Exemple #1
0
    def generate_certificate(self, domain, save_model):
        """This function takes a domain name as a parameter and then creates
        a certificate and key with the domain name (replacing dots
        by underscores), finally signing the certificate using specified CA and
        returns the path of key and cert files. If you are yet to generate a CA
        then check the top comments"""

        logger.info("SimpleCA: certificate creation request %s" % (domain,))

        ca_private_key = asymmetric.load_private_key(
            self.ca_key,
            password=settings.CA_KEY_PASSWD)
        ca_certificate = asymmetric.load_certificate(self.ca_crt)

        end_entity_public_key, end_entity_private_key = \
            asymmetric.generate_pair('rsa', bit_size=2048)

        builder = CertificateBuilder(
            {
                'country_name': 'CR',
                'state_or_province_name': 'San Jose',
                'locality_name': 'Costa Rica',
                'organization_name': save_model.name,
                "organizational_unit_name": save_model.institution_unit,
                'common_name': domain,
            },
            end_entity_public_key
        )
        now = timezone.now()
        builder.issuer = ca_certificate
        builder.begin_date = now
        builder.end_date = now+timedelta(settings.CA_CERT_DURATION)
        builder.key_usage = set(['digital_signature'])
        end_entity_certificate = builder.build(ca_private_key)
        # settings.CA_CERT_DURATION

        server_public_key, server_private_key = \
            asymmetric.generate_pair('rsa', bit_size=2048)

        save_model.private_key = asymmetric.dump_private_key(
            end_entity_private_key, None)
        save_model.public_key = asymmetric.dump_public_key(
            end_entity_public_key)
        save_model.public_certificate = pem_armor_certificate(
            end_entity_certificate)

        save_model.server_sign_key = asymmetric.dump_private_key(
            server_private_key, None)
        save_model.server_public_key = asymmetric.dump_public_key(
            server_public_key)

        logger.debug("SimpleCA: New certificate for %s is %r" %
                     (domain, save_model.public_certificate))
        return save_model
Exemple #2
0
def create_certificate():
    root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
        'rsa', bit_size=2048)

    with open('root_ca.key', 'wb') as f:
        f.write(asymmetric.dump_private_key(root_ca_private_key, u'p'))

    with open('root_ca_public.key', 'wb') as f:
        f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem'))

    builder = CertificateBuilder(
        {
            u'country_name': u'US',
            u'state_or_province_name': u'Massachusetts',
            u'locality_name': u'Amherst',
            u'organization_name': u'Name Certifying service',
            u'common_name': u'NCS Root CA',
        }, root_ca_public_key)
    builder.self_signed = True
    builder.ca = True
    root_ca_certificate = builder.build(root_ca_private_key)

    with open('root_ca.crt', 'wb') as f:
        f.write(pem_armor_certificate(root_ca_certificate))

    # Generate an end-entity key and certificate, signed by the root
    end_entity_public_key, end_entity_private_key = asymmetric.generate_pair(
        'rsa', bit_size=2048)

    with open('ramteja_tadishetti_private.key', 'wb') as f:
        f.write(asymmetric.dump_private_key(end_entity_private_key, u'p'))

    with open('ramteja_tadishetti_public.key', 'wb') as f:
        f.write(asymmetric.dump_public_key(end_entity_public_key, 'pem'))

    builder = CertificateBuilder(
        {
            u'country_name': u'US',
            u'state_or_province_name': u'Massachusetts',
            u'locality_name': u'Amherst',
            u'organization_name': u'Ramteja Tadishetti Corp',
            u'common_name': u'ramtejatadishetti',
        }, end_entity_public_key)
    builder.issuer = root_ca_certificate
    #builder.set_extension( u'1.2.840.113549.1.1.1', 'ramteja', allow_deprecated=False)
    end_entity_certificate = builder.build(root_ca_private_key)

    with open('ramteja_tadishetti.crt', 'wb') as f:
        f.write(pem_armor_certificate(end_entity_certificate))
Exemple #3
0
def build_ca():
    if not os.path.exists(settings.CA_PATH):
        os.makedirs(settings.CA_PATH)

    root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
        'rsa', bit_size=4096)

    with open(settings.CA_KEY, 'wb') as f:
        f.write(
            asymmetric.dump_private_key(root_ca_private_key,
                                        settings.CA_KEY_PASSWD))

