5 from OpenSSL import SSL, crypto, rand
8 def __init__(ca_dir, keepunderscores=False, create=False):
10 if not os.path.isdir(ca_dir):
12 error(ca_does_not_exist)
13 directory_create(ca_dir)
15 [os.makedirs(ca_dir+'/'+dir, mode=0o700) for dir in ['certs', 'crl', 'newcerts']]
16 if not os.path.isfile(ca_dir+'/index.txt'):
17 index = os.open(ca_dir+'/index.txt', mode=0o600)
19 if not os.path.isfile(ca_dir+'/ca.key'):
20 mykey = generate_key()
21 save_key(mykey, ca_dir+'/ca.key')
22 if not os.path.isfile(ca_dir+'/ca.crt'):
23 mycsr = generate_public_csr()
24 mycrt = sign(mycsr, type='ca', selfsigned=True)
25 save_cert(ca_dir+'/ca.crt')
27 def generate_key(bitsize=4096):
29 pkey.generate_key(crypto.TYPE_RSA, bitsize)
36 def save_key(pkey, path):
37 pem = os.open(path, 'wb', mode='0700')
38 pem.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
41 def save_request(req, path):
42 pem = os.open(path, 'wb', mode='0750')
43 pem.write(crypto.dump_certificate_request(crypto.FILENAME_PEM, req))
46 def save_cert(cert, path):
47 pem = os.open(path, 'wb', mode='0750')
48 pem.write(crypto.dump_certificate(crypto.FILENAME_PEM, cert))
51 if __name__ == '__main__':
53 parser = argparse.ArgumentParser(description='Create Certificates with OpenSSL.')
54 parser.add_argument("--output-dir",
55 help="Output directory", default="output")
56 parser.add_argument("--ca-dir",
57 help="CA directory", default="ca")
58 parser.add_argument("--action",
59 help="Type of certificate", required=True,
60 choices=["CA", "SGN", "CRT", "CSR", "CLIENT"])
61 parser.add_argument("--cn",
62 help="Common Name of Certificate", required=True)
63 parser.add_argument("--subject",
64 help="Subject of Certificate", required=True)
65 parser.add_argument("--keep-underscores",
66 help="Do not replace underscores with spaces", action='store_true')
67 parser.add_argument("--additional-cn",
68 help="Additional CNs this Certificate is valid for. Can be specified multiple times.", action='append')
69 args = parser.parse_args()
74 if args['action'] == "CA":
75 if os.path.isdir(args['output_dir']+'/ca/'+args['cn']):
76 error(ca_already_exists)
78 CA(args['output_dir']+"/ca/"+args['cn'], keepunderscores=args['keep-underscores'], create=True)
80 elif args['action'] == "SGN":
81 """ regularly signed certificate """
83 mykey = CA.generate_key()
84 mycsr = CA.generate_csr(args['cn'], args['subject'], args['additional-cns'], keepunderscores=args['keep-underscores'])
85 mycrt = CA.sign(mycsr, type='server', selfsigned=False)
87 elif args['action'] == "CRT":
88 """ self signed certificate """
90 mykey = CA.generate_key()
91 mycsr = CA.generate_csr(args['cn'], args['subject'], args['additional-cns'], keepunderscores=args['keep-underscores'])
92 mycrt = CA.sign(mycsr, type='server', selfsigned=True)
94 elif args['action'] == "CLIENT":
95 """ client certificate """
97 mykey = CA.generate_key()
98 mycsr = CA.generate_csr(args['cn'], args['subject'], args['additional-cns'], keepunderscores=args['keep-underscores'])
99 mycrt = CA.sign(mycsr, type='server', selfsigned=False)