github
/
python-csr
mirror of https://github.com/cottonbeckfield/python-csr
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #16 from cottonbeckfield/revert-15-master 

Revert "python3 support". Unfortunately I had messed up the settings that stopped a branch from being fully merged if it failed tests -- and the error was:

 ERROR: No matching distribution found for setuptools==45.2.0 (from -r requirements.txt (line 1))
pull/17/head
Cotton Beckfield 2021-02-01 00:30:44 -08:00 committed by GitHub
parent 0d78ed1e03 fd6e008957
commit fee7bbd880
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
csrgen.py
View File

@ -22,7 +22,6 @@
import sys, platform, yaml import sys, platform, yaml
import argparse, logging, logging.handlers import argparse, logging, logging.handlers
from OpenSSL import crypto, SSL from OpenSSL import crypto, SSL
import ipaddress
__version__ = '1.1.0' __version__ = '1.1.0'
@ -83,12 +82,12 @@ class Certificate:
def _ask(self, msg, country=False, default=None): def _ask(self, msg, country=False, default=None):
while True: while True:
rep = input(msg) rep = raw_input(msg)
if country and (len(rep)) and (len(rep) != 2): if country and (len(rep)) and (len(rep) != 2):
self.output('[!] Sorry this value is invalid (should be two letters only).') self.output('[!] Sorry this value is invalid (should be two letters only).')
continue continue
if len(rep) == 0: if len(rep) is 0:
if default == None: if default is None:
self.output('[!] Sorry this value is mandatory.') self.output('[!] Sorry this value is mandatory.')
continue continue
rep = default rep = default
@ -113,15 +112,7 @@ class Certificate:
ss = [] ss = []
try: try:
for entry in self.opts['sans']: for entry in self.opts['sans']:
try: ss.append("DNS: {e}".format(e=entry))
is_ip = bool(ipaddress.ip_address(entry))
except ValueError:
is_ip = False
if is_ip:
ss.append("IP: {e}".format(e=entry))
else:
ss.append("DNS: {e}".format(e=entry))
except KeyError: except KeyError:
pass pass
ss = ", ".join(ss) ss = ", ".join(ss)
@ -145,14 +136,14 @@ class Certificate:
# Add in extensions # Add in extensions
base_constraints = ([ base_constraints = ([
crypto.X509Extension(bytes("keyUsage",'ascii'), False, bytes(self.usage, 'ascii')), crypto.X509Extension("keyUsage", False, self.usage),
crypto.X509Extension(bytes("basicConstraints",'ascii'), False, bytes("CA:{c}".format(c=self._isCA()),'ascii')), crypto.X509Extension("basicConstraints", False, "CA:{c}".format(c=self._isCA())),
]) ])
x509_extensions = base_constraints x509_extensions = base_constraints
# If there are SAN entries, append the base_constraints to include them. # If there are SAN entries, append the base_constraints to include them.
if len(ss): if len(ss):
san_constraint = crypto.X509Extension(bytes("subjectAltName",'ascii'), False, bytes(ss,'ascii')) san_constraint = crypto.X509Extension("subjectAltName", False, ss)
x509_extensions.append(san_constraint) x509_extensions.append(san_constraint)
req.add_extensions(x509_extensions) req.add_extensions(x509_extensions)
@ -168,8 +159,8 @@ class Certificate:
self.generateFiles(keyfile, key) self.generateFiles(keyfile, key)
self.output("\n[+] Your CSR and certificate ({s} bits) are now generated with:".format(s=self._key_size)) self.output("\n[+] Your CSR and certificate ({s} bits) are now generated with:".format(s=self._key_size))
for k,v in list(self.opts.items()): for k,v in self.opts.items():
if k == 'hostname': if k is 'hostname':
self.output("\t[CN]\t\t-> {v}".format(k=k,v=v)) self.output("\t[CN]\t\t-> {v}".format(k=k,v=v))
else: else:
self.output("\t[{k}]\t\t-> {v}".format(k=k,v=v)) self.output("\t[{k}]\t\t-> {v}".format(k=k,v=v))
@ -189,15 +180,15 @@ class Certificate:
self.output('[*] Field {n} is NOT set'.format(n=field), level=logging.DEBUG) self.output('[*] Field {n} is NOT set'.format(n=field), level=logging.DEBUG)
