New config file, support of alt_names

Makefile

@@ -0,0 +1,13 @@
+clean :
+	rm -rf {certificats,config,db}
+	rm -rf *.crt
+
+test :
+	./myPKI.py -i
+	./myPKI.py -g
+	./myPKI.py --gender
+	./myPKI.py --gensign
+
+all :
+	make clean
+	make test

ca.config.sample

@@ -0,0 +1,68 @@
+ [ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+dir             = ./db
+certs           = ./db
+new_certs_dir   = ./db/ca.db.certs
+database        = ./db/ca.db.index
+serial          = ./db/ca.db.serial
+certificate     = ./certificats/ca.crt
+private_key     = ./certificats/ca.key
+default_days    = 3000
+default_crl_days = 30
+default_md      = sha256
+preserve        = no
+distinguished_name = req_distinguished_name
+policy = generic_policy
+
+
+ [ req ]
+ distinguished_name     = req_noms_distingues
+ policy = generic_policy
+ req_extensions = v3_req
+
+ [ v3_req ]
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = DNSCHANGEME
+IP.1 = 0.0.0.0
+
+
+
+[ req_noms_distingues ]
+organizationName = Organizationnal Name
+organizationalUnitName = Organizational Unit Name (department, division) 
+emailAddress = Email Address 
+emailAddress_max = 40 
+localityName = Locality Name (city, district) 
+stateOrProvinceName = State or Province Name (full name) 
+countryName = Country Name (2 letter code) 
+countryName_min = 2 
+countryName_max = 2 
+commonName = Common Name (hostname, IP, or your name) 
+commonName_max = 64 
+
+
+countryName_default    = FR
+organizationName_default   = IMAO-SAS Certificate authority
+localityName_default   = Limoges
+stateOrProvinceName_default = Limousin
+organizationalUnitName_default = Information Technology
+emailAddress_default = it@imao-fr.com
+commonName_default = Root Certificate
+
+
+[ generic_policy ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional

myPKI.py

@@ -1,4 +1,9 @@
-#!/usr/bin/python2
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+
+# Todo :
+# - Fix options in command line. -d and -s not working
+
 
 import sys, getopt, os
 
@@ -13,13 +18,29 @@ def usage():
 	print '\t-s --gensign\tGenerate and sign certificate'
 	print '\t-h --help\tShows this help'
     
+
 def generate_sign():
 	tld = raw_input("=> TLD of your certificate :")
+	ip_addr = raw_input("=> IPv4 :")
+
+	# Changement du fichier de config
+	os.system('sed -i "s/DNSCHANGEME/'+ tld +'/" ./config/ca.config')
+	os.system('sed -i "s/0.0.0.0/'+ ip_addr +'/" ./config/ca.config')
+	os.system('sed -i "s/Root Certificate/'+ tld +'/" ./config/ca.config')
+	
+	# Création des certificats
 	os.system("openssl genrsa -out ./certificats/"+tld+".key 4096")
 	os.system("openssl req -days 3000 -new -config config/ca.config -key ./certificats/"+tld+".key -out certificats/"+tld+".csr")
 	os.system("openssl ca -out "+tld+".crt -config config/ca.config -infiles certificats/"+tld+".csr ")
+	
+	# On restaure ca.config d'origine
+	os.system('sed -i "s/'+ tld +'/DNSCHANGEME/" ./config/ca.config')
+	os.system('sed -i "s/'+ ip_addr +'/0.0.0.0/" ./config/ca.config')
+	os.system('sed -i "s/'+ tld +'/Root Certificate/" ./config/ca.config')
+
 	print "[*] Certificate Signed !"
 
+
 def generate_der():
 	os.system("openssl x509 -in certificats/ca.crt -outform DER -out certificats/ca.der")
 	print "[*] Put public CA ./certificats/ca.der on all browser you see !"
@@ -27,7 +48,7 @@ def generate_der():
 def generate_ca():
 	if not os.path.isfile("./certificats/ca.key"):
 		os.system("openssl genrsa -out ./certificats/ca.key 4096")
-		os.system("openssl req -utf8 -new -x509 -days 3000 -config config/ca.config -key ./certificats/ca.key -out ./certificats/ca.crt")
+		os.system("openssl req -utf8 -new -x509 -days 3000 -config ./config/ca.config -key ./certificats/ca.key -out ./certificats/ca.crt")
 		print "[*] CA Certificate done !"
 	else:
 		print "[x] CA Certificate already exist..."
@@ -41,33 +62,10 @@ def init_dir():
 		os.makedirs("./certificats")
 		os.system("echo '01'> ./db/ca.db.serial")
 		os.system("cp /dev/null ./db/ca.db.index")
-		os.system("touch ./config/ca.config")
-		os.system(	"cat << EOF > ./config/ca.config\n"+
-					"[ ca ]\n"+
-					"default_ca      = CA_own\n"+
-					"[ CA_own ]\n"+
-					"dir             = ./db\n"+
-					"certs           = ./db\n"+
-					"new_certs_dir   = ./db/ca.db.certs\n"+
-					"database        = ./db/ca.db.index\n"+
-					"serial          = ./db/ca.db.serial\n"+
-					"RANDFILE        = ./db/ca.db.rand\n"+
-					"certificate     = ./certificats/ca.crt\n"+
-					"private_key     = ./certificats/ca.key\n"+
-					"default_days    = 3000\n"+
-					"default_crl_days = 30\n"+
-					"default_md      = sha256\n"+
-					"preserve        = no\n"+
-					"policy  = policy_anything\n"+
-					"[ policy_anything ]\n"+
-					"countryName             = France\n"+
-					"stateOrProvinceName     = Limousin\n"+
-					"localityName            = Limoges\n"+
-					"organizationName        = IMAO-SAS\n"+
-					"organizationalUnitName  = IT\n"+
-					"commonName              = supplied\n"+
-					"emailAddress            = it@imao-fr.com\n"+
-					"EOF\n")
+		os.system("cp ./ca.config.sample ./config/ca.config")
+		os.system("touch ./db/ca.db.index.attr")
+
+
 	else:
 		print "[x] Directorys already exist"