    builder = CertificateBuilder(
        {
            'country_name': 'CR',
            'state_or_province_name': 'San Jose',
            'locality_name': 'Costa Rica',
            'organization_name': 'DFVA Independiente',
            'common_name': 'DFVA Root CA 1',
        }, root_ca_public_key)
    now = timezone.now()
    builder.self_signed = True
    builder.ca = True
    builder.end_date = now + timedelta(settings.CA_CERT_DURATION * 10)
    root_ca_certificate = builder.build(root_ca_private_key)

    with open(settings.CA_CERT, 'wb') as f:
        f.write(pem_armor_certificate(root_ca_certificate))

    builder = CertificateListBuilder('http://crl.dfva.info',
                                     root_ca_certificate, 1000)
    crl_list = builder.build(root_ca_private_key)

    with open(settings.CA_CRL, 'wb') as f:
        f.write(crl_list.dump())
def generate_cert_and_key(cn, filename, keysize, keytype='rsa'):
    ca_key_name = '%s.key' % filename
    ca_cert_name = '%s.crt' % filename

    curdir = pathlib.Path(__file__).parent

    # Generate and save the key and certificate for the root CA
    root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
        keytype, bit_size=keysize)

    with open(curdir.joinpath(ca_key_name), 'wb') as f:
        f.write(asymmetric.dump_private_key(root_ca_private_key, None))

    builder = CertificateBuilder(
        {
            'country_name': 'US',
            'state_or_province_name': 'Massachusetts',
            'locality_name': 'Newbury',
            'organization_name': 'Codex Non Sufficit LC',
            'common_name': cn,
        }, root_ca_public_key)
    builder.self_signed = True
    builder.ca = True
    root_ca_certificate = builder.build(root_ca_private_key)

    with open(curdir.joinpath(ca_cert_name), 'wb') as f:
        f.write(pem_armor_certificate(root_ca_certificate))
Exemple #5
0
    def generate_certificate(self, domain, save_model):
        logger.info("Dogtag: certificate creation request %s" % (domain,))

        public_key, private_key = asymmetric.generate_pair(
            'rsa', bit_size=2048)
        data = {
            'common_name': domain,
            'organization_name': save_model.name,
            'organizational_unit_name': save_model.institution_unit,
            'email_address': save_model.email
        }
        data.update(settings.DOGTAG_CERTIFICATE_SCHEME)
        builder = CSRBuilder(
            data,
            public_key
        )
        #builder.subject_alt_domains = ['codexns.io', 'codexns.com']
        request = builder.build(private_key)

        inputs = {
            "cert_request_type": "pkcs10",
            "cert_request": pem_armor_csr(request).decode(),
            "requestor_name": settings.DOGTAG_CERT_REQUESTER,
            "requestor_email": settings.DOGTAG_CERT_REQUESTER_EMAIL,
        }

        logger.debug("Dogtag: request certificate %r" % (inputs,))

        conn = self.get_connection()
        cert_client = pki.cert.CertClient(conn)
        certificates = cert_client.enroll_cert("caServerCert", inputs)

        server_public_key, server_private_key = \
            asymmetric.generate_pair('rsa', bit_size=2048)

        save_model.private_key = asymmetric.dump_private_key(private_key, None)
        save_model.public_key = asymmetric.dump_public_key(public_key)
        save_model.public_certificate = certificates[0].cert.encoded.encode()

        save_model.server_sign_key = asymmetric.dump_private_key(
            server_private_key, None)
        save_model.server_public_key = asymmetric.dump_public_key(
            server_public_key)

        logger.debug("Dogtag: New certificate for %s is %r" %
                     (domain, save_model.public_certificate))
        return save_model
def self_enroll(skip_notify=False):
    assert os.getuid() == 0 and os.getgid(
    ) == 0, "Can self-enroll only as root"

    from certidude import const, config
    common_name = const.FQDN
    os.umask(0o0177)

