[IMP] More explicit variables

common.py

@@ -26,22 +26,22 @@ class TisPKI:
     def root_ca_keyfile():
         return os.path.join(TisPKI.pki_dir(),'private','root_ca.key')
 
-    def keyout_path():
+    def root_keyout_path():
         return os.path.join(TisPKI.pki_dir(),'private')
 
-    def csr_path():
+    def root_csr_path():
         return os.path.join(TisPKI.pki_dir(),'csr')
 
-    def cert_path():
+    def root_cert_path():
         return os.path.join(TisPKI.pki_dir(),'certs')
 
-    def p12_path():
+    def root_p12_path():
         return os.path.join(TisPKI.pki_dir(),'p12')
 
-    def config_path():
+    def root_config_path():
         return os.path.join(TisPKI.pki_dir(),'config')
 
-    def crl_path():
+    def root_crl_path():
         return os.path.join(TisPKI.pki_dir(),'crl')
 
 
@@ -228,13 +228,13 @@ def generate_dc_certificate():
             crl_uri = config.get('openssl_config','intermediate_crl_uri')
             pki_dir = TisPKI.pki_intermediate_dir()
         else:
-            dc_certfile = os.path.join(TisPKI.cert_path(),f'{dc}.crt')
-            dc_keyfile = os.path.join(TisPKI.keyout_path(),f'{dc}.key')
-            dc_csrfile = os.path.join(TisPKI.csr_path(),f'{dc}.csr')
-            dc_openssl_configfile = os.path.join(TisPKI.config_path(),f'openssl_{dc}.ini')
-            crl_file = os.path.join(TisPKI.crl_path(),'root_ca.crl')
-            dc_ca_keyfile = os.path.join(TisPKI.keyout_path(),'root_ca.key')
-            dc_ca_certfile = os.path.join(TisPKI.cert_path(),'root_ca.crt')
+            dc_certfile = os.path.join(TisPKI.root_cert_path(),f'{dc}.crt')
+            dc_keyfile = os.path.join(TisPKI.root_keyout_path(),f'{dc}.key')
+            dc_csrfile = os.path.join(TisPKI.root_csr_path(),f'{dc}.csr')
+            dc_openssl_configfile = os.path.join(TisPKI.root_config_path(),f'openssl_{dc}.ini')
+            crl_file = os.path.join(TisPKI.root_crl_path(),'root_ca.crl')
+            dc_ca_keyfile = os.path.join(TisPKI.root_keyout_path(),'root_ca.key')
+            dc_ca_certfile = os.path.join(TisPKI.root_cert_path(),'root_ca.crt')
             crl_uri = config.get('openssl_config','crl_uri')
             pki_dir = TisPKI.pki_dir()
 
@@ -305,12 +305,12 @@ def generate_user_certificate():
         emailAddress = upn
         commonName = username
     else:
-        crl_file = os.path.join(TisPKI.crl_path(),'root_ca.crl')
-        dc_ca_keyfile = os.path.join(TisPKI.keyout_path(),'root_ca.key')
-        dc_ca_certfile = os.path.join(TisPKI.cert_path(),'root_ca.crt')
+        crl_file = os.path.join(TisPKI.root_crl_path(),'root_ca.crl')
+        dc_ca_keyfile = os.path.join(TisPKI.root_keyout_path(),'root_ca.key')
+        dc_ca_certfile = os.path.join(TisPKI.root_cert_path(),'root_ca.crt')
         crl_uri = config.get('openssl_config','crl_uri')
         pki_dir = TisPKI.pki_dir()
-        openssl_user_file = os.path.join(TisPKI.config_path(),'openssl_user.ini')
+        openssl_user_file = os.path.join(TisPKI.root_config_path(),'openssl_user.ini')
         emailAddress = upn
         commonName = username
 
@@ -345,17 +345,17 @@ def generate_user_certificate():
 
 
     print(f'Generate private key for {upn}')
-    print(subprocess.run(f"openssl req -new -newkey rsa:{default_bits_user} -keyout {TisPKI.keyout_path()}/{username}.key -out {TisPKI.csr_path()}/{username}.csr -config <(cat {openssl_user_file} <(cat <<-EOF\n[ sanuser ]\notherName=msUPN;UTF8:{upn}\nemail=copy\nEOF\n)\n)",shell=True,check=True, executable='/bin/bash'))
+    print(subprocess.run(f"openssl req -new -newkey rsa:{default_bits_user} -keyout {TisPKI.root_keyout_path()}/{username}.key -out {TisPKI.root_csr_path()}/{username}.csr -config <(cat {openssl_user_file} <(cat <<-EOF\n[ sanuser ]\notherName=msUPN;UTF8:{upn}\nemail=copy\nEOF\n)\n)",shell=True,check=True, executable='/bin/bash'))
 
     print(f'Sign certificate')
-    print(subprocess.run(f'openssl ca -extensions usr_cert_scarduser -days 730 -notext -md sha512 -create_serial -in {TisPKI.csr_path()}/{username}.csr -out {TisPKI.cert_path()}/{username}.crt -config <(cat {openssl_user_file} <(cat <<-EOF\n[ sanuser ]\notherName=msUPN;UTF8:{upn}\nemail=copy\nEOF\n)\n)',shell=True,check=True, executable='/bin/bash'))
+    print(subprocess.run(f'openssl ca -extensions usr_cert_scarduser -days 730 -notext -md sha512 -create_serial -in {TisPKI.root_csr_path()}/{username}.csr -out {TisPKI.root_cert_path()}/{username}.crt -config <(cat {openssl_user_file} <(cat <<-EOF\n[ sanuser ]\notherName=msUPN;UTF8:{upn}\nemail=copy\nEOF\n)\n)',shell=True,check=True, executable='/bin/bash'))
 
 
     print('Remove password in rsa key')
-    print(subprocess.run(f'openssl rsa -in {TisPKI.keyout_path()}/{username}.key -out {TisPKI.keyout_path()}/{username}-nopasswd.key',shell=True,check=True, executable='/bin/bash'))
+    print(subprocess.run(f'openssl rsa -in {TisPKI.root_keyout_path()}/{username}.key -out {TisPKI.root_keyout_path()}/{username}-nopasswd.key',shell=True,check=True, executable='/bin/bash'))
 
     print('Create p12')
-    print(subprocess.run(f'openssl pkcs12 -export -inkey {TisPKI.keyout_path()}/{username}-nopasswd.key -in {TisPKI.cert_path()}/{username}.crt -out {TisPKI.p12_path()}/{username}.p12', shell=True,check=True, executable='/bin/bash'))
+    print(subprocess.run(f'openssl pkcs12 -export -inkey {TisPKI.root_keyout_path()}/{username}-nopasswd.key -in {TisPKI.root_cert_path()}/{username}.crt -out {TisPKI.root_p12_path()}/{username}.p12', shell=True,check=True, executable='/bin/bash'))
 
 
 def main():

manage_pki.py

@@ -16,13 +16,13 @@ from common import *
 def main():
     parser = OptionParser()
 
-    parser.add_option('--init', dest="init", action="store_false", help="Create PKI")
-    parser.add_option('--create-intermediate', dest="create_intermediate", action="store_false", help="Create an intermediate CA")
-    parser.add_option('--create-dc-cert', dest="create_dc_cert", action="store_false", help="Create a certificat for a Domain Controler")
+    parser.add_option('--initialize', dest="initialize", action="store_true", help="Create PKI")
+    parser.add_option('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA")
+    parser.add_option('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler")
 
     (options, args) = parser.parse_args()
 
-    if options.init:
+    if options.initialize:
         create_openssl_config()