newca.py 1.9 KB
Newer Older
ale's avatar
ale committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

import os, logging
from utils import *
from templates import *
from cfg import *


def newca():

    conf_file = os.path.join(ca_base, 'conf/ca.conf')
    ca_file = os.path.join(ca_base, 'public/ca.pem')
    ca_dsa_file = os.path.join(ca_base, 'public/ca-dsa.tmp')
    ca_key_file = os.path.join(ca_base, 'private/ca.key')
    ca_dsa_key_file = os.path.join(ca_base, 'private/ca-dsa.key')
    ca_csr_file = os.path.join(ca_base, 'newcerts/ca.csr')
    ca_dsa_csr_file = os.path.join(ca_base, 'newcerts/ca-dsa.csr')
    dsa_parms_file = os.path.join(ca_base, 'private/ca.dsap')

    serial_file = os.path.join(ca_base, 'serial')
    index_file = os.path.join(ca_base, 'index')
    if not os.path.exists(serial_file):
	open(serial_file, 'w').write('01')
    if not os.path.exists(index_file):
	open(index_file, 'w').close()

    template(conf_file, 
	     openssl_conf_template,
	     dict(
	    ca_dir = ca_base,
	    default_days = ca['default_days'],
	    country = ca['country'],
	    org = ca['org'],
	    ou = ca.get('ou', ''),
	    cn = ca['name'],
	    email = ca['email']))
    if not os.path.exists(dsa_parms_file):
	openssl('dsaparam', '-out', dsa_parms_file, '1024')
	logging.info('generated CA DSA parameters')
    if not os.path.exists(ca_file):
	openssl('req', '-new', '-keyout', ca_key_file, 
		'-config', conf_file, '-batch',
		'-out', ca_csr_file)
	openssl('req', '-new', '-newkey', 'dsa:' + dsa_parms_file,
		'-config', conf_file, '-batch',
		'-keyout', ca_dsa_key_file,
		'-out', ca_dsa_csr_file)
	openssl('ca', 
		'-config', conf_file, '-batch',
		'-keyfile', ca_key_file,
50
		'-extensions', 'v3_ca', 
ale's avatar
ale committed
51 52 53 54 55
		'-out', ca_file,
		'-infiles', ca_csr_file)
	openssl('ca', 
		'-config', conf_file, '-batch',
		'-keyfile', ca_dsa_key_file,
56
		'-extensions', 'v3_ca',
ale's avatar
ale committed
57 58 59 60 61 62
		'-out', ca_dsa_file,
		'-infiles', ca_dsa_csr_file)
	open(ca_file, 'a').write(open(ca_dsa_file, 'r').read())
	os.remove(ca_dsa_file)
	logging.info('created CA certificates')