def write_ca(cert, data, password=None):
key_dest = os.path.join(args.dest, data['key_filename'])
pub_dest = os.path.join(args.dest, data['pub_filename'])
key_der_dest = os.path.join(args.dest, data['key_der_filename'])
pub_der_dest = os.path.join(args.dest, data['pub_der_filename'])
# write files to dest
shutil.copy(ca_storage.path(cert.private_key_path), key_dest)
with open(pub_dest, 'w') as stream:
stream.write(cert.pub)
if password is None:
encryption = NoEncryption()
else:
encryption = BestAvailableEncryption(password)
key_der = cert.key(password=password).private_bytes(
encoding=Encoding.DER, format=PrivateFormat.PKCS8, encryption_algorithm=encryption)
with open(key_der_dest, 'wb') as stream:
stream.write(key_der)
with open(pub_der_dest, 'wb') as stream:
stream.write(cert.dump_certificate(Encoding.DER))
# These keys are only present in CAs:
data['issuer_url'] = ca.issuer_url
data['crl_url'] = ca.crl_url
data['ca_crl_url'] = '%s%s' % (testserver, reverse('django_ca:ca-crl', kwargs={'serial': ca.serial}))
data['ocsp_url'] = '%s%s' % (testserver, reverse('django_ca:ocsp-cert-post',
kwargs={'serial': ca.serial}))
# Update common data for CAs and certs
update_cert_data(cert, data)
def write_ca(cert, data, password=None):
key_dest = os.path.join(args.dest, data["key_filename"])
pub_dest = os.path.join(args.dest, data["pub_filename"])
key_der_dest = os.path.join(args.dest, data["key_der_filename"])
pub_der_dest = os.path.join(args.dest, data["pub_der_filename"])
# write files to dest
shutil.copy(ca_storage.path(cert.private_key_path), key_dest)
with open(pub_dest, "w") as stream:
stream.write(cert.pub.pem)
if password is None:
encryption = NoEncryption()
else:
encryption = BestAvailableEncryption(password)
key_der = cert.key(password=password).private_bytes(
encoding=Encoding.DER,
format=PrivateFormat.PKCS8,
encryption_algorithm=encryption)
with open(key_der_dest, "wb") as stream:
stream.write(key_der)
with open(pub_der_dest, "wb") as stream:
stream.write(cert.pub.der)
# These keys are only present in CAs:
data["issuer_url"] = ca.issuer_url
data["crl_url"] = ca.crl_url
data["ca_crl_url"] = "%s%s" % (
testserver, reverse("django_ca:ca-crl", kwargs={"serial": ca.serial}))
data["ocsp_url"] = "%s%s" % (
testserver,
reverse("django_ca:ocsp-cert-post", kwargs={"serial": ca.serial}),
)
# Update common data for CAs and certs
update_cert_data(cert, data)
c.save()
if cert_data["type"] == "ca":
password = cert_data.get("password")
if password is not None:
password = password.encode("utf-8")
c.generate_ocsp_key(password=password)
# create admin user for login
User.objects.create_superuser("user", "*****@*****.**", "nopass")
ok()
# create a chain file for the child
chain = loaded_cas["child"].pub.pem + loaded_cas["root"].pub.pem
chain_path = ca_storage.path(
ca_storage.save("child-chain.pem", ContentFile(chain)))
cwd = os.getcwd()
rel = lambda p: os.path.relpath(p, cwd) # NOQA
root_ca_path = ca_storage.path(certs["root"]["pub_filename"])
child_ca_path = ca_storage.path(certs["child"]["pub_filename"])
root_cert_path = ca_storage.path(certs["root-cert"]["pub_filename"])
child_cert_path = ca_storage.path(certs["child-cert"]["pub_filename"])
ocsp_url = "%s%s" % (
args.base_url.rstrip("/"),
reverse("django_ca:ocsp-cert-post",
kwargs={"serial": certs["child"]["serial"]}),
)
c.save()
if cert_data['type'] == 'ca':
password = cert_data.get('password')
if password is not None:
password = password.encode('utf-8')
c.generate_ocsp_key(password=password)
# create admin user for login
User.objects.create_superuser('user', '*****@*****.**', 'nopass')
ok()
# create a chain file for the child
chain = loaded_cas['child'].pub + loaded_cas['root'].pub
chain_path = ca_storage.path(ca_storage.save('child-chain.pem', ContentFile(chain)))
base_url = 'http://localhost:8000/'
cwd = os.getcwd()
rel = lambda p: os.path.relpath(p, cwd) # NOQA
root_ca_path = ca_storage.path(certs['root']['pub_filename'])
child_ca_path = ca_storage.path(certs['child']['pub_filename'])
root_cert_path = ca_storage.path(certs['root-cert']['pub_filename'])
child_cert_path = ca_storage.path(certs['child-cert']['pub_filename'])
ocsp_url = '%s%s' % (base_url.rstrip('/'),
reverse('django_ca:ocsp-cert-post', kwargs={'serial': certs['child']['serial']}))
print("")
print('* All certificates are in %s.' % bold(ca_settings.CA_DIR))