    try:
        path, buf, cert, signed, expires = get_signed(common_name)
        self_public_key = asymmetric.load_public_key(path)
        private_key = asymmetric.load_private_key(config.SELF_KEY_PATH)
    except FileNotFoundError:  # certificate or private key not found
        click.echo("Generating private key for frontend: %s" %
                   config.SELF_KEY_PATH)
        with open(config.SELF_KEY_PATH, 'wb') as fh:
            if public_key.algorithm == "ec":
                self_public_key, private_key = asymmetric.generate_pair(
                    "ec", curve=public_key.curve)
            elif public_key.algorithm == "rsa":
                self_public_key, private_key = asymmetric.generate_pair(
                    "rsa", bit_size=public_key.bit_size)
            else:
                raise NotImplemented(
                    "CA certificate public key algorithm %s not supported" %
                    public_key.algorithm)
            fh.write(asymmetric.dump_private_key(private_key, None))
    else:
        now = datetime.utcnow()
        if now + timedelta(days=1) < expires:
            click.echo(
                "Certificate %s still valid, delete to self-enroll again" %
                path)
            return

    builder = CSRBuilder({"common_name": common_name}, self_public_key)
    request = builder.build(private_key)
    pid = os.fork()
    if not pid:
        from certidude import authority, config
        from certidude.common import drop_privileges
        drop_privileges()
        assert os.getuid() != 0 and os.getgid() != 0
        path = os.path.join(config.REQUESTS_DIR, common_name + ".pem")
        click.echo("Writing certificate signing request for frontend: %s" %
                   path)
        with open(path, "wb") as fh:
            fh.write(
                pem_armor_csr(request))  # Write CSR with certidude permissions
        authority.sign(common_name,
                       skip_notify=skip_notify,
                       skip_push=True,
                       overwrite=True,
                       profile=config.PROFILES["srv"])
        click.echo("Frontend certificate signed")
        sys.exit(0)
    else:
        os.waitpid(pid, 0)
        os.system("systemctl reload nginx")
Exemple #7
0
        def do_run():
            private = asymmetric.load_private_key(os.path.join(fixtures_dir, 'keys/test.key'))

            for password in [None, 'password123']:
                pem_serialized = asymmetric.dump_private_key(private, password, target_ms=20)
                private_reloaded = asymmetric.load_private_key(pem_serialized, password)
                self.assertTrue(pem.detect(pem_serialized))
                self.assertIsInstance(private_reloaded, asymmetric.PrivateKey)
                self.assertEqual('rsa', private_reloaded.algorithm)
Exemple #8
0
def self_enroll():
    assert os.getuid() == 0 and os.getgid(
    ) == 0, "Can self-enroll only as root"

    from certidude import const
    common_name = const.FQDN
    directory = os.path.join("/var/lib/certidude", const.FQDN)
    self_key_path = os.path.join(directory, "self_key.pem")

    try:
        path, buf, cert, signed, expires = get_signed(common_name)
        self_public_key = asymmetric.load_public_key(path)
        private_key = asymmetric.load_private_key(self_key_path)
    except FileNotFoundError:  # certificate or private key not found
        with open(self_key_path, 'wb') as fh:
            if public_key.algorithm == "ec":
                self_public_key, private_key = asymmetric.generate_pair(
                    "ec", curve=public_key.curve)
            elif public_key.algorithm == "rsa":
                self_public_key, private_key = asymmetric.generate_pair(
                    "rsa", bit_size=public_key.bit_size)
            else:
                NotImplemented
            fh.write(asymmetric.dump_private_key(private_key, None))
    else:
        now = datetime.utcnow()
        if now + timedelta(days=1) < expires:
            click.echo(
                "Certificate %s still valid, delete to self-enroll again" %
                path)
            return

    builder = CSRBuilder({"common_name": common_name}, self_public_key)
    request = builder.build(private_key)
    pid = os.fork()
    if not pid:
        from certidude import authority
        from certidude.common import drop_privileges
        drop_privileges()
        assert os.getuid() != 0 and os.getgid() != 0
        path = os.path.join(directory, "requests", common_name + ".pem")
        click.echo("Writing request to %s" % path)
        with open(path, "wb") as fh:
            fh.write(
                pem_armor_csr(request))  # Write CSR with certidude permissions
        authority.sign(common_name,
                       skip_push=True,
                       overwrite=True,
                       profile=config.PROFILES["srv"])
        sys.exit(0)
    else:
        os.waitpid(pid, 0)
        if os.path.exists("/etc/systemd"):
            os.system("systemctl reload nginx")
        else:
            os.system("service nginx reload")
Exemple #9
0
    def _read_key(self, path):
        # type: (str) -> str
        try:
            privkey = asymmetric.load_private_key(path)
        except Exception as e:
            raise CommandError("Error reading private key at {}: {}".format(path, e))

        key_pem = asymmetric.dump_private_key(privkey, None, 'pem')

        return key_pem
Exemple #10
0
 def test_dump_private(self):
     private = asymmetric.load_private_key(
         os.path.join(fixtures_dir, 'keys/test.key'))
     pem_serialized = asymmetric.dump_private_key(private,
                                                  'password123',
                                                  target_ms=20)
     private_reloaded = asymmetric.load_private_key(pem_serialized,
                                                    'password123')
     self.assertIsInstance(private_reloaded, asymmetric.PrivateKey)
     self.assertEqual('rsa', private_reloaded.algorithm)
Exemple #11
0
    def _generate_key(self, path):
        # type: (str) -> str
        try:
            with open(path, 'wb') as f:
                _, privkey = asymmetric.generate_pair('rsa', bit_size=2048)
                key_pem = asymmetric.dump_private_key(privkey, None, 'pem')
                f.write(key_pem)
        except IOError:
            raise CommandError("{} is not a path to a writable file.".format(path))

        return key_pem
Exemple #12
0
        def do_run():
            private = asymmetric.load_private_key(
                os.path.join(fixtures_dir, 'keys/test.key'))

            for password in [None, 'password123']:
                pem_serialized = asymmetric.dump_private_key(private,
                                                             password,
                                                             target_ms=20)
                private_reloaded = asymmetric.load_private_key(
                    pem_serialized, password)
                self.assertTrue(pem.detect(pem_serialized))
                self.assertIsInstance(private_reloaded, asymmetric.PrivateKey)
                self.assertEqual('rsa', private_reloaded.algorithm)
Exemple #13
0
    def private_key_as_pem(self, passphrase=None):
        """
        Return the private key as a PEM-encoded string.

        :param passphrase: If a `str` object is supplied, encrypt the private
            key with the passphrase before converting it to PEM format. If
            `None` is supplied, convert it to PEM format without performing any
            encryption.
        :return: private key in PEM format
        :rtype: str
        """
        return asymmetric.dump_private_key(self._private_key,
                                           _bytes_to_unicode(passphrase))
Exemple #14
0
    def test_ec_generate(self):
        public, private = asymmetric.generate_pair('ec', curve='secp256r1')

        self.assertEqual('ec', public.algorithm)
        self.assertEqual('secp256r1', public.asn1.curve[1])

        original_data = b'This is data to sign'
        signature = asymmetric.ecdsa_sign(private, original_data, 'sha1')
        self.assertIsInstance(signature, byte_cls)
        asymmetric.ecdsa_verify(public, signature, original_data, 'sha1')

        raw_public = asymmetric.dump_public_key(public)
        asymmetric.load_public_key(raw_public)
        raw_private = asymmetric.dump_private_key(private, None)
        asymmetric.load_private_key(raw_private, None)
Exemple #15
0
    def test_ec_generate(self):
        public, private = asymmetric.generate_pair('ec', curve='secp256r1')

        self.assertEqual('ec', public.algorithm)
        self.assertEqual('secp256r1', public.asn1.curve[1])

        original_data = b'This is data to sign'
        signature = asymmetric.ecdsa_sign(private, original_data, 'sha1')
        self.assertIsInstance(signature, byte_cls)
        asymmetric.ecdsa_verify(public, signature, original_data, 'sha1')

        raw_public = asymmetric.dump_public_key(public)
        asymmetric.load_public_key(raw_public)
        raw_private = asymmetric.dump_private_key(private, None)
        asymmetric.load_private_key(raw_private, None)
Exemple #16
0
def generate_pair(name, quiet=False, key_type='rsa', key_size=2048):

    if not quiet:
        write('Generating {} keys ... '.format(name), end='')

    public_key, private_key = asymmetric.generate_pair(key_type, bit_size=key_size)

    with open(path.join(certs_dir, '{}.key'.format(name)), 'wb') as f:
        f.write(asymmetric.dump_private_key(private_key, None))

    with open(path.join(certs_dir, '{}.pubkey'.format(name)), 'wb') as f:
        f.write(asymmetric.dump_public_key(public_key))

    if not quiet:
        write('done')
Exemple #17
0
    def test_dsa_generate(self):
        public, private = asymmetric.generate_pair('dsa', bit_size=1024)

        self.assertEqual('dsa', public.algorithm)
        self.assertEqual(1024, public.bit_size)

        original_data = b'This is data to sign'
        signature = asymmetric.dsa_sign(private, original_data, 'sha1')
        self.assertIsInstance(signature, byte_cls)
        asymmetric.dsa_verify(public, signature, original_data, 'sha1')

        raw_public = asymmetric.dump_public_key(public)
        asymmetric.load_public_key(raw_public)
        raw_private = asymmetric.dump_private_key(private, None)
        asymmetric.load_private_key(raw_private, None)
Exemple #18
0
    def test_dsa_generate(self):
        public, private = asymmetric.generate_pair('dsa', bit_size=1024)

        self.assertEqual('dsa', public.algorithm)
        self.assertEqual(1024, public.bit_size)

        original_data = b'This is data to sign'
        signature = asymmetric.dsa_sign(private, original_data, 'sha1')
        self.assertIsInstance(signature, byte_cls)
        asymmetric.dsa_verify(public, signature, original_data, 'sha1')

        raw_public = asymmetric.dump_public_key(public)
        asymmetric.load_public_key(raw_public)
        raw_private = asymmetric.dump_private_key(private, None)
        asymmetric.load_private_key(raw_private, None)
Exemple #19
0
def generate_pair(name, quiet=False, key_type='rsa', key_size=2048):

    if not quiet:
        write('Generating {} keys ... '.format(name), end='')

    public_key, private_key = asymmetric.generate_pair(key_type,
                                                       bit_size=key_size)

    with open(path.join(certs_dir, '{}.key'.format(name)), 'wb') as f:
        f.write(asymmetric.dump_private_key(private_key, None))

    with open(path.join(certs_dir, '{}.pubkey'.format(name)), 'wb') as f:
        f.write(asymmetric.dump_public_key(public_key))

    if not quiet:
        write('done')
Exemple #20
0
async def create_message(request):
    body = await request.post()
    session = await get_session(request)
    message = bytes(body['message'], 'UTF-8')
    date = datetime.strptime(body['date'], '%Y-%m-%d')
    public_key, private_key = asymmetric.generate_pair('rsa', bit_size=4096)
    ciphertext = asymmetric.rsa_oaep_encrypt(public_key, message)
    private_key = asymmetric.dump_private_key(private_key, None)
    user = await db.get_user(request.app, session['username'])
    message_uuid = uuid.uuid4().hex
    await db.create_message(
        request.app, {
            'uuid': message_uuid,
            'user': user.uuid,
            'private_key': binascii.hexlify(private_key).decode('UTF-8'),
            'ciphertext': binascii.hexlify(ciphertext).decode('UTF-8'),
            'expires': date
        })
    return web.HTTPFound(location=request.app.router['message_detail'].url_for(
        uuid=message_uuid))
Exemple #21
0
def self_enroll():
    from certidude import const
    common_name = const.FQDN
    directory = os.path.join("/var/lib/certidude", const.FQDN)
    self_key_path = os.path.join(directory, "self_key.pem")

    try:
        path, buf, cert, signed, expires = get_signed(common_name)
        public_key = asymmetric.load_public_key(path)
        private_key = asymmetric.load_private_key(self_key_path)
    except FileNotFoundError:  # certificate or private key not found
        with open(self_key_path, 'wb') as fh:
            public_key, private_key = asymmetric.generate_pair('rsa',
                                                               bit_size=2048)
            fh.write(asymmetric.dump_private_key(private_key, None))
    else:
        now = datetime.utcnow()
        if now + timedelta(days=1) < expires:
            click.echo(
                "Certificate %s still valid, delete to self-enroll again" %
                path)
            return

    builder = CSRBuilder({"common_name": common_name}, public_key)
    request = builder.build(private_key)
    with open(os.path.join(directory, "requests", common_name + ".pem"),
              "wb") as fh:
        fh.write(pem_armor_csr(request))
    pid = os.fork()
    if not pid:
        from certidude import authority
        from certidude.common import drop_privileges
        drop_privileges()
        authority.sign(common_name, skip_push=True, overwrite=True)
        sys.exit(0)
    else:
        os.waitpid(pid, 0)
        if os.path.exists("/etc/systemd"):
            os.system("systemctl reload nginx")
        else:
            os.system("service nginx reload")
Exemple #22
0
    def test_rsa_generate(self):
        public, private = asymmetric.generate_pair('rsa', bit_size=2048)

        self.assertEqual('rsa', public.algorithm)
        self.assertEqual(2048, public.bit_size)

        original_data = b'This is data to sign'
        signature = asymmetric.rsa_pkcs1v15_sign(private, original_data,
                                                 'sha1')
        self.assertIsInstance(signature, byte_cls)
        asymmetric.rsa_pkcs1v15_verify(public, signature, original_data,
                                       'sha1')

        raw_public = asymmetric.dump_public_key(public)
        asymmetric.load_public_key(raw_public)
        raw_private = asymmetric.dump_private_key(private, None)
        asymmetric.load_private_key(raw_private, None)

        self.assertIsInstance(private.fingerprint, byte_cls)
        self.assertIsInstance(public.fingerprint, byte_cls)
        self.assertEqual(private.fingerprint, public.fingerprint)
Exemple #23
0
    def issue_cert(self, csr: CsrBuilder) -> (PrivateKey, Cert):
        public_key, private_key = asymmetric.generate_pair('rsa',
                                                           bit_size=4096)
        builder = CertificateBuilder(
            {
                'country_name': 'US',
                'state_or_province_name': 'Massachusetts',
                'locality_name': 'Newbury',
                'organization_name': 'Codex Non Sufficit LC',
                'common_name': 'Will Bond',
            }, public_key)
        builder.self_signed = True
        cert = builder.build(private_key)
        serial = SerialNumber.from_int(cert.serial_number).as_hex()

        keypath = self._cert_dir / (serial + '.key')
        with keypath.open('wb') as f:
            f.write(asymmetric.dump_private_key(private_key, 'password'))

        certpath = self._cert_dir / (serial + '.pem')
        with certpath.open('wb') as f:
            f.write(pem_armor_certificate(cert))
Exemple #24
0
def create_certificate():
    root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
        'rsa', bit_size=2048)

    with open('root_ca.key', 'wb') as f:
        f.write(asymmetric.dump_private_key(root_ca_private_key, u'p'))

    with open('root_ca_public.key', 'wb') as f:
        f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem'))

    builder = CertificateBuilder(
        {
            u'country_name': u'US',
            u'state_or_province_name': u'Massachusetts',
            u'locality_name': u'Amherst',
            u'organization_name': u'Name Certifying service',
            u'common_name': u'NCS Root CA',
        }, root_ca_public_key)
    builder.self_signed = True
    builder.ca = True
    root_ca_certificate = builder.build(root_ca_private_key)

    with open('root_ca.crt', 'wb') as f:
        f.write(pem_armor_certificate(root_ca_certificate))
Exemple #25
0
 def to_pem(self, password=None):
     return asymmetric.dump_private_key(self._private_key,
                                        passphrase=password,
                                        encoding='pem')
Exemple #26
0
def _dump_private(key):
    return asymmetric.dump_private_key(key, None)
Exemple #27
0
import os

from oscrypto import asymmetric
from certbuilder import CertificateBuilder

fixtures_dir = os.path.join(os.path.dirname(__file__), '..', 'tests',
                            'fixtures')

root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
    'rsa', bit_size=2048)

with open(os.path.join(fixtures_dir, 'root.key'), 'wb') as f:
    f.write(
        asymmetric.dump_private_key(root_ca_private_key,
                                    'password123',
                                    target_ms=20))

builder = CertificateBuilder(
    {
        'country_name': 'US',
        'state_or_province_name': 'Massachusetts',
        'locality_name': 'Newbury',
        'organization_name': 'Codex Non Sufficit LC',
        'common_name': 'CodexNS Root CA 1',
    }, root_ca_public_key)
builder.self_signed = True
builder.end_entity = False
root_ca_certificate = builder.build(root_ca_private_key)

with open(os.path.join(fixtures_dir, 'root.crt'), 'wb') as f:
Exemple #28
0
 def private_key_pem(self, key):
     return pem.armor('RSA PRIVATE KEY', asymmetric.dump_private_key(key, None, 'der'))
def generatekey():
    if os.path.exists(str(keypath)):
        print("Certificate already exists in: ")
        print(keypath)
        message = sendgrid.Mail()
        sg = sendgrid.SendGridClient(
            'Username ', 'Password'
        )  # Input username and password of SendGrid account to send emails.
        # Sends an email so we can track failures of key generation.
        message.set_from("Email Notification")
        message.add_to(errorToEmail)
        message.set_subject("CSR Generation failed report ")
        message.set_html('CSR Generation failed for ' + domainName +
                         ' KEY file already exists')

        sg.send(message)
        sys.exit(1)
    else:
        with open(keypath, 'wb') as f:
            f.write(asymmetric.dump_private_key(private_key, 'ENCRYPT')
                    )  # encrypts private key, using a password to unencrypt

    builder = CSRBuilder(
        {
            'country_name': country,
            'state_or_province_name': state,
            'locality_name': city,
            'organization_name': companyName,
            'common_name': 'secure.' + domainName,
        }, public_key)
    request = builder.build(private_key)
    # Writes the CSR to a file
    with open(csrpath, 'wb') as f:
        f.write(pem_armor_csr(request))
    f = open(HOME + '/' + csrName)
    readCSR = f.read()

