def main():
parser = argparse.ArgumentParser(description="Generate CSR and key for SSL certificate")
parser.add_argument("cn", help="The full domain name e.g. www.example.com")
parser.add_argument("-c", "--country", action="store", help="The 2-character country code")
parser.add_argument("-s", "--state", action="store", help="The State, County or Province")
parser.add_argument("-l", "--locality", action="store", help="The locality (e.g. City or town)")
parser.add_argument("-o", "--organisation", action="store", help="The company or organisation")
parser.add_argument("-d", "--dept", action="store", default="Web Security", help="Department of the company")
parser.add_argument("-p", "--path", action="store", default="/root/", help="The path to create the keyfile and csr file")
args = parser.parse_args()
if not args.state or not args.locality or not args.country or not args.organisation:
parser.print_help()
sys.exit(-1)
dname = ("/C=%s/ST=%s/L=%s/O=%s/OU=%s/CN=%s" % (
args.country,
args.state,
args.locality,
args.organisation,
args.dept,
args.cn
))
key = pkiutils.create_rsa_key(
2048,
keyfile="%s%s.key" % (args.path, args.cn)
)
pkiutils.create_csr(
key,
dn=dname,
csrfilename=("%s%s.csr" % (args.path, args.cn)))
def create_cert(self, host, realm):
try:
key = pkiutils.create_rsa_key(bits=self.bits,
keyfile=None,
format='PEM',
passphrase=None)
csr = pkiutils.create_csr(
key,
"/CN={0}/C=US/O=Test organisation/".format(host),
csrfilename=None,
attributes=None)
except Exception as e:
raise Exception("Create CSR Exception: {0}".format(e))
try:
# CREATE CERT
cert_request = self.session.post(
'{0}session/json'.format(self.ipa_url),
headers=self.header,
data=json.dumps({
'id':
0,
'method':
'cert_request',
'params': [[csr], {
'principal': 'host/{0}@{1}'.format(host, realm),
'request_type': 'pkcs10',
'add': False
}]
}),
verify=self.ca_trust)
cert_resp = cert_request.json()
except Exception as e:
raise Exception("Cert Create Exception: {0}\n{1}".format(
e, cert_request))
try:
return cert_resp['result']['result']['certificate'], key
except TypeError as e:
if cert_resp['error']:
raise Exception(
"Key Error: {0}\nCert Request Body:{1}\nCert Response: {2}\nKey: {3}"
.format(e, cert_request, cert_resp, key))
else:
raise Exception("Unknown Exception {0}".format(e))
parser.add_argument('-d', dest='content_specifiers', nargs='+', required=True)
parser.add_argument('-v', '--verbose', action='store_true')
args = parser.parse_args()
if args.verbose: logging.basicConfig(level=logging.DEBUG)
logging.debug('Parsed argument credential_file: %s' % args.credential_file)
logging.debug('Parsed argument content_specifiers: %s' % args.content_specifiers)
auth_token = get_auth_token(args.credential_file)
logging.debug('Got auth_token: %s' % auth_token)
for content_specifier in args.content_specifiers:
# Get torrent information
gto_dict = get_gto_dict(content_specifier, auth_token)
logging.debug('Got gto_dict: %s' % gto_dict.get('info').get('name'))
# Authenticate
cert_sign_url = get_cert_sign_url(content_specifier)
logging.debug('Got cert_sign_url: %s' % cert_sign_url)
info_hash = get_info_hash(gto_dict)
logging.debug('Got info_hash: %s' % info_hash)
rsa = RSA.generate(bits=RSA_KEY_SIZE, e=RSA_EXPONENT)
logging.debug('RSA keypair generated; public key: %s' % rsa.publickey().exportKey())
csr = pkiutils.create_csr(rsa, DISTINGUISHED_NAME)
logging.debug('CSR generated: %s' % csr)
crt = get_crt(cert_sign_url, auth_token, csr, info_hash)
logging.debug('Got signed CRT: %s' % crt)
# TODO(hammer): Download
tracker_response = make_tracker_request(gto_dict, info_hash, rsa, crt)
logging.debug('Got tracker response: %s' % tracker_response)
import logging
logging.basicConfig(level=logging.DEBUG)
key = create_rsa_key(2048, keyfile='key.pem', passphrase="test")
csr = create_csr(
key,
'/C=AU/ST=null/L=Aussie/O=dis/OU=x509/OU=of/OU=x509/emailAddress=test@pkiutils/cn=test.example.com',
'csr.der',
attributes={
'extensionRequest': (
('x509basicConstraints', True,
(False,)),
('subjectAlternativeName', False,
('DNS:test.example.com',
'DNS:www.test.example.com',
'IP:127.0.0.1',
'IP:1.2.3.4',
'IP:255.192.2.3',
'IP:1.255.1.1',
'IP:192.168.1.2',
'IP:192.168.1.2',
'IP:192.168.1.2',
'IP:::1',
'IP:2001::a1a1:bade',
'IP:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF',
'IP:dead:beef:dead:beef:dead:beef:dead:beef')),
),
})