[IMP] Add create intermediate_ca

common.py

@@ -7,6 +7,7 @@ import configparser
 import sys
 from colorama import Fore, Style
 import shutil
+import time
 
 config = configparser.ConfigParser()
 config.read('samba-pki-tools.ini')
@@ -70,8 +71,8 @@ class TisPKI:
         if config.getboolean('openssl_config','create_intermediate'):
             return True
 
-    def pki_intermediate_dir():
-        return os.path.join(config.get('general','pki_dir'),'intermediate_ca')
+    def pki_intermediate_dir(name):
+        return os.path.join(config.get('general','pki_dir'),f'{name}_intermediate_ca')
 
     def intermediate_ca_certfile():
         return os.path.join(TisPKI.pki_intermediate_dir(),'certs','intermediate_ca.crt')
@@ -123,9 +124,10 @@ def create_openssl_config(force=False,verbose=False):
     if force:
         Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
         Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
-        destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" .')
+        destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" : ')
         if destroy == 'I want to remove all my PKI':
             Printing.information('OK, too late ! Destroying your PKI !')
+            time.sleep(1)
             shutil.rmtree(TisPKI.pki_dir(), ignore_errors=True)
 
     Printing.information('Check Root CA OpenSSL Config')
@@ -184,13 +186,25 @@ def create_openssl_config(force=False,verbose=False):
         Printing.warning('Root CA private key and certificate already exist. Skip.')
 
 
-def create_openssl_intermediate():
-    print('Create intermediate CA')
-    check_directories(TisPKI.pki_intermediate_dir())
-    intermediate_ca_config = os.path.join(TisPKI.pki_intermediate_dir(),'config','create_intermediate_ca.ini')
-    intermediate_ca_keyfile = os.path.join(TisPKI.pki_intermediate_dir(),'private','intermediate_ca.key')
-    crl_file = os.path.join(TisPKI.pki_intermediate_dir(),'crl','intermediate_ca.crl')
-    root_ca_sign_intermediate = os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca_sign_intermediate.ini')
+def create_openssl_intermediate(name, force=False,verbose=False):
+
+##    if force:
+##        Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
+##        Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
+##        destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" : ')
+##        if destroy == 'I want to remove all my PKI':
+##            Printing.information('OK, too late ! Destroying your PKI !')
+##            time.sleep(1)
+##            shutil.rmtree(TisPKI.pki_dir(), ignore_errors=True)
+
+
+    Printing.information(f'Create intermediate CA {name} ')
+
+    check_directories(path=TisPKI.pki_intermediate_dir(name),verbose=verbose)
+    intermediate_ca_config = os.path.join(TisPKI.intermediate_config_path(),'create_intermediate_ca.ini')
+    intermediate_ca_keyfile = os.path.join(TisPKI.intermediate_keyout_path(),'intermediate_ca.key')
+    intermediate_crl_file = os.path.join(TisPKI.intermediate_crl_path(),'intermediate_ca.crl')
+    root_ca_sign_intermediate = os.path.join(TisPKI.root_config_path(),'openssl_root_ca_sign_intermediate.ini')
 
     if not os.path.isfile(root_ca_sign_intermediate):
         if TisPKI.intermediate_ca:
@@ -249,9 +263,9 @@ def create_openssl_intermediate():
     else:
         print('Intermediate CA private key and certificate already exist. Skip.')
 
-##    if not os.path.isfile(crl_file):
+##    if not os.path.isfile(intermediate_crl_file):
 ##        print('Generate CRL')
-##        subprocess.run(f'openssl ca -config {intermediate_ca_config} -gencrl -out {crl_file}',shell=True)
+##        subprocess.run(f'openssl ca -config {intermediate_ca_config} -gencrl -out {intermediate_crl_file}',shell=True)
 
 
 def generate_dc_certificate():