github
/
python-csr
mirror of https://github.com/cottonbeckfield/python-csr
1
0
Fork 0
Code Issues Releases Wiki Activity

Setting log location to wherever the script is called. 

x On a Mac, /var/log/ is owned by root and wheel, with non-writable permissions.
  Temporary workaround until code can be put in to determine
  what OS you are running on, for proper logging location.
pull/10/head
Cotton 2018-06-15 13:37:28 -07:00
parent 5e0091acfc
commit 3c8f316fa0
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
csr_tools/csrgen.py
View File

@ -29,7 +29,7 @@ class Certificate:
def __init__(self, logger, opts={}): def __init__(self, logger, opts={}):
self._logger = logger self._logger = logger
self.allowed = ["Digital Signature", "Non Repudiation", "Key Encipherment"] self.allowed = ["Digital Signature", "Non Repudiation", "Key Encipherment"]
# Set default usage # Set default usage
self._level = logging.WARNING self._level = logging.WARNING
self._key_size = 2048 self._key_size = 2048
@ -64,8 +64,8 @@ class Certificate:
for usage in opts['usage']: for usage in opts['usage']:
if usage not in self.allowed: if usage not in self.allowed:
raise Exception('Invalid key usage: {u}'.format(u=usage)) raise Exception('Invalid key usage: {u}'.format(u=usage))
self.usage = opts['usage'] self.usage = opts['usage']
del opts['usage'] del opts['usage']
except KeyError: except KeyError:
# Keep server default if no usage is set # Keep server default if no usage is set
pass pass
@ -73,7 +73,7 @@ class Certificate:
self.opts = opts self.opts = opts
self.output('[*] We have already set options:',level=logging.DEBUG) self.output('[*] We have already set options:',level=logging.DEBUG)
self.output('{o}'.format(o=self.opts),level=logging.DEBUG) self.output('{o}'.format(o=self.opts),level=logging.DEBUG)
def _header(self): def _header(self):
self.output('\t\t..:: Certificate Signing Request (CSR) Generator ::..\n') self.output('\t\t..:: Certificate Signing Request (CSR) Generator ::..\n')
@ -140,14 +140,14 @@ class Certificate:
crypto.X509Extension("basicConstraints", False, "CA:{c}".format(c=self._isCA())), crypto.X509Extension("basicConstraints", False, "CA:{c}".format(c=self._isCA())),
]) ])
x509_extensions = base_constraints x509_extensions = base_constraints
# If there are SAN entries, append the base_constraints to include them. # If there are SAN entries, append the base_constraints to include them.
if len(ss): if len(ss):
san_constraint = crypto.X509Extension("subjectAltName", False, ss) san_constraint = crypto.X509Extension("subjectAltName", False, ss)
x509_extensions.append(san_constraint) x509_extensions.append(san_constraint)
req.add_extensions(x509_extensions) req.add_extensions(x509_extensions)
# Utilizes generateKey function to kick off key generation. # Utilizes generateKey function to kick off key generation.
key = self.generateKey(TYPE_RSA, self._key_size) key = self.generateKey(TYPE_RSA, self._key_size)
req.set_pubkey(key) req.set_pubkey(key)
@ -162,7 +162,7 @@ class Certificate:
for k,v in self.opts.items(): for k,v in self.opts.items():
if k is 'hostname': if k is 'hostname':
self.output("\t[CN]\t\t-> {v}".format(k=k,v=v)) self.output("\t[CN]\t\t-> {v}".format(k=k,v=v))
else: else:
self.output("\t[{k}]\t\t-> {v}".format(k=k,v=v)) self.output("\t[{k}]\t\t-> {v}".format(k=k,v=v))
return req return req
@ -215,7 +215,7 @@ class Certificate:
continue continue
if len(v) is 0: if len(v) is 0:
continue continue
try: try:
self.opts[k] = str(v) self.opts[k] = str(v)
except Exception: except Exception:
@ -251,10 +251,10 @@ class Certificate:
"""Generate Private Key """Generate Private Key
""" """
self.output('[+] Generate certificate seed Key...') self.output('[+] Generate certificate seed Key...')
key = crypto.PKey() key = crypto.PKey()
key.generate_key(type, bits) key.generate_key(type, bits)
return key return key
def generateFiles(self, mkFile, request): def generateFiles(self, mkFile, request):
@ -267,7 +267,7 @@ class Certificate:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))
else: else:
self.output("[!] Failed to create CSR/Key files", level=logging.ERROR) self.output("[!] Failed to create CSR/Key files", level=logging.ERROR)
def output(self, msg, level=logging.WARNING): def output(self, msg, level=logging.WARNING):
"""Generate output to CLI and log file """Generate output to CLI and log file
""" """
@ -299,7 +299,7 @@ class Authority(Certificate):
except Exception as err: except Exception as err:
raise Exception("Error at {n} initialization: {e}".format(n=self._name, e=err)) raise Exception("Error at {n} initialization: {e}".format(n=self._name, e=err))
self._ca = True self._ca = True
def initialize(self): def initialize(self):
self.generateCSR() self.generateCSR()
@ -307,7 +307,7 @@ class Authority(Certificate):
def main(argv): def main(argv):
# Define default values # Define default values
VERBOSE = False VERBOSE = False
LOG_FILE = "/var/log/certGen.log" LOG_FILE = "./certGen.log"
LOG_LEVEL = logging.WARNING LOG_LEVEL = logging.WARNING
opts = {} opts = {}
@ -324,7 +324,7 @@ def main(argv):
parser.add_argument("-f", "--file", help="Load hosts file (CN and optional Alternate Names) list", action="store", default="") parser.add_argument("-f", "--file", help="Load hosts file (CN and optional Alternate Names) list", action="store", default="")
parser.add_argument("-a", "--authority", help="Generate Authority certificate (Default is server)", action="store_true") parser.add_argument("-a", "--authority", help="Generate Authority certificate (Default is server)", action="store_true")
parser.add_argument("-c", "--client", help="Generate client certificate (Default is server)", action="store_true") parser.add_argument("-c", "--client", help="Generate client certificate (Default is server)", action="store_true")
args = parser.parse_args() args = parser.parse_args()
# Run the primary function. # Run the primary function.
@ -336,7 +336,7 @@ def main(argv):
if args.verbose: if args.verbose:
VERBOSE = True VERBOSE = True
opts['verbose'] = VERBOSE opts['verbose'] = VERBOSE
if args.debug: if args.debug:
@ -374,7 +374,7 @@ def main(argv):
sys.stdout.write('[!] You can not specify alternative names with client certificates') sys.stdout.write('[!] You can not specify alternative names with client certificates')
sys.exit(1) sys.exit(1)
opts['usage'] = ["digitalSignature"] opts['usage'] = ["digitalSignature"]
# Store infos if set # Store infos if set
if args.name: if args.name:
opts['hostname'] = args.name opts['hostname'] = args.name
@ -390,7 +390,7 @@ def main(argv):
# Run interactively if needed for C, ST, L, O, OU values # Run interactively if needed for C, ST, L, O, OU values
cert.getCSRSubjects() cert.getCSRSubjects()
if args.file: if args.file:
cert.generateFromFile(args.file) cert.generateFromFile(args.file)
else: else:
@ -403,4 +403,4 @@ def main(argv):
sys.stdout.write('\nBye! ;)\n') sys.stdout.write('\nBye! ;)\n')
if __name__ == '__main__': if __name__ == '__main__':
main(sys.argv) main(sys.argv)