class OpenSSLEngine(Base): key_types = {'rsa' : OpenSSL.crypto.TYPE_RSA, 'dsa' : OpenSSL.crypto.TYPE_DSA} def __init__(self): Base.__init__(self) def init_database(self): self.config = OpenSSLConfigParser(DEFAULT_ROOT_DIR) mkdir_silent_if_isdir(self.config.get_ca_dir(self.ca)) mkdir_silent_if_isdir(self.config.get_ca_certs(self.ca)) mkdir_silent_if_isdir(self.config.get_ca_crl_dir(self.ca)) ca_private_path = self.config.get_ca_private() mkdir_silent_if_isdir(ca_private_path) os.chmod(ca_private_path, 0700) # create empty database file open(self.config.get_ca_database(self.ca), 'w') mkdir_silent_if_isdir(self.config.get_ca_new_certs_dir(self.ca)) # write '01' into serial serial_file = open(self.config.get_ca_serial(self.ca), 'w') serial_file.write('01\n') serial_file.close() # no need to do nothing about the other files and directories def create_private_key(self, path, type='rsa', size=1024, password=''): pkey = OpenSSL.crypto.PKey() pkey.generate_key(self.key_types[type], size) if password: buffer = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, pkey, 'DES-EDE3-CBC', password) else: buffer = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, pkey) fp = open(path, 'w') fp.write(buffer)