You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 lines
3.6 KiB
98 lines
3.6 KiB
#-*- coding: utf-8 -*-
|
|
|
|
# Copyright 2012 Calculate Ltd. http://www.calculate-linux.org
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import urllib, sys, getopt, os
|
|
from M2Crypto import SSL, httpslib
|
|
from M2Crypto import RSA, X509, EVP, m2, Rand, Err
|
|
import socket
|
|
|
|
def passphrase_callback(v):
|
|
return None
|
|
|
|
def generateRSAKey():
|
|
return RSA.gen_key(2048, m2.RSA_F4)
|
|
|
|
def makePKey(key):
|
|
pkey = EVP.PKey()
|
|
pkey.assign_rsa(key)
|
|
return pkey
|
|
|
|
def makeRequest(pubkey, pkey, serv_host, port):
|
|
""" create query to the signing on server """
|
|
req = X509.Request()
|
|
# Seems to default to 0, but we can now set it as well, so just API test
|
|
req.set_version(req.get_version())
|
|
req.set_pubkey(pkey)
|
|
name = X509.X509_Name()
|
|
c = raw_input (_("Enter certificate data by hand? [y]/n: "))
|
|
if c.lower() in ['n', 'no']:
|
|
name.CN = 'root_cert' #(Common Name);
|
|
name.OU = 'www.calculate-linux.ru' # (Organization Unit);
|
|
name.O = 'calculate-linux'# (Organization Name);
|
|
name.L = '' # (Locality Name);
|
|
name.ST = 'Spb'# (State Name);
|
|
name.C = 'En' # (Country);
|
|
else:
|
|
print _('Do not use space characters and tabs')
|
|
host_name = socket.getfqdn()
|
|
#if serv_host == host_name:
|
|
#print _("\nWant to create self-signed certificate?\n"
|
|
#"Use key --gen-cert-self")
|
|
#return None
|
|
if serv_host in host_name:
|
|
host_name = host_name.replace('.'+serv_host, '')
|
|
list_host_name = host_name.split('.')
|
|
print 'list_host_name = ',list_host_name
|
|
result_host_name = \
|
|
list_host_name[len(list_host_name)-1]+"."+serv_host
|
|
else:
|
|
host_name = socket.getfqdn()
|
|
list_host_name = host_name.split('.')
|
|
result_host_name = list_host_name[0]+"."+serv_host
|
|
name.CN = raw_input (_('Host Name [%s] : ') %result_host_name)
|
|
if name.CN in ['', None]:
|
|
name.CN = result_host_name
|
|
name.OU = raw_input (_('Organization Unit: '))
|
|
if not name.OU:
|
|
name.OU = ''
|
|
else:
|
|
name.OU.replace(' ', '_').replace('\t', '_')
|
|
name.O = raw_input (_('Organization Name: '))
|
|
if not name.O:
|
|
name.O = ''
|
|
else:
|
|
name.O.replace(' ', '_').replace('\t', '_')
|
|
network = _('Full network address (host:port)')
|
|
name.L = raw_input (network + ' [%s:%d]: '\
|
|
%(host_name, port))
|
|
if name.L in ['', None]:
|
|
name.L = host_name + ':' + str(port)
|
|
name.ST = raw_input (_('State Name: '))
|
|
if not name.ST:
|
|
name.ST = ''
|
|
else:
|
|
name.ST.replace(' ', '_').replace('\t', '_')
|
|
name.C = raw_input (_('Country (only TWO letters!): '))
|
|
|
|
req.set_subject_name(name)
|
|
#ext1 = X509.new_extension('nsComment', 'Hello there')
|
|
ext1 = X509.new_extension('Comment', 'Auto Generated')
|
|
extstack = X509.X509_Extension_Stack()
|
|
extstack.push(ext1)
|
|
req.add_extensions(extstack)
|
|
req.sign(pkey, 'md5')
|
|
return req
|