add python thing

[tools/certgen.git] / certgen.py

#!/usr/bin/env python3

import argparse
import os, sys
from OpenSSL import SSL, crypto, rand

class CA:
    def __init__(ca_dir, keepunderscores=False, create=False):
        self.ca_dir = ca_dir
        if not os.path.isdir(ca_dir):
            if not create:
                error(ca_does_not_exist)
            directory_create(ca_dir)
            os.mkdirs(ca_dir)
            [os.makedirs(ca_dir+'/'+dir, mode=0o700) for dir in ['certs', 'crl', 'newcerts']]
            if not os.path.isfile(ca_dir+'/index.txt'):
                index = os.open(ca_dir+'/index.txt', mode=0o600)
                index.close()
            if not os.path.isfile(ca_dir+'/ca.key'):
                mykey = generate_key()
                save_key(mykey, ca_dir+'/ca.key')
            if not os.path.isfile(ca_dir+'/ca.crt'):
                mycsr = generate_public_csr()
                mycrt = sign(mycsr, type='ca', selfsigned=True)
                save_cert(ca_dir+'/ca.crt')

    def generate_key(bitsize=4096):
        pkey = crypto.Pkey()
        pkey.generate_key(crypto.TYPE_RSA, bitsize)
        return pkey

    def generate_csr():
        # TODO
        pass

    def save_key(pkey, path):
        pem = os.open(path, 'wb', mode='0700')
        pem.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
        pem.close()

    def save_request(req, path):
        pem = os.open(path, 'wb', mode='0750')
        pem.write(crypto.dump_certificate_request(crypto.FILENAME_PEM, req))
        pem.close

    def save_cert(cert, path):
        pem = os.open(path, 'wb', mode='0750')
        pem.write(crypto.dump_certificate(crypto.FILENAME_PEM, cert))
        pem.close

if __name__ == '__main__':

    parser = argparse.ArgumentParser(description='Create Certificates with OpenSSL.')
    parser.add_argument("--output-dir",
            help="Output directory", default="output")
    parser.add_argument("--ca-dir",
            help="CA directory", default="ca")
    parser.add_argument("--action",
            help="Type of certificate", required=True,
            choices=["CA", "SGN", "CRT", "CSR", "CLIENT"])
    parser.add_argument("--cn",
            help="Common Name of Certificate", required=True)
    parser.add_argument("--subject",
            help="Subject of Certificate", required=True)
    parser.add_argument("--keep-underscores",
            help="Do not replace underscores with spaces", action='store_true')
    parser.add_argument("--additional-cn",
            help="Additional CNs this Certificate is valid for. Can be specified multiple times.", action='append')
    args = parser.parse_args()

    os.umask(0o0022)
    print (args)

    if args['action'] == "CA":
        if os.path.isdir(args['output_dir']+'/ca/'+args['cn']):
            error(ca_already_exists)
        else:
            CA(args['output_dir']+"/ca/"+args['cn'], keepunderscores=args['keep-underscores'], create=True)

    elif args['action'] == "SGN":
        """ regularly signed certificate """
        CA(args['ca_dir'])
        mykey = CA.generate_key()
        mycsr = CA.generate_csr(args['cn'], args['subject'], args['additional-cns'], keepunderscores=args['keep-underscores'])
        mycrt = CA.sign(mycsr, type='server', selfsigned=False)

    elif args['action'] == "CRT":
        """ self signed certificate """
        CA(args['ca_dir'])
        mykey = CA.generate_key()
        mycsr = CA.generate_csr(args['cn'], args['subject'], args['additional-cns'], keepunderscores=args['keep-underscores'])
        mycrt = CA.sign(mycsr, type='server', selfsigned=True)

    elif args['action'] == "CLIENT":
        """ client certificate """
        CA(args['ca_dir'])
        mykey = CA.generate_key()
        mycsr = CA.generate_csr(args['cn'], args['subject'], args['additional-cns'], keepunderscores=args['keep-underscores'])
        mycrt = CA.sign(mycsr, type='server', selfsigned=False)