def list_org(val, list):
if val == 'y':
req_url = url + '?include_validation=true'
else:
req_url = url
req = requests.get(req_url, headers=headers_get)
rest_status(req)
if list == 'y':
list_array = []
col = ['Org ID', 'Org Name', 'Address', 'Activated', 'Validated For']
list_array.append(col)
for org in req.json()['organizations']:
array = []
array.append(str(org['id']))
array.append(org['name'])
array.append(org['address'])
array.append(str(org['is_active']))
vals = []
if org.get('validations'):
for val in org['validations']:
vals.append(val['type'])
array.append(', '.join(vals))
list_array.append(array)
return list_array
else:
return req.json()
def view_domain(did, type):
if type == 'json':
req_url = url + '/' + did + '?include_dcv=true&include_validation=true'
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
else:
req_url = url + '/' + did + '?include_dcv=true&include_validation=true'
req = requests.get(req_url, headers=headers_get)
rest_status(req)
resp = req.json()
list = []
col = ['ID', 'Name', 'Status', 'DCV Method', 'Org ID']
list.append(col)
array = []
array.append(str(resp['id']))
array.append(resp['name'])
array.append(resp['status'])
if resp['dcv_method'] == 'email':
array.append('email')
elif resp['dcv_method'] == 'dns-txt-token':
array.append('txt')
elif resp['dcv_method'] == 'dns-cname-token':
array.append('cname')
elif resp['dcv_method'] == 'http-token':
array.append('http')
array.append(str(resp['organization']['id']))
list.append(array)
return list
def view_cert(ordernum, type):
if type == 'list':
req_url = url + '/' + ordernum
req = requests.get(req_url, headers=headers_get)
rest_status(req)
resp = req.json()
list = []
col = ['Order Num', 'Common Name', 'Org','Expires', 'Sig Hash', 'Key Size', 'Status']
list.append(col)
array = []
array.append(str(resp['id']))
array.append(resp['certificate']['common_name'])
array.append(str(resp['certificate']['organization']['id']))
array.append(resp['certificate']['valid_till'])
array.append(resp['certificate']['signature_hash'])
array.append(str(resp['certificate']['key_size']))
array.append(resp['status'])
list.append(array)
return list
elif type == 'json':
req_url = url + '/' + ordernum
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
else:
raise Exception('Must choose json or list to view certificate information. ')
def submit_domain(did):
choices = ['ov', 'ev', 'ovcs', 'evcs']
type = input('Validate for [ov, ev, ovcs, evcs]? ')
while type not in choices:
colorize('red')
choices = input(
'Please choose one of the following validation types: [ov, ev, ovcs, evcs] '
)
colorize_edit('reset')
type = choices
payload = json.dumps(
{"validations": [{
"type": type,
"user": {
"id": did
}
}]})
req_url = url + '/' + did + '/validation'
req = requests.post(req_url, headers=headers_post, data=payload)
rest_status(req)
if req.status_code == 204:
colorize('green')
print('Domain submitted for ' + type + ' validation.\n')
colorize_edit('reset')
return req
def access_roles():
cid = root_container()
req_url = 'https://www.digicert.com/services/v2/container/' + str(
cid) + '/role'
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
def test_dns(did, method, token):
req_url = url + '/' + did + '/dcv/cname'
payload = json.dumps({'dcv_method': method, 'token': token})
req = requests.put(req_url, headers=headers_post, data=payload)
rest_status(req)
if req.status_code == 200:
return req.json()
def download_cert(cid):
req_url = 'https://www.digicert.com/services/v2/certificate/' + str(cid) + '/download/platform'
req = requests.get(req_url, headers=headers_get)
rest_status(req)
if zipfile.is_zipfile(io.BytesIO(req.content)):
return zipfile.ZipFile(io.BytesIO(req.content))
else:
return req.content
def delete_usr(uid):
req_url = url + '/' + str(uid)
req = requests.delete(req_url, headers=headers_get)
rest_status(req)
if req.status_code == 204:
colorize('green')
print('Successfully deleted user.\n')
colorize_edit('reset')
def submit_org(oid):
choice = input('Submit org for OV, EV, OV CS, or EV CS? [ov/ev/cs/evcs] ')
type = ''
while type != 'ov' or 'ev' or 'ovcs' or 'evcs':
if choice == 'ov':
type = 'ov'
payload = json.dumps({"validations": [{"type": type}]})
break
elif choice == 'ev':
type = 'ev'
verified_usr()
# Craft payload for REST request
payload = json.dumps({
"validations": [{
"type": type,
"verified_users": [{
"id": uid
}]
}]
})
break
elif choice == 'cs':
type = 'cs'
verified_usr()
# Craft payload for REST request
payload = json.dumps({
"validations": [{
"type": type,
"verified_users": [{
"id": uid
}]
}]
})
break
elif choice == 'evcs':
type = 'ev_cs'
verified_usr()
# Craft payload for REST request
payload = json.dumps({
"validations": [{
"type": type,
"verified_users": [{
"id": uid
}]
}]
})
break
else:
print('Please enter ov, ev, ovcs, or evcs.')
choice = input(
'Submit org for OV, EV, OV CS, or EV CS? [ov/ev/ovcs/evcs] ')
req_url = url + '/' + oid + '/validation'
req = requests.post(req_url, headers=headers_post, data=payload)
if req.status_code == 204:
print('Org' + oid + ' has been submitted for ' + type + ' validation')
rest_status(req)
return req
def update_request(rid, status, comment):
req_url = 'https://www.digicert.com/services/v2/request/' + str(rid) + '/status'
if status == 'submitted' or 'pending' or 'approved' or 'rejected':
payload = json.dumps({ 'status': status, 'processor_comment': comment})
req = requests.put(req_url, headers=headers_post, data=payload)
rest_status(req)
else:
colorize('red')
print('Please enter valid status. [ submitted, pending, approved, rejected ]')
colorize_edit('reset')
def revoke_cert(cid, comment):
req_url = 'https://www.digicert.com/services/v2/order/certificate/' + cid + '/revoke'
payload = json.dumps( { 'comments': comment } )
req = requests.put(req_url, headers=headers_post, data=payload)
rest_status(req)
resp = req.json()
if resp.get('status'):
colorize('cyan')
print('A request to revoke order ' + cid + ' was successfully submitted on ' + resp['date'])
colorize_edit('reset')
return resp
def new_usr():
username = input("Enter a username: "******"Enter a firstname: ")
l_name = input("Enter a lastname: ")
email = input("Enter a email: ")
job = input("Enter a job title: ")
phone = input("Enter a phone number: ")
payload = json.dumps({
'username': username,
'first_name': f_name,
'last_name': l_name,
'email': email,
'job_title': job,
'telephone': phone,
'container': {
'id': root_container()
},
'access_roles': [{
'id': rid
}]
})
req = requests.post(url, headers=headers_post, data=payload)
rest_status(req)
if req.status_code == 201:
colorize('green')
print('Successfully created new user. New User ID: ' +
str(req.json()['id']))
print('\n')
colorize_edit('reset')
else:
colorize('red')
print('Error: ' + str(req.status_code))
colorize_edit('reset')
else:
colorize('red')
print("Username is taken. Try a different one.\n")
colorize_edit('reset')
def list_requests(pages,pend):
req_url = 'https://www.digicert.com/services/v2/request'
reqs = requests.get(req_url, headers=headers_get)
rest_status(reqs)
if pages == 'y':
list = []
col = ['Request ID', 'Date Requested', 'Status', 'Type', 'Order ID', 'Requested By', 'Approved By']
list.append(col)
if pend == 'y':
for req in reqs.json()['requests']:
if req['status'] == 'pending':
array = []
array.append(str(req['id']))
array.append(req['date'])
array.append(req['status'])
array.append(req['type'])
array.append(str(req['order']['id']))
requester_fname = req['requester']['first_name']
requester_lname = req['requester']['last_name']
requester_name = requester_fname + ' ' + requester_lname
array.append(requester_name)
if req.get('processor'):
approver_fname = req['processor']['first_name']
approver_lname = req['processor']['last_name']
approver_name = approver_fname + ' ' + approver_lname
array.append(approver_name)
else:
approver_name = ' '
array.append(approver_name)
list.append(array)
return list
else:
for req in reqs.json()['requests']:
array = []
array.append(str(req['id']))
array.append(req['date'])
array.append(req['status'])
array.append(req['type'])
array.append(str(req['order']['id']))
requester_fname = req['requester']['first_name']
requester_lname = req['requester']['last_name']
requester_name = requester_fname + ' ' + requester_lname
array.append(requester_name)
if req.get('processor'):
approver_fname = req['processor']['first_name']
approver_lname = req['processor']['last_name']
approver_name = approver_fname + ' ' + approver_lname
array.append(approver_name)
list.append(array)
return list
else:
return reqs.json()
def new_domain(name, oid, type):
payload = json.dumps({
'name': name,
'organization': {
'id': oid
},
'validations': [{
'type': type
}]
})
req = requests.post(url, headers=headers_post, data=payload)
rest_status(req)
if req.status_code == 201:
return req.json()
def view_usr(uid):
req_url = url + '/' + str(uid)
req = requests.get(req_url, headers=headers_get)
rest_status(req)
resp = req.json()
list = []
col = ['Usr ID', 'Usr Name', 'Email', 'Status', 'Has Access To']
list.append(col)
array = []
array.append(str(resp['id']))
name = str(resp['first_name']) + ' ' + str(resp['last_name'])
