| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 |
- #!/usr/bin/python2
- import sys, getopt, os
- def usage():
- print ' USAGE: ./myPKI.py [OPTIONS]'
- print
- print ' OPTIONS:'
- print '\t-A --initall\t-i -g -d -s'
- print '\t-i --init\tInitialise directorys of PKI'
- print '\t-g --genca\tGenerate CA root'
- print '\t-d --gender'
- print '\t-s --gensign\tGenerate and sign certificate'
- print '\t-h --help\tShows this help'
-
- def generate_sign():
- tld = raw_input("=> TLD of your certificate :")
- os.system("openssl genrsa -out ./certificats/"+tld+".key 4096")
- os.system("openssl req -days 3000 -new -key ./certificats/"+tld+".key -out certificats/"+tld+".csr")
- os.system("openssl ca -config config/ca.config -out "+tld+".crt -infiles certificats/"+tld+".csr")
- print "[*] Certificate Signed !"
- def generate_der():
- os.system("openssl x509 -in certificats/ca.crt -outform DER -out certificats/ca.der")
- print "[*] Put public CA ./certificats/ca.der on all browser you see !"
-
- def generate_ca():
- if not os.path.isfile("./certificats/ca.key"):
- os.system("openssl genrsa -out ./certificats/ca.key 4096")
- os.system("openssl req -utf8 -new -x509 -days 3000 -key ./certificats/ca.key -out ./certificats/ca.crt")
- print "[*] CA Certificate done !"
- else:
- print "[x] CA Certificate already exist..."
-
- def init_dir():
- if not os.path.exists("./db/ca.dbcerts"):
- print "[*] Creating directories"
- os.makedirs("./db/ca.db.certs")
- os.makedirs("./config")
- os.makedirs("./certificats")
- os.system("echo '01'> ./db/ca.db.serial")
- os.system("cp /dev/null ./db/ca.db.index")
- os.system("touch ./config/ca.config")
- os.system( "cat << EOF > ./config/ca.config\n"+
- "[ ca ]\n"+
- "default_ca = CA_own\n"+
- "[ CA_own ]\n"+
- "dir = ./db\n"+
- "certs = ./db\n"+
- "new_certs_dir = ./db/ca.db.certs\n"+
- "database = ./db/ca.db.index\n"+
- "serial = ./db/ca.db.serial\n"+
- "RANDFILE = ./db/ca.db.rand\n"+
- "certificate = ./certificats/ca.crt\n"+
- "private_key = ./certificats/ca.key\n"+
- "default_days = 3000\n"+
- "default_crl_days = 30\n"+
- "default_md = sha256\n"+
- "preserve = no\n"+
- "policy = policy_anything\n"+
- "[ policy_anything ]\n"+
- "countryName = France\n"+
- "stateOrProvinceName = Limousin\n"+
- "localityName = Limoges\n"+
- "organizationName = IMAO-SAS\n"+
- "organizationalUnitName = IT\n"+
- "commonName = supplied\n"+
- "emailAddress = it@imao-fr.com\n"+
- "EOF\n")
- print "[x] Directorys already exist"
-
- def main():
- try:
- opts, args = getopt.getopt(sys.argv[1:], "Ahigds", ["initall", "help", "init", "genca", "gender", "gensign"])
-
- for o, a in opts:
- if o in ("--help"):
- usage()
- sys.exit()
- elif o in ("--genca"):
- generate_ca()
- elif o in ("--init"):
- init_dir()
- elif o in ("--gender"):
- generate_der()
- elif o in ("--gensign"):
- generate_sign()
- elif o in ("--initall"):
- init_dir()
- generate_ca()
- generate_der()
- generate_sign()
- else:
- error("option '"+o+"' doesn't exists")
- except getopt.GetoptError, err:
- sys.stderr.write(str(err))
- usage()
- sys.exit(2)
- if __name__ == "__main__":
- main()
|
