| 1 |
348a4758
|
Captain_Trojan
|
import subprocess
|
| 2 |
|
|
import os
|
| 3 |
|
|
from time import time
|
| 4 |
|
|
|
| 5 |
|
|
CONFIG_NAME = "../config"
|
| 6 |
|
|
|
| 7 |
|
|
ROOT_KEY_NAME = "root"
|
| 8 |
|
|
ROOT_KEY_PASS = "secret_pass"
|
| 9 |
|
|
ROOT_CERT_NAME = "rootCA"
|
| 10 |
|
|
|
| 11 |
|
|
SOME_CERT_KEY_NAME = "somecert"
|
| 12 |
|
|
SOME_CERT_KEY_PASS = "another_secret_pass"
|
| 13 |
|
|
SOME_CERT_NAME = "somecert"
|
| 14 |
|
|
|
| 15 |
|
|
|
| 16 |
|
|
def make_private_key(name, passphrase):
|
| 17 |
|
|
subprocess.run(["openssl",
|
| 18 |
|
|
"genrsa", # generate a private key for RSA encryption scheme
|
| 19 |
|
|
"-des3", # use DES3 for encryption by passphrase
|
| 20 |
|
|
"-out", f"{name}.key", # output specification
|
| 21 |
|
|
"2048"], # bits
|
| 22 |
|
|
|
| 23 |
|
|
input=bytes( # input required to interact with openssl's CLI
|
| 24 |
|
|
f'{passphrase}\n' # openssl queries for passphrase, respond and return
|
| 25 |
|
|
f'{passphrase}\n', # openssl queries for passphrase verification, respond and return
|
| 26 |
|
|
encoding='utf-8') # use standard encoding for input stream
|
| 27 |
|
|
)
|
| 28 |
|
|
|
| 29 |
|
|
|
| 30 |
|
|
def declare_root_CA(name, key_name, key_passphrase):
|
| 31 |
|
|
print("declare root CA")
|
| 32 |
|
|
subprocess.run(
|
| 33 |
|
|
["openssl", "req", "-x509", "-new", "-nodes", "-key", key_name + ".key", "-sha256", "-days", "1825", "-out",
|
| 34 |
|
|
name + ".crt", "-config", "../root_ca_conf.cnf"], input=bytes(f'{key_passphrase}\nCZ\nPilsen Region\nPilsen\nJSMD\nDepartment of Mysteries\nMd, Js\ninfo@jsmd.gov\n', encoding='utf-8'))
|
| 35 |
|
|
|
| 36 |
|
|
|
| 37 |
|
|
def make_certificate_sign_request(name, key_name, key_passphrase):
|
| 38 |
|
|
print("make CSR")
|
| 39 |
|
|
subprocess.run(
|
| 40 |
|
|
["openssl", "req", "-new", "-key", key_name + ".key", "-out",
|
| 41 |
|
|
name + ".csr"], input=bytes(f'{key_passphrase}\nCZ\nPilsen Region\nPilsen\nSome Randoes, a. s.\nBruh\nRando, A\neggsdee@centrum.cz.seznam\n\n\n', encoding='utf-8'))
|
| 42 |
|
|
|
| 43 |
|
|
|
| 44 |
|
|
def sign_certificate(name, request_name, ca_certificate, ca_key, ca_pass, config_name):
|
| 45 |
|
|
print("sign certificate by CA")
|
| 46 |
|
|
subprocess.run(
|
| 47 |
|
|
["openssl", "x509", "-req", "-in", request_name + ".csr", "-CA", ca_certificate + ".crt", "-CAkey", ca_key + ".key",
|
| 48 |
|
|
"-CAcreateserial", "-out", name + ".crt", "-days", "123", "-sha256", "-extfile", config_name + ".ext"], input=bytes(ca_pass + "\n", encoding='utf-8'))
|
| 49 |
|
|
|
| 50 |
|
|
|
| 51 |
|
|
def setup():
|
| 52 |
|
|
make_private_key(ROOT_KEY_NAME, ROOT_KEY_PASS)
|
| 53 |
|
|
declare_root_CA(ROOT_CERT_NAME, ROOT_KEY_NAME, ROOT_KEY_PASS)
|
| 54 |
|
|
|
| 55 |
|
|
|
| 56 |
|
|
def cert():
|
| 57 |
|
|
make_private_key(SOME_CERT_KEY_NAME, SOME_CERT_KEY_PASS)
|
| 58 |
|
|
make_certificate_sign_request(SOME_CERT_NAME, SOME_CERT_KEY_NAME, SOME_CERT_KEY_PASS)
|
| 59 |
|
|
sign_certificate(SOME_CERT_NAME, SOME_CERT_NAME, ROOT_CERT_NAME, ROOT_KEY_NAME, ROOT_KEY_PASS, CONFIG_NAME)
|
| 60 |
|
|
|
| 61 |
|
|
|
| 62 |
|
|
def test():
|
| 63 |
|
|
subprocess.run("openssl x509 -text -noout -in rootCA.crt")
|
| 64 |
|
|
subprocess.run("openssl rsa -in some_cert.key -check")
|
| 65 |
|
|
|
| 66 |
|
|
|
| 67 |
|
|
if __name__ == '__main__':
|
| 68 |
|
|
os.chdir("cert")
|
| 69 |
|
|
setup()
|
| 70 |
|
|
cert()
|
| 71 |
|
|
# test()
|