array.append(name)
array.append(resp['email'])
array.append(resp['status'])
temp = []
for cont in resp['container_visibility']:
temp.append(cont['name'])
array.append(', '.join(temp))
list.append(array)
paginate(list, 10)
def new_org():
# Collect org details
print('Creating new org...')
name = input('Enter a org name: ')
street = input('Enter the street address: ')
city = input('Enter the city: ')
state = input('Enter the state/province: ')
country = input('Enter the country: ')
zip = input('Enter a zip code: ')
phone = input('Enter a phone for the org: ')
# Collect org contact details
print('Adding a Organization contact...')
c_fname = input('Enter the first name: ')
c_lname = input('Enter the last name: ')
c_job = input('Enter the job title: ')
c_email = input('Enter the email: ')
c_phone = input('Enter the phone: ')
# Combine input to JSON payload
payload = json.dumps({
'name': name,
'address': street,
'zip': zip,
'city': city,
'state': state,
'country': country,
'telephone': phone,
'container': {
'id': root_container()
},
'organization_contact': {
'first_name': c_fname,
'last_name': c_lname,
'email': c_email,
'telephone': c_phone,
}
})
req = requests.post(url, headers=headers_post, data=payload)
rest_status(req)
print('\nNew org id: ' + str(req.json()["id"]))
return req.json()["id"]
def edit_usr(uid):
req_url = url + '/' + str(uid)
uname = input('Enter a new username: '******'Enter a new first name: ')
lname = input('Enter a new last name: ')
email = input('Enter a new email: ')
job = input('Enter a new job title: ')
phone = input('Enter a new phone number: ')
payload = json.dumps({
'username': uname,
'first_name': fname,
'last_name': lname,
'email': email,
'job_title': job,
'telephone': phone
})
req = requests.put(req_url, headers=headers_post, data=payload)
rest_status(req)
if req.status_code == 204:
colorize('green')
print('Successfully updated user.\n')
colorize_edit('reset')
def list_usr(pages):
req = requests.get(url, headers=headers_get)
rest_status(req)
resp = req.json()
list = []
col = ['Usr ID', 'Name', 'Email', 'Job Title']
list.append(col)
for usr in resp["users"]:
array = []
array.append(str(usr['id']))
name = str(usr['first_name']) + ' ' + str(usr['last_name'])
array.append(name)
array.append(usr['email'])
if 'job_title' in usr:
array.append(usr['job_title'])
else:
array.append(" ")
list.append(array)
if pages == 'y':
return list
else:
return req.json()
def list_cert():
req = requests.get(url, headers=headers_get)
rest_status(req)
list = []
col = ['Order Num', 'Common Name', 'Status', 'Org id', 'Type', 'Expires']
list.append(col)
for order in req.json()['orders']:
array = []
array.append(str(order['id']))
if order['certificate'].get('common_name'):
array.append(order['certificate']['common_name'])
else:
array.append('N/A')
array.append(order['status'])
array.append(str(order['organization']['id']))
array.append(order['product']['name'])
if order['certificate'].get('valid_till'):
array.append(order['certificate']['valid_till'])
else:
array.append('N/A')
list.append(array)
return list
def check_api_key():
req_url = url + '/me'
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
def check_usr(username):
req_url = url + '/availability/' + username
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
def download_cert_by_format(cid, format):
req_url = 'https://www.digicert.com/services/v2/certificate/' + str(cid) + '/download/format/' + format
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.content
def list_container():
req = requests.get(url, headers=headers_get)
rest_status(req)
return req.json()
def view_request(rid):
req_url = 'https://www.digicert.com/services/v2/request/' + str(rid)
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
def new_container(cid, name, tid):
endpoint = url + '/' + str(cid) + '/children'
payload = {'name': name, 'template_id': str(tid)}
req = requests.post(endpoint, headers=headers_post, data=payload)
rest_status(req)
return req.json()
def duplicate_cert(cid):
# Get order information and load cert conf
try:
info = view_cert(cid,'json')
ordernum = info['id']
cert_path = Path(str(confd_cert) + '/' + cid + '.conf')
r = ConfigParser()
r.read(str(cert_path))
cert_keyd = r.get('Initialized Cert', 'key_dir')
except:
raise LookupError('Missing cert.d entry. Reissue order with --reissue-crt.')
