class OpenSSLEngine(Base):
key_types = {'rsa' : OpenSSL.crypto.TYPE_RSA,
'dsa' : OpenSSL.crypto.TYPE_DSA}
def __init__(self):
Base.__init__(self)
def init_database(self):
self.config = OpenSSLConfigParser(DEFAULT_ROOT_DIR)
mkdir_silent_if_isdir(self.config.get_ca_dir(self.ca))
mkdir_silent_if_isdir(self.config.get_ca_certs(self.ca))
mkdir_silent_if_isdir(self.config.get_ca_crl_dir(self.ca))
ca_private_path = self.config.get_ca_private()
mkdir_silent_if_isdir(ca_private_path)
os.chmod(ca_private_path, 0700)
# create empty database file
open(self.config.get_ca_database(self.ca), 'w')
mkdir_silent_if_isdir(self.config.get_ca_new_certs_dir(self.ca))
# write '01' into serial
serial_file = open(self.config.get_ca_serial(self.ca), 'w')
serial_file.write('01\n')
serial_file.close()
# no need to do nothing about the other files and directories
def create_private_key(self, path, type='rsa', size=1024, password=''):
pkey = OpenSSL.crypto.PKey()
pkey.generate_key(self.key_types[type], size)
if password:
buffer = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
pkey,
'DES-EDE3-CBC',
password)
else:
buffer = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
pkey)
fp = open(path, 'w')
fp.write(buffer)
def init_database(self):
self.config = OpenSSLConfigParser(DEFAULT_ROOT_DIR)
mkdir_silent_if_isdir(self.config.get_ca_dir(self.ca))
mkdir_silent_if_isdir(self.config.get_ca_certs(self.ca))
mkdir_silent_if_isdir(self.config.get_ca_crl_dir(self.ca))
ca_private_path = self.config.get_ca_private()
mkdir_silent_if_isdir(ca_private_path)
os.chmod(ca_private_path, 0700)
# create empty database file
open(self.config.get_ca_database(self.ca), 'w')
mkdir_silent_if_isdir(self.config.get_ca_new_certs_dir(self.ca))
# write '01' into serial
serial_file = open(self.config.get_ca_serial(self.ca), 'w')
serial_file.write('01\n')
serial_file.close()
else:
d = gtk.MessageDialog(parent=self,
message_format='Passwords do not match!',
buttons=gtk.BUTTONS_OK,
flags=gtk.DIALOG_MODAL | gtk.DIALOG_DESTROY_WITH_PARENT)
d.run()
d.destroy()
self.first_pass_entry.set_text('')
self.second_pass_entry.set_text('')
self.first_pass_entry.grab_focus()
return self.getpass()
passdialog = PasswordInputDialog()
return passdialog.getpass()
if __name__ == '__main__':
config = OpenSSLConfigParser()
config.create_default_config()
default_ca = config.get_default_ca()
config.set(default_ca, 'dir', 'default-ca')
ca = CertificateAuthority(config)
ca.register_callback('get_ca_key_password', dont_ask_key, default_ca)
ca.create_directory_structure()
ca.init()