def csr_import(self, csr, target, cn, visibility=None, service=None):
with NamedTemporaryFile() as csrtmp:
reqname = self.__createreqname(target, cn, visibility, service)
csrtmp.write(csr.encode('utf-8'))
csrtmp.seek(0)
self.__calleasyrsa(['import-req', csrtmp.name, reqname])
csrtmp.close()
git.stamp(self.pkipath, "csr imported: %s" % reqname)
def subca_importkeys(self, rootcert: str, owncert: str, ownkey: str,
intermediates: list):
keypath = "%s/private/ca.key" % self.pkipath
os.remove(keypath)
os.remove("%s/reqs/ca.req" % self.pkipath)
print("importing %s as root CA cert" % rootcert)
inroot = open(rootcert).read()
outroot = open(self.rootcacertpath, 'w+')
outroot.write(inroot)
outroot.close()
print("importing %s as CA cert" % owncert)
inowncert = open(owncert).read()
outowncert = open('%s/ca.crt' % self.pkipath, 'w+')
outowncert.write(inowncert)
outowncert.close()
print("importing %s as CA key" % ownkey)
inownkey = open(ownkey).read()
outownkey = open(keypath, 'w+')
outownkey.write(inownkey)
outownkey.close()
if intermediates is not None:
os.mkdir(self.intermediatesdir)
for i in intermediates:
certname = os.path.basename(i)
incert = open(i).read()
print("adding intermediate cert %s" % certname)
outcert = open("%s/%s" % (self.intermediatesdir, certname),
'w+')
outcert.write(incert)
outcert.close()
# build a chain out of the intermediate certs and the root ca cert
# and check the sub ca cert we just pulled in is valid
verificationchain = self.__buildverificationchain__(appendown=False)
openssl.cert_verifychain(verificationchain.name, inowncert)
verificationchain.close()
git.stamp(self.pkipath, "subca certs and key imported")
def csr_create(self, target, hostname, visibility=None, service=None):
reqname = self.__createreqname(target, hostname, visibility, service)
extraargs = []
if visibility is not None and service is not None:
extraargs.append('--dn-mode=org')
extraargs.append('--req-c=JP')
extraargs.append('--req-st=Shizuoka')
extraargs.append('--req-city=Shimizu')
extraargs.append('--req-org=thingy.jp')
extraargs.append('[email protected]')
extraargs.append('--req-ou=%s-%s' % (visibility, service))
easyrsaprocess = self.__calleasyrsa(
extraargs +
['--req-cn=%s' % hostname, 'gen-req', reqname, 'nopass'])
csrfile = open('%s/reqs/%s.req' % (self.pkipath, reqname))
csrdata = csrfile.read()
git.stamp(self.pkipath, "csr created: %s" % reqname)
return csrdata
def subca_init(self):
self.__calleasyrsa(['--req-cn=dummy', 'build-ca', 'nopass', 'subca'])
git.stamp(self.pkipath, "subca init")