def get_root_certificate():
"""
Get the certificate for the root CA
:return:
"""
if CertificateManager.cert_file_exists(CONFIG["pki"]["ca-cert-name"]):
# Certificate exists
return CertificateManager.load_cert(CONFIG["pki"]["ca-cert-name"])
else:
# Create CA certificate
pkey = CertificateManager.create_key_pair()
csr = CertificateManager.create_csr(pkey, O="AC-PKI", OU="CA", C="NO", ST="Oslo", L="Oslo",
CN="Root CA")
cert = CertificateManager.create_self_signed_cert(csr, pkey, RA.get_next_serial())
# Save files and return
CertificateManager.save_pkey(pkey, CONFIG["pki"]["ca-pkey-name"])
CertificateManager.save_cert(cert, CONFIG["pki"]["ca-cert-name"])
return cert
if CertificateManager.cert_file_exists(
"ca.cert") and CertificateManager.cert_file_exists("ca.pkey"):
# Load existing
print("Loading existing CA certificate from file")
ca_cert = CertificateManager.load_cert("ca.cert")
ca_key_pair = CertificateManager.load_pkey("ca.pkey")
else:
# Generate new
print("Generating CA certificate")
ca_key_pair = CertificateManager.create_key_pair(crypto.TYPE_RSA, 2048)
csr = CertificateManager.create_csr(ca_key_pair,
C="NO",
ST="Oslo",
O="Corp",
OU="Blab")
ca_cert = CertificateManager.create_self_signed_cert(csr, ca_key_pair, 0)
CertificateManager.save_pkey(ca_key_pair, "ca.pkey")
CertificateManager.save_cert(ca_cert, "ca.cert")
# Create client certificate
if CertificateManager.cert_file_exists(
"client.cert") and CertificateManager.cert_file_exists("client.pkey"):
# Load existing
print("Loading existing client certificate from file")
client_cert = CertificateManager.load_cert("client.cert")
else:
# Generate new
print("Generating client certificate")
client_key_pair = CertificateManager.create_key_pair(crypto.TYPE_RSA, 2048)
csr = CertificateManager.create_csr(client_key_pair,
C="NO",