    # AUTH INFORMATION FOR DIGICERT
    headers = {
        "X-DC-DEVKEY": "",
        "Content-Type": "application/json",
    }
    # Parameters for the DigiCert order
    p = json.dumps({
        "certificate": {
            "common_name": str('secure.' + domainName),
            "csr": readCSR,
            "signature_hash": "sha256",
            "server_platform": {
                "id": 31
            },
        },
        "organization": {
            "id": orgID
        },
        "validity_years": years,
        "payment_method": "balance",
    })

    response = requests.post(
        'https://www.digicert.com/services/v2/order/certificate/ssl_plus',
        headers=headers,
        data=p)

    api_json = json.loads(response.text)
    print(api_json)

    idVal = api_json['id']
    print(idVal)

    sg = sendgrid.SendGridClient(
        'Username ', 'Password'
    )  # Creates email, sends to the account contact notifing of order
    message = sendgrid.Mail()

    # Grabbed the DigiCert order information for the confirmation email
    clientInfo = requests.get(
        'https://www.digicert.com/services/v2/order/certificate/' + str(idVal),
        headers=headers)
    info_json = json.loads(clientInfo.text)
    # Grabs details from the Order confirmation for email notification
    clientFirstName = info_json['organization_contact']['first_name']
    clientName = info_json['organization_contact'][
        'first_name'] + ' ' + info_json['organization_contact']['last_name']
    clientEmail = info_json['organization_contact']['email']
    clientPhone = info_json['organization_contact']['telephone']

    emailString = """Hello """ + str(clientFirstName) + """,
Your DigiCert SSL Certificate order has been placed and is pending your verification. If the new order is not issued soon, your current SSL Certificate will expire. As a result, your secure, online, check out page will no longer function along with your LiveScore survey system.
We recommend you contact DigiCert directly to help ensure your SSL Certificate is issued in a timely manner.

Your Order Number: """ + str(idVal) + """

Your Current SSL Certificate Expiration: """ + str(expireDate) + """

DigiCert Business Contact Associated with Order (Please confirm this information is correct): 
""" + str(clientName) + """
""" + str(clientEmail) + """
""" + str(clientPhone) + """

DigiCert Support Phone Number: 801-701-9600

DigiCert Support Email: [email protected]

Most of the time, DigiCert attempts an outbound call to the business contact listed in their system. DigiCert requires this phone call as part of their verification process before your SSL Certificate can be issued. If your business contact number listed above is incorrect, please let me know as soon as possible so I can update the order information."""

    message.add_bcc(clientEmail)
    message.add_to(
        'User Email'
    )  # Set add_to email for the users email so that you can monitor the sent emails
    message.set_from("FROM EMAIL")  # the From field value, for people to see
    message.set_subject("Recent Digicert SSL Certificate Order Placed")
    message.set_text(emailString)
    print("email sent to: " + str(clientEmail))
    sg.send(message)
Exemple #30
0
 def test_dump_private(self):
     private = asymmetric.load_private_key(os.path.join(fixtures_dir, 'keys/test.key'))
     pem_serialized = asymmetric.dump_private_key(private, 'password123', target_ms=20)
     private_reloaded = asymmetric.load_private_key(pem_serialized, 'password123')
     self.assertIsInstance(private_reloaded, asymmetric.PrivateKey)
     self.assertEqual('rsa', private_reloaded.algorithm)
Exemple #31
0
 def public_key_pem(self, key):
     return pem.armor('PUBLIC KEY', asymmetric.dump_private_key(key, None, 'der'))
Exemple #32
0
        print(
            pubkey_filename +
            " already exists, move it somewhere else. I don't want to overwrite any keys."
        )
    elif os.path.isfile(privkey_filename):
        print(
            privkey_filename +
            " already exists, move it somewhere else. I don't want to overwrite any keys."
        )
    else:
        print("Generating Key Pair")
        pub, priv = asym.generate_pair("rsa", bit_size=2048)
        pub_f = open(pubkey_filename, 'wb')
        priv_f = open(privkey_filename, 'wb')
        pub_f.write(asym.dump_public_key(pub, "pem"))
        priv_f.write(asym.dump_private_key(priv, u'salt', "pem"))
        pub_f.close()
        priv_f.close()
elif command == "sign":
    if len(sys.argv) < 3:
        print(help_text)
    else:
        url = sys.argv[2]
        if not os.path.isfile(privkey_filename):
            print(privkey_filename +
                  " does not exist, run the make_key command.")
        else:
            f = open(privkey_filename, 'rb')
            privkey = f.read()
            f.close()
            priv = asym.load_private_key(privkey, u'salt')
Exemple #33
0
import os

