github
/
python-csr
mirror of https://github.com/cottonbeckfield/python-csr
1
0
Fork 0
Code Issues Releases Wiki Activity

revert to 2.7 format 

removed unused imports
pull/3/head
Ed Rantanen 2016-06-03 19:11:40 -04:00
parent 63bc0738b4
commit 93ef3e2e49
1 changed files with 72 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
csrgen.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/env python3 #!/usr/bin/env python
# #
# Generate a key, self-signed certificate, and certificate request. # Generate a key, self-signed certificate, and certificate request.
# Usage: csrgen <fqdn> # Usage: csrgen <fqdn>
@ -9,36 +9,35 @@
# #
# Author: Courtney Cotton <cotton@cottoncourtney.com> 06-25-2014 # Author: Courtney Cotton <cotton@cottoncourtney.com> 06-25-2014
# mod'd for python 3.5
# Libraries/Modules # Libraries/Modules
from OpenSSL import crypto, SSL
import argparse import argparse
from OpenSSL import crypto
# Generate Certificate Signing Request (CSR) # Generate Certificate Signing Request (CSR)
def generateCSR(nodename, sans = []): def generateCSR(nodename, sans = []):
while True: while True:
C = input("Enter your Country Name (2 letter code) [US]: ") C = raw_input("Enter your Country Name (2 letter code) [US]: ")
if len(C) != 2: if len(C) != 2:
print("You must enter two letters. You entered %r" % (C)) print "You must enter two letters. You entered %r" % (C)
continue continue
ST = input("Enter your State or Province <full name> []:California: ") ST = raw_input("Enter your State or Province <full name> []:California: ")
if len(ST) == 0: if len(ST) == 0:
print("Please enter your State or Province.") print "Please enter your State or Province."
continue continue
L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") L = raw_input("Enter your (Locality Name (eg, city) []:San Francisco: ")
if len(L) == 0: if len(L) == 0:
print("Please enter your City.") print "Please enter your City."
continue continue
O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") O = raw_input("Enter your Organization Name (eg, company) []:FTW Enterprise: ")
if len(L) == 0: if len(L) == 0:
print("Please enter your Organization Name.") print "Please enter your Organization Name."
continue continue
OU = input("Enter your Organizational Unit (eg, section) []:IT: ") OU = raw_input("Enter your Organizational Unit (eg, section) []:IT: ")
if len(OU) == 0: if len(OU) == 0:
print("Please enter your OU.") print "Please enter your OU."
continue continue
# Allows you to permanently set values required for CSR # Allows you to permanently set values required for CSR
@ -65,64 +64,50 @@ def generateCSR(nodename, sans=[]):
req.get_subject().localityName = L req.get_subject().localityName = L
req.get_subject().organizationName = O req.get_subject().organizationName = O
req.get_subject().organizationalUnitName = OU req.get_subject().organizationalUnitName = OU
# Add in extensions # Add in extensions
# added bytearray to string
# before -> "keyUsage"
# after -> b"keyUsage"
base_constraints = ([ base_constraints = ([
crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), crypto.X509Extension("keyUsage", False, "Digital Signature, Non Repudiation, Key Encipherment"),
crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), crypto.X509Extension("basicConstraints", False, "CA:FALSE"),
]) ])
x509_extensions = base_constraints x509_extensions = base_constraints
# If there are SAN entries, append the base_constraints to include them. # If there are SAN entries, append the base_constraints to include them.
if ss: if ss:
san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) san_constraint = crypto.X509Extension("subjectAltName", False, ss)
x509_extensions.append(san_constraint) x509_extensions.append(san_constraint)
req.add_extensions(x509_extensions) req.add_extensions(x509_extensions)
# Utilizes generateKey function to kick off key generation. # Utilizes generateKey function to kick off key generation.
key = generateKey(TYPE_RSA, 2048) key = generateKey(TYPE_RSA, 2048)
req.set_pubkey(key) req.set_pubkey(key)
req.sign(key, "sha1")
# change to sha 256?
# req.sign(key, "sha1")
req.sign(key, "sha256")
generateFiles(csrfile, req) generateFiles(csrfile, req)
generateFiles(keyfile, key) generateFiles(keyfile, key)
return req return req
# Generate Private Key # Generate Private Key
def generateKey(type, bits): def generateKey(type, bits):
key = crypto.PKey() key = crypto.PKey()
key.generate_key(type, bits) key.generate_key(type, bits)
return key return key
# Generate .csr/key files. # Generate .csr/key files.
def generateFiles(mkFile, request): def generateFiles(mkFile, request):
if mkFile == 'host.csr': if mkFile == 'host.csr':
f = open(mkFile, "wb") f = open(mkFile, "w")
f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))
f.close() f.close()
print crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)
# print test
print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))
elif mkFile == 'host.key': elif mkFile == 'host.key':
f = open(mkFile, "wb") f = open(mkFile, "w")
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))
f.close() f.close()
else: else:
print("Failed.") print "Failed."
exit() exit()
# Run Portion # Run Portion
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument("name", help="Provide the FQDN", action="store") parser.add_argument("name", help="Provide the FQDN", action="store")
parser.add_argument("-s", "--san", help="SANS", action="store", nargs='*', default="") parser.add_argument("-s", "--san", help="SANS", action="store", nargs='*', default="")
@ -130,4 +115,5 @@ args = parser.parse_args()
hostname = args.name hostname = args.name
sans = args.san sans = args.san
generateCSR(hostname, sans) generateCSR(hostname, sans)