|
|
- #!/usr/bin/env python3
- # -*- coding: utf-8 -*-
-
- from playhouse.gfk import *
-
- import os
- import os.path
- import subprocess
-
- from models.authority import Authority
- from models.certificate import Certificate
- from models.request import SignRequest
- from paths import *
-
- class HostSSLRequest(SignRequest):
- def __init__(self, req_id, host_name, key_data):
- super(HostSSLRequest, self).__init__(req_id)
-
- self.host_name = host_name
- self.key_data = key_data
-
- @property
- def name(self):
- return "Hostname: %s" % self.host_name
-
- @property
- def fields(self):
- return [
- ("Hostname", self.host_name)
- ]
-
- @property
- def receiver(self):
- return self.host_name
-
- class SSLAuthority(Authority):
- request_allowed = [ HostSSLRequest, ]
-
- ca_key_algorithm = 'des3'
- key_length = '4096'
-
- key_algorithm = 'sha256'
- ca_validity = '365'
- cert_validity = '365'
-
- def generate(self):
- if os.path.exists(self.path):
- raise ValueError("A CA with the same id and type already exists")
-
- subprocess.check_output(['openssl',
- 'genrsa',
- '-%s'%self.ca_key_algorithm,
- '-out', '%s'%(self.path),
- self.key_length])
-
- subprocess.check_output(['openssl',
- 'req',
- '-new',
- '-x509',
- '-days', self.ca_validity,
- '-key', self.path,
- # '-extensions', 'v3_ca'
- '-out', "%s.pub"%self.path,
- # '-config', "%s.conf"%self.path
- ])
-
- with open(self.path + '.serial', 'w') as stream:
- stream.write(str(0))
-
-
- def generate_certificate(self, request):
- """
- Sign a *SSLRequest with this certification authority
- """
-
- pub_key_path = request.destination + '.pub'
- cert_path = request.destination + '-cert.pub'
-
- with open(pub_key_path, 'w') as stream:
- stream.write(request.key_data)
-
- subprocess.check_output(['openssl',
- 'x509',
- '-req',
- '-days', self.ca_validity,
- '-in', pub_key_path,
- '-CA', "%s.pub"%self.path,
- '-CAkey', self.path,
- '-CAcreateserial',
- '-out', cert_path,
- '-%s'%self.key_algorithm])
-
- return self.ca_validity
-
|
