def sign_csr(csr,ca_cn,attrib,algorithm='sha512',expires=1825): ca = CertificateAuthority.objects.get(cn=ca_cn) # TODO: Check to see if the certificate already exists, and if so, is it the same user? Revoke the old one? cert = Certificate(ca=ca, csr=csr) expiry = datetime.datetime.now() + datetime.timedelta(expires) cert.x509 = Certificate.objects.init( ca=ca, csr=csr, algorithm=algorithm, expires=expiry, subject={'CN': attrib.get('CN'), }, subjectAltName=attrib['san']) cert.save() return cert.pub
def create_cert(cls, ca, csr, subject, san=None, **kwargs): cert_kwargs = get_cert_profile_kwargs() cert_kwargs.update(kwargs) cert_kwargs.setdefault('subject', {}) cert_kwargs['subject'].update(subject) x509 = Certificate.objects.init(ca=ca, csr=csr, algorithm='sha256', expires=720, subjectAltName=san, **cert_kwargs) expires = parse_date(x509.get_notAfter().decode('utf-8')) cert = Certificate(ca=ca, csr=csr, expires=expires) cert.x509 = x509 cert.save() return cert
def create_cert(cls, ca, csr, subject, san=None, **kwargs): cert_kwargs = get_cert_profile_kwargs() cert_kwargs.update(kwargs) cert_kwargs.setdefault('subject', {}) cert_kwargs['subject'].update(subject) x509 = Certificate.objects.init( ca=ca, csr=csr, algorithm='sha256', expires=cls.expires(720), subjectAltName=san, **cert_kwargs) expires = parse_date(x509.get_notAfter().decode('utf-8')) cert = Certificate(ca=ca, csr=csr, expires=expires) cert.x509 = x509 cert.save() return cert
def handle(self, *args, **options): if not options['CN'] and not options['alt']: raise CommandError("Must give at least --CN or one or more --alt arguments.") # construct subject subject = OrderedDict() for field in ['C', 'ST', 'L', 'O', 'OU', 'CN', ]: if options.get(field): subject[field] = options[field] if options.get('E'): subject['emailAddress'] = options['E'] if options['csr'] is None: print('Please paste the CSR:') csr = '' while not csr.endswith('-----END CERTIFICATE REQUEST-----\n'): csr += '%s\n' % six.moves.input() csr = csr.strip() else: csr = open(options['csr']).read() # get list of watchers watchers = [Watcher.from_addr(addr) for addr in options['watch']] # get keyUsage and extendedKeyUsage flags based on profiles kwargs = get_cert_profile_kwargs(options['profile']) if options['cn_in_san'] is not None: kwargs['cn_in_san'] = options['cn_in_san'] if options['key_usage']: kwargs['keyUsage'] = self.parse_extension(options['key_usage']) if options['ext_key_usage']: kwargs['extendedKeyUsage'] = self.parse_extension(options['ext_key_usage']) if subject: kwargs['subject'] = subject expires = datetime.today() + timedelta(days=options['days'] + 1) expires = expires.replace(hour=0, minute=0, second=0, microsecond=0) x509 = get_cert(csr=csr, expires=expires, subjectAltName=options['alt'], **kwargs) cert = Certificate(csr=csr, expires=expires) cert.x509 = x509 cert.save() cert.watchers.add(*watchers) if options['out']: with open(options['out'], 'w') as f: f.write(cert.pub.decode('utf-8')) else: self.stdout.write(cert.pub.decode('utf-8'))
def handle(self, pub, **options): pub_data = pub.read() # load public key try: pub_loaded = x509.load_pem_x509_certificate( pub_data, default_backend()) except: try: pub_loaded = x509.load_der_x509_certificate( pub_data, default_backend()) except: raise CommandError('Unable to load public key.') cert = Certificate(ca=options['ca']) cert.x509 = pub_loaded cert.save()
def load_cert(cls, ca, x509): cert = Certificate(ca=ca, csr='none') cert.x509 = x509 cert.save() return cert