.                         '-out', cert_path,
  101.                         '-%s'%self.key_algorithm])
  102. 

  103.         return cert_path
  104.