blob: dee0fd52989e2e878c9be2e6fbca951e58b9dedf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#!/usr/bin/python -tt
import sys
import os
import os.path
from OpenSSL import crypto
import socket
def_country = 'UN'
def_state = 'FC'
def_local = 'Func-ytown'
def_org = 'func'
def_ou = 'slave-key'
cert_dir = '/home/skvidal/tmp/t'
key_file = '%s/slave.pem' % cert_dir
csr_file = '%s/slave.csr' % cert_dir
def make_cert(dest=None):
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
if dest:
destfo = open(dest, 'w')
destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
destfo.close()
return pkey
def make_csr(pkey, dest=None, cn=None):
req = crypto.X509Req()
req.get_subject()
subj = req.get_subject()
subj.C = def_country
subj.ST = def_state
subj.L = def_local
subj.O = def_org
subj.OU = def_ou
if cn:
subj.CN = cn
else:
subj.CN = socket.getfqdn()
subj.emailAddress = 'root@%s' % subj.CN
req.set_pubkey(pkey)
req.sign(pkey, 'md5')
if dest:
destfo = open(dest, 'w')
destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
destfo.close()
return req
def retrieve_key_from_file(keyfile):
fo = open(keyfile, 'r')
buf = fo.read()
keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf)
return keypair
def main():
keypair = None
try:
if not os.path.exists(cert_dir):
os.makedirs(cert_dir)
if not os.path.exists(key_file):
keypair = make_cert(dest=key_file)
if not os.path.exists(csr_file):
if not keypair:
keypair = retrieve_key_from_file(key_file)
csr = make_csr(keypair, dest=csr_file)
except:
return 1
return 0
if __name__ == "__main__":
sys.exit(main())
|