Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
autoca
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
ai
autoca
Commits
c378f69c
Commit
c378f69c
authored
Mar 14, 2014
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add a method to renew a CA certificate
parent
0bce6d0c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
21 deletions
+31
-21
autoca/ca.py
autoca/ca.py
+31
-21
No files found.
autoca/ca.py
View file @
c378f69c
...
...
@@ -20,6 +20,28 @@ class CA(object):
self
.
_init_ca
()
self
.
_load_crl
()
def
_generate_ca_cert
(
self
):
ca_req
=
certutil
.
create_cert_request
(
self
.
ca_key
,
**
(
self
.
ca_subject
))
self
.
ca_crt
=
certutil
.
sign_certificate
(
ca_req
,
self
.
ca_key
,
ca_req
,
1
,
3650
,
extensions
=
[
crypto
.
X509Extension
(
'basicConstraints'
,
True
,
'CA:TRUE, pathlen:0'
),
crypto
.
X509Extension
(
'keyUsage'
,
True
,
'keyCertSign, cRLSign'
),
#crypto.X509Extension('subjectKeyIdentifier', False,
# 'hash', subject=ca_req),
],
digest
=
self
.
digest
)
crt_str
=
crypto
.
dump_certificate
(
crypto
.
FILETYPE_PEM
,
self
.
ca_crt
)
self
.
storage
.
set_ca
(
crypto
.
dump_privatekey
(
crypto
.
FILETYPE_PEM
,
self
.
ca_key
),
crt_str
)
self
.
public_ca_pem
=
crt_str
def
_init_ca
(
self
):
key_str
,
crt_str
=
self
.
storage
.
get_ca
()
if
key_str
:
...
...
@@ -31,26 +53,14 @@ class CA(object):
else
:
log
.
info
(
'initializing CA certificate and private key'
)
self
.
ca_key
=
certutil
.
create_rsa_key_pair
(
self
.
bits
)
ca_req
=
certutil
.
create_cert_request
(
self
.
ca_key
,
**
(
self
.
ca_subject
))
self
.
ca_crt
=
certutil
.
sign_certificate
(
ca_req
,
self
.
ca_key
,
ca_req
,
1
,
3650
,
extensions
=
[
crypto
.
X509Extension
(
'basicConstraints'
,
True
,
'CA:TRUE, pathlen:0'
),
crypto
.
X509Extension
(
'keyUsage'
,
True
,
'keyCertSign, cRLSign'
),
#crypto.X509Extension('subjectKeyIdentifier', False,
# 'hash', subject=ca_req),
],
digest
=
self
.
digest
)
crt_str
=
crypto
.
dump_certificate
(
crypto
.
FILETYPE_PEM
,
self
.
ca_crt
)
self
.
storage
.
set_ca
(
crypto
.
dump_privatekey
(
crypto
.
FILETYPE_PEM
,
self
.
ca_key
),
crt_str
)
self
.
public_ca_pem
=
crt_str
self
.
_generate_ca_cert
()
def
renew_ca
(
self
):
if
not
self
.
ca_key
:
log
.
error
(
'CA private key not available'
)
return
log
.
info
(
'renewing CA certificate'
)
self
.
_generate_ca_cert
()
def
get_ca
(
self
):
return
self
.
public_ca_pem
...
...
@@ -77,7 +87,7 @@ class CA(object):
crypto
.
X509Extension
(
'extendedKeyUsage'
,
False
,
server
and
'serverAuth'
or
'clientAuth'
),
crypto
.
X509Extension
(
'nsCertType'
,
False
,
server
and
'server'
or
'client'
),
server
and
'
client,
server'
or
'client'
),
]
cert
=
certutil
.
sign_certificate
(
req
,
self
.
ca_key
,
self
.
ca_crt
,
new_serial
,
days
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment