Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai
autoca
Commits
c378f69c
Commit
c378f69c
authored
Mar 14, 2014
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add a method to renew a CA certificate
parent
0bce6d0c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
21 deletions
+31
-21
autoca/ca.py
autoca/ca.py
+31
-21
No files found.
autoca/ca.py
View file @
c378f69c
...
...
@@ -20,6 +20,28 @@ class CA(object):
self
.
_init_ca
()
self
.
_load_crl
()
def
_generate_ca_cert
(
self
):
ca_req
=
certutil
.
create_cert_request
(
self
.
ca_key
,
**
(
self
.
ca_subject
))
self
.
ca_crt
=
certutil
.
sign_certificate
(
ca_req
,
self
.
ca_key
,
ca_req
,
1
,
3650
,
extensions
=
[
crypto
.
X509Extension
(
'basicConstraints'
,
True
,
'CA:TRUE, pathlen:0'
),
crypto
.
X509Extension
(
'keyUsage'
,
True
,
'keyCertSign, cRLSign'
),
#crypto.X509Extension('subjectKeyIdentifier', False,
# 'hash', subject=ca_req),
],
digest
=
self
.
digest
)
crt_str
=
crypto
.
dump_certificate
(
crypto
.
FILETYPE_PEM
,
self
.
ca_crt
)
self
.
storage
.
set_ca
(
crypto
.
dump_privatekey
(
crypto
.
FILETYPE_PEM
,
self
.
ca_key
),
crt_str
)
self
.
public_ca_pem
=
crt_str
def
_init_ca
(
self
):
key_str
,
crt_str
=
self
.
storage
.
get_ca
()
if
key_str
:
...
...
@@ -31,26 +53,14 @@ class CA(object):
else
:
log
.
info
(
'initializing CA certificate and private key'
)
self
.
ca_key
=
certutil
.
create_rsa_key_pair
(
self
.
bits
)
ca_req
=
certutil
.
create_cert_request
(
self
.
ca_key
,
**
(
self
.
ca_subject
))
self
.
ca_crt
=
certutil
.
sign_certificate
(
ca_req
,
self
.
ca_key
,
ca_req
,
1
,
3650
,
extensions
=
[
crypto
.
X509Extension
(
'basicConstraints'
,
True
,
'CA:TRUE, pathlen:0'
),
crypto
.
X509Extension
(
'keyUsage'
,
True
,
'keyCertSign, cRLSign'
),
#crypto.X509Extension('subjectKeyIdentifier', False,
# 'hash', subject=ca_req),
],
digest
=
self
.
digest
)
crt_str
=
crypto
.
dump_certificate
(
crypto
.
FILETYPE_PEM
,
self
.
ca_crt
)
self
.
storage
.
set_ca
(
crypto
.
dump_privatekey
(
crypto
.
FILETYPE_PEM
,
self
.
ca_key
),
crt_str
)
self
.
public_ca_pem
=
crt_str
self
.
_generate_ca_cert
()
def
renew_ca
(
self
):
if
not
self
.
ca_key
:
log
.
error
(
'CA private key not available'
)
return
log
.
info
(
'renewing CA certificate'
)
self
.
_generate_ca_cert
()
def
get_ca
(
self
):
return
self
.
public_ca_pem
...
...
@@ -77,7 +87,7 @@ class CA(object):
crypto
.
X509Extension
(
'extendedKeyUsage'
,
False
,
server
and
'serverAuth'
or
'clientAuth'
),
crypto
.
X509Extension
(
'nsCertType'
,
False
,
server
and
'server'
or
'client'
),
server
and
'
client,
server'
or
'client'
),
]
cert
=
certutil
.
sign_certificate
(
req
,
self
.
ca_key
,
self
.
ca_crt
,
new_serial
,
days
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment