github
/
python-csr
mirror of https://github.com/cottonbeckfield/python-csr
1
0
Fork 0
Code Issues Releases Wiki Activity

mod'd crypto out, 

clean'd up extra chars
pull/3/head
Ed Rantanen 2016-06-03 17:25:05 -04:00
parent 4ac7e43718
commit a1e823cc0e
1 changed files with 81 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
csrgen.py
View File

@ -14,105 +14,107 @@
# Libraries/Modules # Libraries/Modules
from OpenSSL import crypto, SSL from OpenSSL import crypto, SSL
import subprocess
import os
import sys, shutil
import argparse import argparse
# Generate Certificate Signing Request (CSR) # Generate Certificate Signing Request (CSR)
def generateCSR(nodename, sans = []): def generateCSR(nodename, sans=[]):
while True:
C = input("Enter your Country Name (2 letter code) [US]: ")
if len(C) != 2:
print("You must enter two letters. You entered %r" % (C))
continue
ST = input("Enter your State or Province <full name> []:California: ")
if len(ST) == 0:
print("Please enter your State or Province.")
continue
L = input("Enter your (Locality Name (eg, city) []:San Francisco: ")
if len(L) == 0:
print("Please enter your City.")
continue
O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ")
if len(L) == 0:
print("Please enter your Organization Name.")
continue
OU = input("Enter your Organizational Unit (eg, section) []:IT: ")
if len(OU) == 0:
print("Please enter your OU.")
continue
while True: # Allows you to permanently set values required for CSR
C = input("Enter your Country Name (2 letter code) [US]: ") # To use, comment raw_input and uncomment this section.
if len(C) != 2: # C = 'US'
print("You must enter two letters. You entered %r" % (C)) # ST = 'New York'
continue # L = 'Location'
ST = input("Enter your State or Province <full name> []:California: ") # O = 'Organization'
if len(ST) == 0: # OU = 'Organizational Unit'
print( "Please enter your State or Province.")
continue
L = input("Enter your (Locality Name (eg, city) []:San Francisco: ")
if len(L) == 0:
print( "Please enter your City.")
continue
O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ")
if len(L) == 0:
print( "Please enter your Organization Name.")
continue
OU =input("Enter your Organizational Unit (eg, section) []:IT: ")
if len(OU) == 0:
print( "Please enter your OU.")
continue
# Allows you to permanently set values required for CSR csrfile = 'host.csr'
# To use, comment raw_input and uncomment this section. keyfile = 'host.key'
# C = 'US' TYPE_RSA = crypto.TYPE_RSA
# ST = 'New York' # Appends SAN to have 'DNS:'
# L = 'Location' ss = []
# O = 'Organization' for i in sans:
# OU = 'Organizational Unit' ss.append("DNS: %s" % i)
ss = ", ".join(ss)
csrfile = 'host.csr' req = crypto.X509Req()
keyfile = 'host.key' req.get_subject().CN = nodename
TYPE_RSA = crypto.TYPE_RSA req.get_subject().countryName = C
# Appends SAN to have 'DNS:' req.get_subject().stateOrProvinceName = ST
ss = [] req.get_subject().localityName = L
for i in sans: req.get_subject().organizationName = O
ss.append("DNS: %s" % i) req.get_subject().organizationalUnitName = OU
ss = ", ".join(ss)
req = crypto.X509Req() # Add in extensions
req.get_subject().CN = nodename # added bytearray to string
req.get_subject().countryName = C # before -> "keyUsage"
req.get_subject().stateOrProvinceName = ST # after -> b"keyUsage"
req.get_subject().localityName = L
req.get_subject().organizationName = O
req.get_subject().organizationalUnitName = OU
# Add in extensions base_constraints = ([
# added bytearray to string crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"),
# before -> "keyUsage" crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"),
# after -> b"keyUsage" ])
x509_extensions = base_constraints
# If there are SAN entries, append the base_constraints to include them.
if ss:
san_constraint = crypto.X509Extension(b"subjectAltName", False, ss)
x509_extensions.append(san_constraint)
req.add_extensions(x509_extensions)
# Utilizes generateKey function to kick off key generation.
key = generateKey(TYPE_RSA, 2048)
req.set_pubkey(key)
base_constraints = ([ # change to sha 256?
crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), # req.sign(key, "sha1")
crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), req.sign(key, "sha256")
])
x509_extensions = base_constraints generateFiles(csrfile, req)
# If there are SAN entries, append the base_constraints to include them. generateFiles(keyfile, key)
if ss:
san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) return req
x509_extensions.append(san_constraint)
req.add_extensions(x509_extensions)
# Utilizes generateKey function to kick off key generation.
key = generateKey(TYPE_RSA, 2048)
req.set_pubkey(key)
#change to sha 256?
#req.sign(key, "sha1")
req.sign(key, "sha256")
generateFiles(csrfile, req)
generateFiles(keyfile, key)
return req
# Generate Private Key # Generate Private Key
def generateKey(type, bits): def generateKey(type, bits):
key = crypto.PKey() key = crypto.PKey()
key.generate_key(type, bits) key.generate_key(type, bits)
return key return key
# Generate .csr/key files. # Generate .csr/key files.
def generateFiles(mkFile, request): def generateFiles(mkFile, request):
if mkFile == 'host.csr': if mkFile == 'host.csr':
f = open(mkFile, "w") f = open(mkFile, "wb")
f.write(str(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))) f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))
f.close() f.close()
# print test
print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))
elif mkFile == 'host.key': elif mkFile == 'host.key':
f = open(mkFile, "w") f = open(mkFile, "wb")
f.write(str(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))) f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))
f.close() f.close()
else: else:
print("Failed.") print("Failed.")