def sign_csr(csr,ca_cn,attrib,algorithm='sha512',expires=1825):
ca = CertificateAuthority.objects.get(cn=ca_cn)
# TODO: Check to see if the certificate already exists, and if so, is it the same user? Revoke the old one?
cert = Certificate(ca=ca, csr=csr)
expiry = datetime.datetime.now() + datetime.timedelta(expires)
cert.x509 = Certificate.objects.init(
ca=ca, csr=csr, algorithm=algorithm, expires=expiry, subject={'CN': attrib.get('CN'), },
subjectAltName=attrib['san'])
cert.save()
return cert.pub
def create_cert(cls, ca, csr, subject, san=None, **kwargs):
cert_kwargs = get_cert_profile_kwargs()
cert_kwargs.update(kwargs)
cert_kwargs.setdefault('subject', {})
cert_kwargs['subject'].update(subject)
x509 = Certificate.objects.init(ca=ca, csr=csr, algorithm='sha256', expires=720,
subjectAltName=san, **cert_kwargs)
expires = parse_date(x509.get_notAfter().decode('utf-8'))
cert = Certificate(ca=ca, csr=csr, expires=expires)
cert.x509 = x509
cert.save()
return cert
def create_cert(cls, ca, csr, subject, san=None, **kwargs):
cert_kwargs = get_cert_profile_kwargs()
cert_kwargs.update(kwargs)
cert_kwargs.setdefault('subject', {})
cert_kwargs['subject'].update(subject)
x509 = Certificate.objects.init(
ca=ca, csr=csr, algorithm='sha256', expires=cls.expires(720), subjectAltName=san,
**cert_kwargs)
expires = parse_date(x509.get_notAfter().decode('utf-8'))
cert = Certificate(ca=ca, csr=csr, expires=expires)
cert.x509 = x509
cert.save()
return cert
def handle(self, *args, **options):
if not options['CN'] and not options['alt']:
raise CommandError("Must give at least --CN or one or more --alt arguments.")
# construct subject
subject = OrderedDict()
for field in ['C', 'ST', 'L', 'O', 'OU', 'CN', ]:
if options.get(field):
subject[field] = options[field]
if options.get('E'):
subject['emailAddress'] = options['E']
if options['csr'] is None:
print('Please paste the CSR:')
csr = ''
while not csr.endswith('-----END CERTIFICATE REQUEST-----\n'):
csr += '%s\n' % six.moves.input()
csr = csr.strip()
else:
csr = open(options['csr']).read()
# get list of watchers
watchers = [Watcher.from_addr(addr) for addr in options['watch']]
# get keyUsage and extendedKeyUsage flags based on profiles
kwargs = get_cert_profile_kwargs(options['profile'])
if options['cn_in_san'] is not None:
kwargs['cn_in_san'] = options['cn_in_san']
if options['key_usage']:
kwargs['keyUsage'] = self.parse_extension(options['key_usage'])
if options['ext_key_usage']:
kwargs['extendedKeyUsage'] = self.parse_extension(options['ext_key_usage'])
if subject:
kwargs['subject'] = subject
expires = datetime.today() + timedelta(days=options['days'] + 1)
expires = expires.replace(hour=0, minute=0, second=0, microsecond=0)
x509 = get_cert(csr=csr, expires=expires, subjectAltName=options['alt'], **kwargs)
cert = Certificate(csr=csr, expires=expires)
cert.x509 = x509
cert.save()
cert.watchers.add(*watchers)
if options['out']:
with open(options['out'], 'w') as f:
f.write(cert.pub.decode('utf-8'))
else:
self.stdout.write(cert.pub.decode('utf-8'))
def handle(self, pub, **options):
pub_data = pub.read()
# load public key
try:
pub_loaded = x509.load_pem_x509_certificate(
pub_data, default_backend())
except:
try:
pub_loaded = x509.load_der_x509_certificate(
pub_data, default_backend())
except:
raise CommandError('Unable to load public key.')
cert = Certificate(ca=options['ca'])
cert.x509 = pub_loaded
cert.save()
def load_cert(cls, ca, x509):
cert = Certificate(ca=ca, csr='none')
cert.x509 = x509
cert.save()
return cert
def load_cert(cls, ca, x509):
cert = Certificate(ca=ca, csr='none')
cert.x509 = x509
cert.save()
return cert