diff --git a/common.py b/common.py index 0328092..2f0826a 100644 --- a/common.py +++ b/common.py @@ -72,10 +72,11 @@ class TisPKI: return True def pki_intermediate_dir(name): + name = name.replace(' ','_') return os.path.join(config.get('general','pki_dir'),f'{name}_intermediate_ca') - def intermediate_ca_certfile(name): - return os.path.join(TisPKI.pki_intermediate_dir(name),'certs','intermediate_ca.crt') + def intermediate_cert_path(name): + return os.path.join(TisPKI.pki_intermediate_dir(name),'certs') def intermediate_keyout_path(name): return os.path.join(TisPKI.pki_intermediate_dir(name),'private') @@ -83,9 +84,6 @@ class TisPKI: def intermediate_csr_path(name): return os.path.join(TisPKI.pki_intermediate_dir(name),'csr') - def intermediate_cert_path(name): - return os.path.join(TisPKI.pki_intermediate_dir(name),'certs') - def intermediate_p12_path(name): return os.path.join(TisPKI.pki_intermediate_dir(name),'p12') @@ -95,13 +93,21 @@ class TisPKI: def intermediate_crl_path(name): return os.path.join(TisPKI.pki_intermediate_dir(name),'crl') + def intermediate_ca_certfile(name): + name = name.replace(' ','_') + return os.path.join(TisPKI.intermediate_cert_path(name),f'{name}_intermediate_ca.crt') + + def intermediate_ca_keyfile(name): + name = name.replace(' ','_') + return os.path.join(TisPKI.intermediate_keyout_path(name),f'{name}_intermediate_ca.key') + def check_directories(path,verbose=False): if verbose: Printing.information('Check directories') - directories_list = ['certs','config','crl','newcerts','private','csr','crl','p12'] + directories_list = ['certs','config','crl','private','csr','p12'] if not os.path.isdir(path): if verbose: @@ -202,7 +208,6 @@ def create_openssl_intermediate(name, force=False,verbose=False): check_directories(path=TisPKI.pki_intermediate_dir(name),verbose=verbose) intermediate_ca_config = os.path.join(TisPKI.intermediate_config_path(name),'create_intermediate_ca.ini') - intermediate_ca_keyfile = os.path.join(TisPKI.intermediate_keyout_path(name),f'{name}_intermediate_ca.key') intermediate_crl_file = os.path.join(TisPKI.intermediate_crl_path(name),f'{name}_intermediate_ca.crl') root_ca_sign_intermediate = os.path.join(TisPKI.root_config_path(),'openssl_root_ca_sign_intermediate.ini') @@ -248,9 +253,9 @@ def create_openssl_intermediate(name, force=False,verbose=False): else: Printing.information('Intermediate CA OpenSSL config already exist. Skip.') - if not os.path.isfile(intermediate_ca_keyfile) and not os.path.isfile(TisPKI.intermediate_ca_certfile(name)): + if not os.path.isfile(TisPKI.intermediate_ca_keyfile()) and not os.path.isfile(TisPKI.intermediate_ca_certfile(name)): Printing.information('Generate Intermediate CA private key and CSR') - gen_intermediate_ca = subprocess.run(f'/usr/bin/openssl req -config {intermediate_ca_config} -new -sha512 -keyout {intermediate_ca_keyfile} -out {TisPKI.intermediate_csr_path(name)}/{name}_intermediate_ca.csr', shell=True, check=True, executable='/bin/bash') + gen_intermediate_ca = subprocess.run(f'/usr/bin/openssl req -config {intermediate_ca_config} -new -sha512 -keyout {TisPKI.intermediate_ca_keyfile()} -out {TisPKI.intermediate_csr_path(name)}/{name}_intermediate_ca.csr', shell=True, check=True, executable='/bin/bash') Printing.information('Sign Intermediate CA with Root CA') sign_intermediate_ca = subprocess.run(f"/usr/bin/openssl ca -config {os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca_sign_intermediate.ini')} -extensions v3_intermediate_ca -days 1825 -notext -md sha512 -create_serial -in {TisPKI.intermediate_csr_path(name)}/{name}_intermediate_ca.csr -out {TisPKI.intermediate_ca_certfile(name)}", shell=True, check=True, executable='/bin/bash' ) if sign_intermediate_ca.returncode == 0: