def __init__(self, configFile=str(cwd) + '/config.ini'):
'''
Init the PyKI easyly, using ini config file.
:param configFile: Ini config file containing pki parameters.
:type configFile: String.
:returns: Informational result dict {'error': Boolean, 'message': String}
:rtype: PyKI class object.
'''
# calling signal handler
signal.signal(signal.SIGINT, self.sigint_handler)
self.__config = configFile
self.__pki = False
# Creating default setup if it does not exists
if not os.path.exists(self.__config):
print(self.__config)
createRes = self.__createConf()
if createRes['error']:
print(createRes['message'])
exit(1)
print("INFO: Default configuration done! Please edit " +
self.__config + " before launching init again")
exit(0)
# Get param from config file .ini
config = configparser.ConfigParser()
try:
config.read(self.__config)
except ConfigParser.ParsingError as e:
print(e)
exit(1)
except ConfigParser.Error as e:
print(e)
exit(1)
config.sections()
if 'pki auth' not in config:
print(
'ERROR: Missing "pki auth" section in your configuration file: '
+ self.__config)
exit(1)
if 'pki params' not in config:
print(
'ERROR: Missing "pki params" section in your configuration file: '
+ self.__config)
exit(1)
if 'DEFAULT' not in config:
print(
'ERROR: Missing "DEFAULT" section in your configuration file: '
+ self.__config)
exit(1)
intVal = [1024, 2048, 4096, 8192]
certAlgo = ['sha1', 'sha256', 'sha512']
keyCipher = [
'des', 'des3', 'seed', 'aes128', 'aes192', 'aes256', 'camellia128',
'camellia192', 'camellia256'
]
crlAlgo = [
'md2', 'md5', 'mdc2', 'rmd160', 'sha', 'sha1', 'sha224', 'sha256',
'sha384', 'sha512'
]
# get verbosity level
# check if in, ignoring case
mainVerbosity = config.getboolean('DEFAULT', 'verbose')
pkiAuthpK = config['pki auth']['private key']
pkiAuthKlen = config.getint('pki auth', 'key length')
if pkiAuthKlen not in intVal:
print('ERROR: Please choose a value in range ' + str(intVal) +
' for the pki auth key length item')
exit(1)
try:
AuthPkPass = config.get('pki auth', 'passphrase')
except ConfigParser.NoOptionError:
AuthPkPass = getpass.getpass(
'Give the PKI Authentication private key password: '******'' or AuthPkPass == ' ':
AuthPkPass = getpass.getpass(
'Give the PKI Authentication private key password: '******'' or AuthPkPass == ' ' or AuthPkPass is None or not AuthPkPass:
print('ERROR: You must give the pki authentication password')
exit(1)
issuer = config['pki params']['issuer'].strip().replace(" ", "_")
C = config['pki params']['c'].strip()
ST = config['pki params']['st'].strip()
L = config['pki params']['l'].strip()
O = config['pki params']['o'].strip()
OU = config['pki params']['ou'].strip()
email_param = config['pki params']['email']
if '@' not in email.utils.parseaddr(
email_param)[1] or email.utils.parseaddr(email_param)[1] == '':
print('ERROR: Invalid e-mail address format')
exit(1)
default_pkeySize = config.getint('pki params', 'private key size')
if default_pkeySize not in intVal:
print('ERROR: Please choose a value in range ' + str(intVal) +
' for the pki params private key size item')
exit(1)
default_certEncrypt = config['pki params'][
'certificate encryption'].lower()
if default_certEncrypt not in certAlgo:
print('ERROR: Please choose a value in range ' + str(certAlgo) +
' for the pki params certificate encryption item')
exit(1)
default_pkeyCipher = config['pki params']['private key cipher'].lower()
if default_pkeyCipher not in keyCipher:
print('ERROR: Please choose a value in range ' + str(keyCipher) +
' for the pki params private key cipher item')
exit(1)
crlEncrypt = config['pki params']['crl encryption'].lower()
if crlEncrypt not in crlAlgo:
print('ERROR: Please choose a value in range ' + str(crlAlgo) +
' for the pki params crl encryption item')
exit(1)
# first init, creating private key
if not os.path.exists(pkiAuthpK):
print("\n!!!!! INFO: The auth private key will be saved in " +
pkiAuthpK + " !!!!!\n")
self.__pki = PyKIcore.PyKI(issuerName=issuer,
authKeypass=AuthPkPass,
C=C,
ST=ST,
L=L,
O=O,
OU=OU,
adminEmail=email_param,
verbose=mainVerbosity,
KEY_SIZE=default_pkeySize,
SIGN_ALGO=default_certEncrypt,
KEY_CIPHER=default_pkeyCipher,
CRL_ALGO=crlEncrypt,
authKeylen=pkiAuthKlen)
# get private key for authentication after first init
authprivkey = self.__pki.initPkey
print(authprivkey)
# writing key to file
wfile = None
self.__pki.create_dir(os.path.dirname(pkiAuthpK), 0o750)
try:
wfile = open(pkiAuthpK, "wt")
except FileNotFoundError:
print("File %s is missing .. WTH !!!" % pkiAuthpK)
exit(1)
except IOError:
print('ERROR: unable to open file %s' % pkiAuthpK)
exit(1)
else:
try:
wfile.write(authprivkey)
except IOError:
print('ERROR: Unable to write to file ' + pkiAuthpK)
exit(1)
else:
if mainVerbosity:
print('INFO: File ' + pkiAuthpK + ' written')
finally:
if wfile:
wfile.close()
authprivkey = None
# Init with privkey loaded from file
pkey = open(pkiAuthpK, 'rt')
pkeyStr = pkey.read()
pkey.close()
self.__pki = PyKIcore.PyKI(issuerName=issuer,
authKeypass=AuthPkPass,
C=C,
ST=ST,
L=L,
O=O,
OU=OU,
adminEmail=email_param,
verbose=mainVerbosity,
KEY_SIZE=default_pkeySize,
SIGN_ALGO=default_certEncrypt,
KEY_CIPHER=default_pkeyCipher,
CRL_ALGO=crlEncrypt,
authKeylen=pkiAuthKlen,
privkeyStr=pkeyStr)
mainVerbosity = True
# passphrase of the private key requested for pki authentication
#privateKeyPassphrase = getpass('PKI Auth key password: '******'a'
# pki authentication private key path
pkeyPath = "./pki_auth_cert.pem"
# first init, creating private key
if not ospath.exists(pkeyPath):
print(
"\n!!!!! INFO: The auth private key will be saved in " +
pkeyPath +
" !!!!!\n")
pki = PyKIcore.PyKI(
verbose=False,
authKeypass=privateKeyPassphrase,
authKeylen=1024,
KEY_SIZE=1024,
SIGN_ALGO='SHA1')
#pki = PyKIcore.PyKI(verbose = False, authKeypass=privateKeyPassphrase)
# get private key for authentication after first init
authprivkey = pki.initPkey
# writing key to file
try:
wfile = open(pkeyPath, "wt")
except IOError:
print('ERROR: unable to open file ' + pkeyPath)
exit(1)
else:
try:
wfile.write(authprivkey)
#pki = PyKIcore.PyKI(C = "US", ST = "NewYork", L = "Washington", O = "test", OU = "IT ops", adminEmail = '*****@*****.**')
# Init pki with verbosity
#pki = PyKIcore.PyKI(verbose = mainVerbosity)
# Basic pki init
#pki = PyKIcore.PyKI(authKeypass=privateKeyPassphrase)
# first init, creating private key
if not ospath.exists(pkeyPath):
print("\n!!!!! INFO: The private key will be saved in " + pkeyPath +
" !!!!!\n")
pki = PyKIcore.PyKI(
issuerName='PyKI_auto-tester',
verbose=True,
KEY_SIZE=1024,
SIGN_ALGO='SHA1',
authKeypass=privateKeyPassphrase,
authKeylen=1024,
)
# get private key for authentication after first init
authprivkey = pki.initPkey
# writing key to file
try:
wfile = open(pkeyPath, "wt")
except IOError:
print('ERROR: unable to open file ' + pkeyPath)
exit(1)
else:
try:
wfile.write(authprivkey)