AdminSys
/
MyPKI


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
							#!/usr/bin/env python2
# -*- coding: utf-8 -*-

# Todo :
# - Fix options in command line. -d and -s not working


import sys, getopt, os

def usage():
	print ' USAGE: ./myPKI.py [OPTIONS]'
	print
	print ' OPTIONS:'
	print '\t-A --initall\t-i -g -d -s'
	print '\t-i --init\tInitialise directorys of PKI'
	print '\t-g --genca\tGenerate CA root'
	print '\t-d --gender\tGenerate DER cert for browser'
	print '\t-s --gensign\tGenerate and sign certificate'
	print '\t-h --help\tShows this help'
    

def generate_sign():
	tld = raw_input("=> TLD of your certificate :")
	ip_addr = raw_input("=> IPv4 :")

	# Changement du fichier de config
	os.system('sed -i "s/DNSCHANGEME/'+ tld +'/" ./config/ca.config')
	os.system('sed -i "s/0.0.0.0/'+ ip_addr +'/" ./config/ca.config')
	os.system('sed -i "s/Root Certificate/'+ tld +'/" ./config/ca.config')
	
	# Création des certificats
	os.system("openssl genrsa -out ./certificats/"+tld+".key 4096")
	os.system("openssl req -days 3000 -new -config config/ca.config -key ./certificats/"+tld+".key -out certificats/"+tld+".csr")
	os.system("openssl ca -out "+tld+".crt -config config/ca.config -infiles certificats/"+tld+".csr ")
	
	# On restaure ca.config d'origine
	os.system('sed -i "s/'+ tld +'/DNSCHANGEME/" ./config/ca.config')
	os.system('sed -i "s/'+ ip_addr +'/0.0.0.0/" ./config/ca.config')
	os.system('sed -i "s/'+ tld +'/Root Certificate/" ./config/ca.config')

	print "[*] Certificate Signed !"


def generate_der():
	os.system("openssl x509 -in certificats/ca.crt -outform DER -out certificats/ca.der")
	print "[*] Put public CA ./certificats/ca.der on all browser you see !"
    
def generate_ca():
	if not os.path.isfile("./certificats/ca.key"):
		os.system("openssl genrsa -out ./certificats/ca.key 4096")
		os.system("openssl req -utf8 -new -x509 -days 3000 -config ./config/ca.config -key ./certificats/ca.key -out ./certificats/ca.crt")
		print "[*] CA Certificate done !"
	else:
		print "[x] CA Certificate already exist..."
		

def init_dir():
	if not os.path.exists("./db/ca.db.certs"):
		print "[*] Creating directories"
		os.makedirs("./db/ca.db.certs")
		os.makedirs("./config")
		os.makedirs("./certificats")
		os.system("echo '01'> ./db/ca.db.serial")
		os.system("cp /dev/null ./db/ca.db.index")
		os.system("cp ./ca.config.sample ./config/ca.config")
		os.system("touch ./db/ca.db.index.attr")


	else:
		print "[x] Directorys already exist"
	

def main():
	try:
		opts, args = getopt.getopt(sys.argv[1:], "Ahigds", ["initall", "help", "init", "genca", "gender", "gensign"])
		
		for o, a in opts:
			if o in ("--help"):
				usage()
				sys.exit()
			elif o in ("--genca"):
				generate_ca()
			elif o in ("--init"):
				init_dir()
			elif o in ("--gender"):
				generate_der()
			elif o in ("--gensign"):
				generate_sign()
			elif o in ("--initall"):
				init_dir()
				generate_ca()
				generate_der()
				generate_sign()
		sys.exit()

	except getopt.GetoptError, err:
		sys.stderr.write(str(err))
		usage()
		sys.exit(2)            

if __name__ == "__main__":
	main()