From a1e823cc0e594863386ba838c55857d47a322e6f Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 17:25:05 -0400 Subject: [PATCH] mod'd crypto out, clean'd up extra chars --- csrgen.py | 160 +++++++++++++++++++++++++++--------------------------- 1 file changed, 81 insertions(+), 79 deletions(-) diff --git a/csrgen.py b/csrgen.py index bff845b..1f1920e 100755 --- a/csrgen.py +++ b/csrgen.py @@ -2,7 +2,7 @@ # # Generate a key, self-signed certificate, and certificate request. # Usage: csrgen -# +# # When more than one hostname is provided, a SAN (Subject Alternate Name) # certificate and request are generated. This can be acheived by adding -s. # Usage: csrgen -s @@ -14,105 +14,107 @@ # Libraries/Modules from OpenSSL import crypto, SSL -import subprocess -import os -import sys, shutil import argparse + # Generate Certificate Signing Request (CSR) -def generateCSR(nodename, sans = []): +def generateCSR(nodename, sans=[]): + while True: + C = input("Enter your Country Name (2 letter code) [US]: ") + if len(C) != 2: + print("You must enter two letters. You entered %r" % (C)) + continue + ST = input("Enter your State or Province []:California: ") + if len(ST) == 0: + print("Please enter your State or Province.") + continue + L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") + if len(L) == 0: + print("Please enter your City.") + continue + O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") + if len(L) == 0: + print("Please enter your Organization Name.") + continue + OU = input("Enter your Organizational Unit (eg, section) []:IT: ") + if len(OU) == 0: + print("Please enter your OU.") + continue - while True: - C = input("Enter your Country Name (2 letter code) [US]: ") - if len(C) != 2: - print("You must enter two letters. You entered %r" % (C)) - continue - ST = input("Enter your State or Province []:California: ") - if len(ST) == 0: - print( "Please enter your State or Province.") - continue - L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") - if len(L) == 0: - print( "Please enter your City.") - continue - O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") - if len(L) == 0: - print( "Please enter your Organization Name.") - continue - OU =input("Enter your Organizational Unit (eg, section) []:IT: ") - if len(OU) == 0: - print( "Please enter your OU.") - continue - - # Allows you to permanently set values required for CSR - # To use, comment raw_input and uncomment this section. - # C = 'US' - # ST = 'New York' - # L = 'Location' - # O = 'Organization' - # OU = 'Organizational Unit' + # Allows you to permanently set values required for CSR + # To use, comment raw_input and uncomment this section. + # C = 'US' + # ST = 'New York' + # L = 'Location' + # O = 'Organization' + # OU = 'Organizational Unit' - csrfile = 'host.csr' - keyfile = 'host.key' - TYPE_RSA = crypto.TYPE_RSA - # Appends SAN to have 'DNS:' - ss = [] - for i in sans: - ss.append("DNS: %s" % i) - ss = ", ".join(ss) + csrfile = 'host.csr' + keyfile = 'host.key' + TYPE_RSA = crypto.TYPE_RSA + # Appends SAN to have 'DNS:' + ss = [] + for i in sans: + ss.append("DNS: %s" % i) + ss = ", ".join(ss) - req = crypto.X509Req() - req.get_subject().CN = nodename - req.get_subject().countryName = C - req.get_subject().stateOrProvinceName = ST - req.get_subject().localityName = L - req.get_subject().organizationName = O - req.get_subject().organizationalUnitName = OU + req = crypto.X509Req() + req.get_subject().CN = nodename + req.get_subject().countryName = C + req.get_subject().stateOrProvinceName = ST + req.get_subject().localityName = L + req.get_subject().organizationName = O + req.get_subject().organizationalUnitName = OU - # Add in extensions - # added bytearray to string - # before -> "keyUsage" - # after -> b"keyUsage" + # Add in extensions + # added bytearray to string + # before -> "keyUsage" + # after -> b"keyUsage" - base_constraints = ([ - crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), - crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), - ]) - x509_extensions = base_constraints - # If there are SAN entries, append the base_constraints to include them. - if ss: - san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) - x509_extensions.append(san_constraint) - req.add_extensions(x509_extensions) - # Utilizes generateKey function to kick off key generation. - key = generateKey(TYPE_RSA, 2048) - req.set_pubkey(key) + base_constraints = ([ + crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), + crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), + ]) + x509_extensions = base_constraints + # If there are SAN entries, append the base_constraints to include them. + if ss: + san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) + x509_extensions.append(san_constraint) + req.add_extensions(x509_extensions) + # Utilizes generateKey function to kick off key generation. + key = generateKey(TYPE_RSA, 2048) + req.set_pubkey(key) + + # change to sha 256? + # req.sign(key, "sha1") + req.sign(key, "sha256") + + generateFiles(csrfile, req) + generateFiles(keyfile, key) + + return req - #change to sha 256? - #req.sign(key, "sha1") - req.sign(key, "sha256") - generateFiles(csrfile, req) - generateFiles(keyfile, key) - return req # Generate Private Key def generateKey(type, bits): - key = crypto.PKey() key.generate_key(type, bits) return key - + + # Generate .csr/key files. def generateFiles(mkFile, request): - if mkFile == 'host.csr': - f = open(mkFile, "w") - f.write(str(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))) + f = open(mkFile, "wb") + f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) f.close() + + # print test print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) + elif mkFile == 'host.key': - f = open(mkFile, "w") - f.write(str(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))) + f = open(mkFile, "wb") + f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) f.close() else: print("Failed.")