def csr_import(self, csr, target, cn, visibility=None, service=None): with NamedTemporaryFile() as csrtmp: reqname = self.__createreqname(target, cn, visibility, service) csrtmp.write(csr.encode('utf-8')) csrtmp.seek(0) self.__calleasyrsa(['import-req', csrtmp.name, reqname]) csrtmp.close() git.stamp(self.pkipath, "csr imported: %s" % reqname)
def subca_importkeys(self, rootcert: str, owncert: str, ownkey: str, intermediates: list): keypath = "%s/private/ca.key" % self.pkipath os.remove(keypath) os.remove("%s/reqs/ca.req" % self.pkipath) print("importing %s as root CA cert" % rootcert) inroot = open(rootcert).read() outroot = open(self.rootcacertpath, 'w+') outroot.write(inroot) outroot.close() print("importing %s as CA cert" % owncert) inowncert = open(owncert).read() outowncert = open('%s/ca.crt' % self.pkipath, 'w+') outowncert.write(inowncert) outowncert.close() print("importing %s as CA key" % ownkey) inownkey = open(ownkey).read() outownkey = open(keypath, 'w+') outownkey.write(inownkey) outownkey.close() if intermediates is not None: os.mkdir(self.intermediatesdir) for i in intermediates: certname = os.path.basename(i) incert = open(i).read() print("adding intermediate cert %s" % certname) outcert = open("%s/%s" % (self.intermediatesdir, certname), 'w+') outcert.write(incert) outcert.close() # build a chain out of the intermediate certs and the root ca cert # and check the sub ca cert we just pulled in is valid verificationchain = self.__buildverificationchain__(appendown=False) openssl.cert_verifychain(verificationchain.name, inowncert) verificationchain.close() git.stamp(self.pkipath, "subca certs and key imported")
def csr_create(self, target, hostname, visibility=None, service=None): reqname = self.__createreqname(target, hostname, visibility, service) extraargs = [] if visibility is not None and service is not None: extraargs.append('--dn-mode=org') extraargs.append('--req-c=JP') extraargs.append('--req-st=Shizuoka') extraargs.append('--req-city=Shimizu') extraargs.append('--req-org=thingy.jp') extraargs.append('[email protected]') extraargs.append('--req-ou=%s-%s' % (visibility, service)) easyrsaprocess = self.__calleasyrsa( extraargs + ['--req-cn=%s' % hostname, 'gen-req', reqname, 'nopass']) csrfile = open('%s/reqs/%s.req' % (self.pkipath, reqname)) csrdata = csrfile.read() git.stamp(self.pkipath, "csr created: %s" % reqname) return csrdata
def subca_init(self): self.__calleasyrsa(['--req-cn=dummy', 'build-ca', 'nopass', 'subca']) git.stamp(self.pkipath, "subca init")