# Get org information to create key.d
org_id = info['organization']['id']
org_name = info['organization']['name']
# Generate and save private key
alg = input('Create a ECC or RSA private key? ' )
while not alg in ['ecc','rsa']:
colorize('red')
alg = input('Enter ECC or RSA: ')
colorize_edit('reset')
key = gen_key(alg)
# Generate a CSR from private key
dup_csr = gen_csr(key)
# Get duplicate certificate information
dups = list_duplicates(cid)
# If no duplicates, create folder 001
if not dups.get('certificates'):
dup_keyd = Path(str(cert_keyd) + '/01.d')
os.makedirs(str(dup_keyd))
# Else count the number of dups and create new dup folder
else:
count = len(dups['certificates'])
dup_num = count + 1
dup_keyd = Path(str(cert_keyd) + '/0' + str(dup_num) + '.d')
if dup_keyd.exists():
try:
shutil.rmtree(str(dup_keyd))
except OSError as e:
print("Error: %s - %s." % (e.filename,e.strerror))
os.makedirs(str(dup_keyd))
# Write CSR and KEY to new dup folder
key_path = Path(str(dup_keyd) + '/private.key')
with open(str(key_path), 'wb+') as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
))
csr_path = Path(str(dup_keyd) + '/request.csr')
with open(str(csr_path), 'w+') as f:
f.write(dup_csr)
# List options for file format
formats = ['1] p7b', '2] pem', '3] pem bundle', '4] code signing', '5] other']
print('Possible file formats: ')
print(*formats, sep='\t')
format = int(input('Choose a format [1-5]: '))
# Choose server platform
if format == 1:
platform = 10
elif format == 2:
platform = 2
elif format == 3:
platform = 45
elif format == 4:
platform = 55
elif format == 5:
platform = -1
else:
print('Default chosen: pem format')
platform = -1
# Choose signature hash
algs = ['1] sha256', '2] sha384', '3] sha512']
print('Signature hash algorithms')
print(*algs, sep='\t')
alg = int(input('Choose an algorithm [1-3]: '))
if alg == 1:
hash_alg = 'sha256'
elif alg == 2:
hash_alg = 'sha384'
elif alg == 3:
hash_alg = 'sha512'
else:
hash_alg = 'sha256'
print('Default selected: sha256')
# Set common name
cn = info['certificate']['common_name']
colorize('blue')
print("Current common name: " + cn)
colorize_edit('reset')
if info['product']['name_id'] == 'ssl_multi_domain' or info['product']['name_id'] == 'ssl_ev_multi_domain':
# Convert sans list to array
sans = info['certificate']['dns_names']
if info['product']['name_id'] == 'ssl_cloud_wildcard' or info['product']['name_id'] == 'ssl_wildcard':
# Get array of SANs
sans = []
print('Type Subject Alternate Name and press enter (Enter d when done):')
while 1 == 1:
san = input('')
if san == 'd':
break
elif not regex_test.match(san):
print(san + ' is not a valid SAN')
else:
sans.append(san)
# Make payload and submit to Digicert
payload = json.dumps({
'certificate': {
'common_name': cn,
'dns_names':
sans
,
'csr': dup_csr,
'server_platform': {
'id': platform
},
'signature_hash': 'sha256'
}
})
req_url = url + '/' + str(ordernum) + '/duplicate'
req = requests.post(req_url, headers=headers_post, data=payload)
rest_status(req)
# Get certificate id by listing new duplicate
ld = list_duplicates(ordernum)
cert_id = ld['certificates'][0]['id']
# Download based on server platform
if format == 1:
# Download new duplicate from Digicert
dup_cert = download_cert_by_format(cert_id,'p7b')
# Set filename based on server platform to p7b
dup_cert_path = Path( str(dup_keyd) + '/cert.p7b' )
with open(str(dup_cert_path), 'wb+') as save:
save.write(dup_cert)
elif format == 2:
# Download new duplicate from Digicert
dup_cert = download_cert_by_format(cert_id,'apache')
# Set filename based on server platform to pem (individual pem without root)
dup_cert_path = Path( str(dup_keyd) + '/cert.zip' )
with open(str(dup_cert_path), 'wb+') as save:
save.write(dup_cert)
elif format == 3:
# Download new duplicate from Digicert
dup_cert = download_cert_by_format(cert_id,'pem_all')
# Set filename based on server platform to pem bundle
dup_cert_path = Path( str(dup_keyd) + '/cert.pem' )
with open(str(dup_cert_path), 'wb+') as save:
save.write(dup_cert)
elif format == 4:
# Download new duplicate from Digicert
dup_cert = download_cert_by_format(cert_id,'cer')
# Set filename based on server platform to code signing
dup_cert_path = Path( str(dup_keyd) + '/cert.cer' )
with open(str(dup_cert_path), 'wb+') as save:
save.write(dup_cert)
elif format == 5:
# Download new duplicate from Digicert
dup_cert = download_cert_by_format(cert_id,'default_pem')
# Set filename based on server platform to other (individual pem including root)
dup_cert_path = Path( str(dup_keyd) + '/cert.zip' )
with open(str(dup_cert_path), 'wb+') as save:
save.write(dup_cert)
colorize('green')
print('Duplicate successfully created in:\n' + str(dup_cert_path))
colorize_edit('reset')
def list_template(cid):
endpoint = url + '/' + str(cid) + '/template'
req = requests.get(url, headers=headers_get)
rest_status(req)
return req.json()
def list_duplicates(ordernum):
req_url = url + '/' + str(ordernum) + '/duplicate'
req = requests.get(req_url, headers=headers_get)
rest_status(req)
return req.json()
def reissue_cert(cid):
# Get cid
cert_info = view_cert(cid, 'json')
order_no = str(cert_info['id'])
req_url = url + '/' + order_no + '/reissue'
# Get request org info
org_name = cert_info['organization']['name']
org_city = cert_info['organization']['city']
org_state = cert_info['organization']['state']
org_country = cert_info['organization']['country']
oid = cert_info['organization']['id']
# Print current information
old_cn = str(cert_info['certificate']['common_name'])
old_sans = ', '.join(cert_info['certificate']['dns_names'])
colorize('blue')
print('Current Certificate:')
print('CN = ' + old_cn)
print('SANs = ' + old_sans)
colorize_edit('reset')
# Get common name
cn = input('Enter a new common name: ')
while not regex_test.match(cn):
cn = input('Enter a valid common name: ')
# Get array of SANs
sans = []
print('Type Subject Alternate Name and press enter (Enter d when done):')
while 1 == 1:
san = input('')
if san == 'd':
break
elif not regex_test.match(san):
print(san + ' is not a valid SAN')
else:
sans.append(san)
# Load existing conf and private key if exists
order_conf = Path( str(confd_cert) + '/' + str(order_no) + '.conf')
org_conf = Path( str(confd_org) + '/' + str(oid) + '.conf' )
if os.path.exists(str(order_conf)):
with open(str(order_conf), 'r'):
scp = ConfigParser()
scp.read(str(order_conf))
key_dir = scp.get('Initialized Cert', 'key_dir')
key_path = Path( key_dir + '/' + str(order_no) + '.key')
csr_path = Path( key_dir + '/' + str(order_no) + '.csr')
with open(str(key_path), 'rb') as f:
key_bytes = f.read()
key = load_pem_private_key(key_bytes, None, default_backend())
# Generate a CSR from private key and org info
signed_req = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, org_country),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, org_state),
x509.NameAttribute(NameOID.LOCALITY_NAME, org_city),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, org_name),
x509.NameAttribute(NameOID.COMMON_NAME, cn),
])).sign(key, hashes.SHA256(), default_backend())
csr = str(signed_req.public_bytes(serialization.Encoding.PEM), 'utf-8')
# Save CSR
with open(str(csr_path), 'w+') as f:
f.write(csr)
# Create new conf file
else:
order_keyd = Path( str(keyd) + '/' + org_name + '/' + str(order_no) + '.d' )
with open(str(order_conf), 'w+') as f:
scp = ConfigParser()
scp.read(str(order_conf))
scp.add_section('Initialized Cert')
scp.set('Initialized Cert', 'id', str(order_no))
scp.set('Initialized Cert', 'key_dir', str(order_keyd))
scp.set('Initialized Cert', 'status', cert_info['status'])
scp.write(f)
# Generate and save private key
alg = input('Create a ECC or RSA private key? ' )
while not alg in ['ecc','rsa']:
colorize('red')
alg = input('Enter ECC or RSA: ')
colorize_edit('reset')
key = gen_key(alg)
key_path = Path( str(order_keyd) + '/' + str(order_no) + '.key' )
if not os.path.exists(str(order_keyd)):
os.makedirs(str(order_keyd))
with open(str(key_path), 'wb+') as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
))
# Generate csr
csr_path = Path( str(order_keyd) + '/' + str(order_no) + '.csr' )
csr = gen_csr(key)
with open(str(csr_path), 'w+') as f:
f.write(csr, 'utf-8')
# Choose signature hash
algs = ['1] sha256', '2] sha384', '3] sha512']
print('Signature hash algorithms')
print(*algs, sep='\t')
alg = int(input('Choose an algorithm [1-3]: '))
if alg == 1:
hash_alg = 'sha256'
elif alg == 2:
hash_alg = 'sha384'
elif alg == 3:
hash_alg = 'sha512'
else:
hash_alg = 'sha256'
print('Default selected: sha256')
# Create payload
payload = json.dumps({
'certificate': {
'common_name': cn,
'dns_names': sans,
'csr': csr,
'signature_hash': hash_alg
}
})
req = requests.post(req_url, headers=headers_post, data=payload)
rest_status(req)
colorize('green')
print('Reissue for ' + cn + ' has been submitted to Digicert for processing.\n')
colorize_edit('reset')
return req.json()
def new_cert(type):
# Pick org
orgs = get_active_org()
list = []
col = ['Org id', 'Org Name', 'Display Name']
list.append(col)
for org in orgs['organizations']:
array = []
array.append(str(org['id']))
array.append(org['name'])
array.append(org['display_name'])
list.append(array)
paginate(list,10)
oid = input('Pick organization id: ')
# Get org name with oid
org_name = view_org(oid)['name']
# Test common name
cn = input('Enter a common name: ')
while not regex_test.match(cn):
cn = input('Enter a valid common name: ')
# Get array of SANs
sans = []
print('Type Subject Alternate Name and press enter (Enter d when done):')
while 1 == 1:
san = input('')
if san == 'd':
break
elif not regex_test.match(san):
print(san + ' is not a valid SAN')
else:
sans.append(san)
# Create new entry in key.d for order
x = oid + '.conf'
org_conf = Path(confd_org / x)
if not os.path.exists(str(org_conf)):
print('Error: Initialize org ' + oid)
else:
# Saves key and csr temporarily in the org folder until order id is created
with open(str(org_conf)) as oc:
p = ConfigParser()
p.read(str(org_conf))
safe = p.get('Initialized Org', 'key_dir')
key_path = safe + '/private.key'
csr_path = safe + '/request.csr'
# Generate and save private key
alg = input('Create a ECC or RSA private key? ' )
while not alg in ['ecc','rsa']:
colorize('red')
alg = input('Enter ECC or RSA: ')
colorize_edit('reset')
key = gen_key(alg)
with open(key_path, 'wb+') as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
))
# Generate a CSR from private key
csr = gen_csr(key)
# Save csr
with open(csr_path, 'w+') as f:
f.write(csr)
# Choose signature hash
algs = ['1] sha256', '2] sha384', '3] sha512']
print('Signature hash algorithms')
print(*algs, sep='\t')
alg = int(input('Choose an algorithm [1-3]: '))
if alg == 1:
hash_alg = 'sha256'
elif alg == 2:
hash_alg = 'sha384'
elif alg == 3:
hash_alg = 'sha512'
else:
hash_alg = 'sha256'
print('Default delected: sha256')
# Choose validity period
val_periods = ['1] 1 year', '2] 2 year', '3] Custom Expiration']
print(*val_periods, sep='\t')
val_period = int(input('Choose certificate lifetime [1-3]: '))
if val_period == 1:
time = 1
elif val_period == 2:
time = 2
else:
time = 3
custom = input('Pick a custom certificate lifetime in format YYYY-MM-DD: ')
regx = re.compile('([0-9]{4}(\-){1}([0-9]){2}(\-){1}([0-9]){2})')
while not regx.match(custom):
print('Incorrect format. Try again.')
custom = input('Pick a custom certificate lifetime in format YYYY-MM-DD: ')
# List options for file format
formats = ['1] p7b', '2] pem', '3] pem bundle', '4] code signing', '5] other']
print('Possible file formats: ')
print(*formats, sep='\t')
format = int(input('Choose a format [1-5]: '))
# Choose server platform
if format == 1:
platform = 10
elif format == 2:
platform = 2
elif format == 3:
platform = 45
elif format == 4:
platform = 55
elif format == 5:
platform = -1
# Set server platform to Sun Java for code signing
elif args.new_cert == 'cs':
platform = 55
else:
print('Default chosen: pem format')
platform = -1
# If custom expiraion, include correct payload
if time == 1 or time == 2:
payload = {
'certificate': {
'common_name': cn,
'dns_names': sans,
'csr': csr,
'server_platform': {
'id': int(platform)
},
'signature_hash': hash_alg
},
'organization': {
'id': int(oid)
},
'validity_years': int(time),
'product': {
'type_hint': type
}
}
else:
print('Time == 3')
payload = {
'certificate': {
'common_name': cn,
'dns_names': sans,
'csr': str(csr.public_bytes(serialization.Encoding.PEM), 'utf-8'),
'server_platform': {
'id': int(platform)
},
'signature_hash': hash_alg
},
'organization': {
'id': int(oid)
},
'validity_years': 1,
'custom_expiration_date': custom,
'product': {
'type_hint': type
}
}
payload_data = json.dumps(payload)
req_url = url + '/ssl'
req = requests.post(req_url, headers=headers_post, data=payload_data)
rest_status(req)
# Move key to new key.d
with open(str(org_conf)):
p = ConfigParser()
p.read(str(org_conf))
safe = p.get('Initialized Org', 'key_dir')
temp_key = safe + '/private.key'
dir = Path(safe + '/' + str(req.json()['id']) + '.d')
if not os.path.exists(str(dir)):
os.makedirs(str(dir))
key_name = Path(str(str(req.json()['id']) + '.key'))
saved_key = Path( dir / key_name )
with open(temp_key, 'r') as tk:
t = tk.read()
with open(str(saved_key), 'w+') as sk:
sk.write(t)
os.remove(temp_key)
# Move csr to order.d
temp_csr = Path( safe + '/request.csr')
saved_csr = Path( dir / Path(str(str(req.json()['id']) + '.csr')) )
with open(str(temp_csr), 'r') as tc:
tcsr = tc.read()
with open(str(saved_csr), 'w+') as sc:
sc.write(tcsr)
os.remove(str(temp_csr))
# Create pending req in cert.d
conf_name = str(req.json()['id']) + '.conf'
cert_conf = Path( confd_cert / conf_name )
with open(str(cert_conf), 'w+') as cc:
scp = ConfigParser()
scp.read(str(cert_conf))
scp.add_section('Initialized Cert')
scp.set('Initialized Cert', 'id', str(req.json()['id']))
scp.set('Initialized Cert', 'key_dir', str(dir))
scp.set('Initialized Cert', 'status', 'pending')
scp.write(cc)
print('Successfully placed new order # ' + str(req.json()['id']) + '\n')
return req.json()
