[IMP] Add create intermediate_ca

common.py

@@ -7,6 +7,7 @@ import configparser
 import sys
 from colorama import Fore, Style
 import shutil
+import time
 
 config = configparser.ConfigParser()
 config.read('samba-pki-tools.ini')
@@ -70,8 +71,8 @@ class TisPKI:
         if config.getboolean('openssl_config','create_intermediate'):
             return True
 
-    def pki_intermediate_dir():
+    def pki_intermediate_dir(name):
-        return os.path.join(config.get('general','pki_dir'),'intermediate_ca')
+        return os.path.join(config.get('general','pki_dir'),f'{name}_intermediate_ca')
 
     def intermediate_ca_certfile():
         return os.path.join(TisPKI.pki_intermediate_dir(),'certs','intermediate_ca.crt')
@@ -123,9 +124,10 @@ def create_openssl_config(force=False,verbose=False):
     if force:
         Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
         Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
-        destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" .')
+        destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" : ')
         if destroy == 'I want to remove all my PKI':
             Printing.information('OK, too late ! Destroying your PKI !')
+            time.sleep(1)
             shutil.rmtree(TisPKI.pki_dir(), ignore_errors=True)
 
     Printing.information('Check Root CA OpenSSL Config')
@@ -184,13 +186,25 @@ def create_openssl_config(force=False,verbose=False):
         Printing.warning('Root CA private key and certificate already exist. Skip.')
 
 
-def create_openssl_intermediate():
+def create_openssl_intermediate(name, force=False,verbose=False):
-    print('Create intermediate CA')
+
-    check_directories(TisPKI.pki_intermediate_dir())
+##    if force:
-    intermediate_ca_config = os.path.join(TisPKI.pki_intermediate_dir(),'config','create_intermediate_ca.ini')
+##        Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
-    intermediate_ca_keyfile = os.path.join(TisPKI.pki_intermediate_dir(),'private','intermediate_ca.key')
+##        Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
-    crl_file = os.path.join(TisPKI.pki_intermediate_dir(),'crl','intermediate_ca.crl')
+##        destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" : ')
-    root_ca_sign_intermediate = os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca_sign_intermediate.ini')
+##        if destroy == 'I want to remove all my PKI':
+##            Printing.information('OK, too late ! Destroying your PKI !')
+##            time.sleep(1)
+##            shutil.rmtree(TisPKI.pki_dir(), ignore_errors=True)
+
+
+    Printing.information(f'Create intermediate CA {name} ')
+
+    check_directories(path=TisPKI.pki_intermediate_dir(name),verbose=verbose)
+    intermediate_ca_config = os.path.join(TisPKI.intermediate_config_path(),'create_intermediate_ca.ini')
+    intermediate_ca_keyfile = os.path.join(TisPKI.intermediate_keyout_path(),'intermediate_ca.key')
+    intermediate_crl_file = os.path.join(TisPKI.intermediate_crl_path(),'intermediate_ca.crl')
+    root_ca_sign_intermediate = os.path.join(TisPKI.root_config_path(),'openssl_root_ca_sign_intermediate.ini')
 
     if not os.path.isfile(root_ca_sign_intermediate):
         if TisPKI.intermediate_ca:
@@ -249,9 +263,9 @@ def create_openssl_intermediate():
     else:
         print('Intermediate CA private key and certificate already exist. Skip.')
 
-##    if not os.path.isfile(crl_file):
+##    if not os.path.isfile(intermediate_crl_file):
 ##        print('Generate CRL')
-##        subprocess.run(f'openssl ca -config {intermediate_ca_config} -gencrl -out {crl_file}',shell=True)
+##        subprocess.run(f'openssl ca -config {intermediate_ca_config} -gencrl -out {intermediate_crl_file}',shell=True)
 
 
 def generate_dc_certificate():

manage_pki.py

@@ -10,28 +10,46 @@
 #-------------------------------------------------------------------------------
 
 from optparse import OptionParser, OptionGroup
+from argparse import ArgumentParser
 
 from common import *
 
 def main():
-    parser = OptionParser()
 
-    parser.add_option('--initialize', dest="initialize", action="store_true", help="Create PKI")
+    usage = 'Usage : '
-    parser.add_option('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA")
+    parser = ArgumentParser(prog='Samba PKI Tools',
-    parser.add_option('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler")
+        description='Manage PKI for Samba')
 
-    dangerous_group = OptionGroup(parser,'Dangerous options', "Caution: use these options at your own risk.")
+    create_group = parser.add_argument_group('Create options')
-    dangerous_group.add_option('-f', '--force', dest="force", action="store_true", help="Force reinitialize PKI. VERY DANGEROUS")
+    create_group.add_argument('--initialize', dest="initialize", action="store_true", help="Create PKI")
-    parser.add_option_group(dangerous_group)
+    create_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.")
+    create_group.add_argument('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler")
 
-    debug_group = OptionGroup(parser, 'Debug options', 'Get more information to debug')
+    root_group = parser.add_argument_group('Root CA options')
-    debug_group.add_option('-v', '--verbose', dest="verbose", action="store_true", help="Print all command")
+    root_group.add_argument('--root-crl', dest='root_crl', help='Regenerate CRL for root CA')
-    parser.add_option_group(debug_group)
+    root_group.add_argument('--root-show-certs','--root-show-certificates', dest="root_certs", help='List all certificates issues of root CA')
 
-    (options, args) = parser.parse_args()
+    intermediate_group = parser.add_argument_group('Intermediate CA options', 'Manage intermediate CA')
+    intermediate_group.add_argument('--name', dest='intermediate_name', help='Specify what intermediate CA to manage')
+    intermediate_group.add_argument('--crl', dest='intermediate_crl', help='Regenerate CRL for intermediate CA')
+    intermediate_group.add_argument('--show-certs', '--show-certificates', dest='intermediate_list', help='List all certificates issues of intermediate CA')
 
-    if options.initialize:
+    dangerous_group = parser.add_argument_group('Dangerous options', "Caution: use these options at your own risk.")
-        create_openssl_config(force=options.force,verbose=options.verbose)
+    dangerous_group.add_argument('-f', '--force', dest="force", action="store_true", help="Force reinitialize PKI. VERY DANGEROUS")
+
+    debug_group = parser.add_argument_group('Debug options')
+    debug_group.add_argument('-v', '--verbose', dest="verbose", action="store_true", help="Print all command")
+
+    args = parser.parse_args()
+
+    if args.initialize:
+        create_openssl_config(force=args.force,verbose=args.verbose)
+
+    if args.create_intermediate:
+        if not args.intermediate_name:
+            print('Add --name to create intermediate CA')
+        else:
+            create_openssl_intermediate(args.intermediate_name,args.force,args.verbose)
 
 
 if __name__ == '__main__':