from oscrypto import asymmetric
from certbuilder import CertificateBuilder


fixtures_dir = os.path.join(os.path.dirname(__file__), '..', 'tests', 'fixtures')


root_ca_private_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test.key'))
root_ca_certificate = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))

root_ocsp_public_key, root_ocsp_private_key = asymmetric.generate_pair('rsa', bit_size=2048)

with open(os.path.join(fixtures_dir, 'test-ocsp.key'), 'wb') as f:
    f.write(asymmetric.dump_private_key(root_ocsp_private_key, 'password', target_ms=20))

builder = CertificateBuilder(
    {
        'country_name': 'US',
        'state_or_province_name': 'Massachusetts',
        'locality_name': 'Newbury',
        'organization_name': 'Codex Non Sufficit LC',
        'organization_unit_name': 'Testing',
        'common_name': 'CodexNS OCSP Responder',
    },
    root_ocsp_public_key
)
builder.extended_key_usage = set(['ocsp_signing'])
builder.issuer = root_ca_certificate
root_ocsp_certificate = builder.build(root_ca_private_key)
Exemple #34
0
 def private_key_pem(self):
     return asymmetric.dump_private_key(self.private_key, None,
                                        "pem").decode()
Exemple #35
0
# coding: utf-8
from __future__ import unicode_literals, division, absolute_import, print_function

import os

from oscrypto import asymmetric
from certbuilder import CertificateBuilder


fixtures_dir = os.path.join(os.path.dirname(__file__), "..", "tests", "fixtures")

root_ca_public_key, root_ca_private_key = asymmetric.generate_pair("rsa", bit_size=2048)

with open(os.path.join(fixtures_dir, "root.key"), "wb") as f:
    f.write(asymmetric.dump_private_key(root_ca_private_key, "password123", target_ms=20))

builder = CertificateBuilder(
    {
        "country_name": "US",
        "state_or_province_name": "Massachusetts",
        "locality_name": "Newbury",
        "organization_name": "Codex Non Sufficit LC",
        "common_name": "CodexNS Root CA 1",
    },
    root_ca_public_key,
)
builder.self_signed = True
builder.end_entity = False
root_ca_certificate = builder.build(root_ca_private_key)

with open(os.path.join(fixtures_dir, "root.crt"), "wb") as f:
Exemple #36
0
fixtures_dir = os.path.join(os.path.dirname(__file__), '..', 'tests',
                            'fixtures')

root_ca_private_key = asymmetric.load_private_key(
    os.path.join(fixtures_dir, 'test.key'))
root_ca_certificate = asymmetric.load_certificate(
    os.path.join(fixtures_dir, 'test.crt'))

root_ocsp_public_key, root_ocsp_private_key = asymmetric.generate_pair(
    'rsa', bit_size=2048)

with open(os.path.join(fixtures_dir, 'test-ocsp.key'), 'wb') as f:
    f.write(
        asymmetric.dump_private_key(root_ocsp_private_key,
                                    'password',
                                    target_ms=20))

builder = CertificateBuilder(
    {
        'country_name': 'US',
        'state_or_province_name': 'Massachusetts',
        'locality_name': 'Newbury',
        'organization_name': 'Codex Non Sufficit LC',
        'organization_unit_name': 'Testing',
        'common_name': 'CodexNS OCSP Responder',
    }, root_ocsp_public_key)
builder.extended_key_usage = set(['ocsp_signing'])
builder.issuer = root_ca_certificate
root_ocsp_certificate = builder.build(root_ca_private_key)