pass pass
if field == 'C': if field is 'C':
self.opts['C'] = self._ask("Enter your Country Name (2 letter code) [US]: ", default='US', country=True) self.opts['C'] = self._ask("Enter your Country Name (2 letter code) [US]: ", default='US', country=True)
elif field == 'ST': elif field is 'ST':
self.opts['ST'] = self._ask("Enter your State or Province <full name> [California]: ", default='California') self.opts['ST'] = self._ask("Enter your State or Province <full name> [California]: ", default='California')
elif field == 'L': elif field is 'L':
self.opts['L'] = self._ask("Enter your (Locality Name (eg, city) [San Francisco]: ", default='San Francisco') self.opts['L'] = self._ask("Enter your (Locality Name (eg, city) [San Francisco]: ", default='San Francisco')
elif field == 'O': elif field is 'O':
self.opts['O'] = self._ask("Enter your Organization Name (eg, company) [FTW Enterprise]: ", default='FTW Enterprise') self.opts['O'] = self._ask("Enter your Organization Name (eg, company) [FTW Enterprise]: ", default='FTW Enterprise')
elif field == 'OU': elif field is 'OU':
self.opts['OU'] = self._ask("Enter your Organizational Unit (eg, section) [IT]: ", default='IT') self.opts['OU'] = self._ask("Enter your Organizational Unit (eg, section) [IT]: ", default='IT')
# Parse the contents of the YAML file and then # Parse the contents of the YAML file and then
@ -209,10 +200,10 @@ class Certificate:
except Exception as err: except Exception as err:
raise Exception(err) raise Exception(err)
for k,v in list(cfg.items()): for k,v in cfg.items():
if (k == 'C') and len(v) != 2: if (k is 'C') and len(v) != 2:
continue continue
if len(v) == 0: if len(v) is 0:
continue continue
try: try:
@ -230,7 +221,7 @@ class Certificate:
raise Exception(err) raise Exception(err)
self.output('[+] Generate certificates for:') self.output('[+] Generate certificates for:')
for k,v in list(cfg.items()): for k,v in cfg.items():
self.opts['hostname'] = cfg[k]['hostname'] self.opts['hostname'] = cfg[k]['hostname']
if cfg[k]['sans']: if cfg[k]['sans']:
self.opts['sans'] = cfg[k]['sans'] self.opts['sans'] = cfg[k]['sans']
@ -261,9 +252,9 @@ class Certificate:
""" """
with open(mkFile, "w") as f: with open(mkFile, "w") as f:
if ".csr" in mkFile: if ".csr" in mkFile:
f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request).decode()) f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))
elif ".key" in mkFile: elif ".key" in mkFile:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request).decode()) f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))
else: else:
self.output("[!] Failed to create CSR/Key files", level=logging.ERROR) self.output("[!] Failed to create CSR/Key files", level=logging.ERROR)
@ -272,15 +263,15 @@ class Certificate:
""" """
# Output to log # Output to log
if level == logging.DEBUG: if level == logging.DEBUG:
self._logger.debug(msg) self._logger.debug(msg)
elif level == logging.INFO: elif level == logging.INFO:
self._logger.info(msg) self._logger.info(msg)
elif level == logging.WARNING: elif level == logging.WARNING:
self._logger.warning(msg) self._logger.warning(msg)
elif level == logging.ERROR: elif level == logging.ERROR:
self._logger.error(msg) self._logger.error(msg)
elif level == logging.CRITICAL: elif level == logging.CRITICAL:
self._logger.critical(msg) self._logger.critical(msg)
# Misconfigured level are high notifications # Misconfigured level are high notifications
else: else:
@ -402,5 +393,5 @@ def main(argv):
sys.stdout.write('\nBye! ;)\n') sys.stdout.write('\nBye! ;)\n')
if __name__ == '__main__': if __name__ == '__main__':
main(sys.argv) main(sys.argv)

7
requirements.txt
View File

@ -1,4 +1,3 @@
setuptools==45.2.0 setuptools==39.1.0
pyOpenSSL==19.1.0 pyOpenSSL==18.0.0
PyYAML==5.3.1 PyYAML==5.1
ipaddress==1.0.23