/src/openssl.py - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

| Větev: | Tag: | Revize:

aswi2021jmsd-gitlab/src/openssl.py @ 348a4758

       import subprocess
       import os
       from time import time
       CONFIG_NAME = "../config"
       ROOT_KEY_NAME = "root"
       ROOT_KEY_PASS = "secret_pass"
       ROOT_CERT_NAME = "rootCA"
       SOME_CERT_KEY_NAME = "somecert"
       SOME_CERT_KEY_PASS = "another_secret_pass"
       SOME_CERT_NAME = "somecert"
       def make_private_key(name, passphrase):
           subprocess.run(["openssl",
                           "genrsa",               # generate a private key for RSA encryption scheme
                           "-des3",                # use DES3 for encryption by passphrase
                           "-out", f"{name}.key",  # output specification
                           "2048"],                # bits
                          input=bytes(             # input required to interact with openssl's CLI
                              f'{passphrase}\n'    # openssl queries for passphrase, respond and return
                              f'{passphrase}\n',   # openssl queries for passphrase verification, respond and return
                              encoding='utf-8')    # use standard encoding for input stream
+                         )
       def declare_root_CA(name, key_name, key_passphrase):
           print("declare root CA")
           subprocess.run(
               ["openssl", "req", "-x509", "-new", "-nodes", "-key", key_name + ".key", "-sha256", "-days", "1825", "-out",
                name + ".crt", "-config", "../root_ca_conf.cnf"], input=bytes(f'{key_passphrase}\nCZ\nPilsen Region\nPilsen\nJSMD\nDepartment of Mysteries\nMd, Js\ninfo@jsmd.gov\n', encoding='utf-8'))
       def make_certificate_sign_request(name, key_name, key_passphrase):
           print("make CSR")
           subprocess.run(
               ["openssl", "req", "-new", "-key", key_name + ".key", "-out",
                name + ".csr"], input=bytes(f'{key_passphrase}\nCZ\nPilsen Region\nPilsen\nSome Randoes, a. s.\nBruh\nRando, A\neggsdee@centrum.cz.seznam\n\n\n', encoding='utf-8'))
       def sign_certificate(name, request_name, ca_certificate, ca_key, ca_pass, config_name):
           print("sign certificate by CA")
           subprocess.run(
               ["openssl", "x509", "-req", "-in", request_name + ".csr", "-CA", ca_certificate + ".crt", "-CAkey", ca_key + ".key",
                "-CAcreateserial", "-out", name + ".crt", "-days", "123", "-sha256", "-extfile", config_name + ".ext"], input=bytes(ca_pass + "\n", encoding='utf-8'))
       def setup():
           make_private_key(ROOT_KEY_NAME, ROOT_KEY_PASS)
           declare_root_CA(ROOT_CERT_NAME, ROOT_KEY_NAME, ROOT_KEY_PASS)
       def cert():
           make_private_key(SOME_CERT_KEY_NAME, SOME_CERT_KEY_PASS)
           make_certificate_sign_request(SOME_CERT_NAME, SOME_CERT_KEY_NAME, SOME_CERT_KEY_PASS)
           sign_certificate(SOME_CERT_NAME, SOME_CERT_NAME, ROOT_CERT_NAME, ROOT_KEY_NAME, ROOT_KEY_PASS, CONFIG_NAME)
       def test():
           subprocess.run("openssl x509 -text -noout -in rootCA.crt")
           subprocess.run("openssl rsa -in some_cert.key -check")
       if __name__ == '__main__':
           os.chdir("cert")
           setup()
           cert()
           # test()

(4-4/5)

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD