#!/usr/bin/python2

import sys, getopt, os

def usage():
	print ' USAGE: ./myPKI.py [OPTIONS]'
	print
	print ' OPTIONS:'
	print '\t-A --initall\t-i -g -d -s'
	print '\t-i --init\tInitialise directorys of PKI'
	print '\t-g --genca\tGenerate CA root'
	print '\t-d --gender'
	print '\t-s --gensign\tGenerate and sign certificate'
	print '\t-h --help\tShows this help'
    
def generate_sign():
	tld = raw_input("=> TLD of your certificate :")
	os.system("openssl genrsa -out ./certificats/"+tld+".key 4096")
	os.system("openssl req -days 3000 -new -key ./certificats/"+tld+".key -out certificats/"+tld+".csr")
	os.system("openssl ca -config config/ca.config -out "+tld+".crt -infiles certificats/"+tld+".csr")
	print "[*] Certificate Signed !"

def generate_der():
	os.system("openssl x509 -in certificats/ca.crt -outform DER -out certificats/ca.der")
	print "[*] Put public CA ./certificats/ca.der on all browser you see !"
    
def generate_ca():
	if not os.path.isfile("./certificats/ca.key"):
		os.system("openssl genrsa -out ./certificats/ca.key 4096")
		os.system("openssl req -utf8 -new -x509 -days 3000 -key ./certificats/ca.key -out ./certificats/ca.crt")
		print "[*] CA Certificate done !"
	else:
		print "[x] CA Certificate already exist..."
		

def init_dir():
	if not os.path.exists("./db/ca.dbcerts"):
		print "[*] Creating directories"
		os.makedirs("./db/ca.db.certs")
		os.makedirs("./config")
		os.makedirs("./certificats")
		os.system("echo '01'> ./db/ca.db.serial")
		os.system("cp /dev/null ./db/ca.db.index")
		os.system("touch ./config/ca.config")
		os.system(	"cat << EOF > ./config/ca.config\n"+
					"[ ca ]\n"+
					"default_ca      = CA_own\n"+
					"[ CA_own ]\n"+
					"dir             = ./db\n"+
					"certs           = ./db\n"+
					"new_certs_dir   = ./db/ca.db.certs\n"+
					"database        = ./db/ca.db.index\n"+
					"serial          = ./db/ca.db.serial\n"+
					"RANDFILE        = ./db/ca.db.rand\n"+
					"certificate     = ./certificats/ca.crt\n"+
					"private_key     = ./certificats/ca.key\n"+
					"default_days    = 3000\n"+
					"default_crl_days = 30\n"+
					"default_md      = sha256\n"+
					"preserve        = no\n"+
					"policy  = policy_anything\n"+
					"[ policy_anything ]\n"+
					"countryName             = France\n"+
					"stateOrProvinceName     = Limousin\n"+
					"localityName            = Limoges\n"+
					"organizationName        = IMAO-SAS\n"+
					"organizationalUnitName  = IT\n"+
					"commonName              = supplied\n"+
					"emailAddress            = it@imao-fr.com\n"+
					"EOF\n")
	print "[x] Directorys already exist"
	

def main():
	try:
		opts, args = getopt.getopt(sys.argv[1:], "Ahigds", ["initall", "help", "init", "genca", "gender", "gensign"])
		
		for o, a in opts:
			if o in ("--help"):
				usage()
				sys.exit()
			elif o in ("--genca"):
				generate_ca()
			elif o in ("--init"):
				init_dir()
			elif o in ("--gender"):
				generate_der()
			elif o in ("--gensign"):
				generate_sign()
			elif o in ("--initall"):
				init_dir()
				generate_ca()
				generate_der()
				generate_sign()

			else:
				error("option '"+o+"' doesn't exists")

	except getopt.GetoptError, err:
		sys.stderr.write(str(err))
		usage()
		sys.exit(2)            

if __name__ == "__main__":
	main()