[IMP] Some improvements

common.py

@@ -48,6 +48,12 @@ class TisPKI:
     def root_ca_keyfile():
         return os.path.join(TisPKI.pki_dir(),'private','root_ca.key')
 
+    def root_ca_crlfile():
+        return os.path.join(TisPKI.root_crl_path(),'root_ca.crl')
+
+    def root_ca_configfile():
+        return os.path.join(TisPKI.root_config_path(),'openssl_root_ca.ini')
+
     def root_keyout_path():
         return os.path.join(TisPKI.pki_dir(),'private')
 

dc_module.py

@@ -12,7 +12,7 @@
 
 # Maange DC Certificates
 
-from common import Printing, TisPKI, check_directories
+from common import Printing, TisPKI, check_directories, config
 
 import subprocess
 import jinja2

intermediate_module.py

@@ -12,7 +12,7 @@
 
 # Maange Intermediate CA
 
-from common import Printing, TisPKI, check_directories
+from common import Printing, TisPKI, check_directories, config
 
 import subprocess
 import jinja2

manage_pki.py

@@ -27,14 +27,16 @@ def main():
     root_group = parser.add_argument_group('Root CA options')
     root_group.add_argument('--create-root', dest="initialize", action="store_true", help="Create PKI")
     root_group.add_argument('--full-create', dest="full_initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name")
-    root_group.add_argument('--root-crl', dest='root_crl', help='Regenerate CRL for root CA')
+    root_group.add_argument('--root-crl', dest='root_crl', action="store_true", help='Regenerate CRL for root CA')
     root_group.add_argument('--root-show-certs','--root-show-certificates', dest="root_certs", help='List all certificates issues of root CA')
+    root_group.add_argument('--root-revoke', dest='root_revoke', help='Revoke an intermediate CA')
 
     intermediate_group = parser.add_argument_group('Intermediate CA options', 'Manage intermediate CA')
     intermediate_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.")
     intermediate_group.add_argument('--name', dest='intermediate_name', help='Specify what intermediate CA to manage')
     intermediate_group.add_argument('--crl', dest='intermediate_crl', help='Regenerate CRL for intermediate CA. Specify name with --name option.')
     intermediate_group.add_argument('--show-certs', '--show-certificates', dest='intermediate_list', help='List all certificates issues of intermediate CA. Specify name with --name option.')
+    intermediate_group.add_argument('--revoke-certs', dest='intermediate_revoke', help="Revoke certificate issue of an intermediate CA. Specify intermediate CA name with --name option")
 
     dc_cert = parser.add_argument_group('Domain Controler options', 'Manage DC certificates')
     dc_cert.add_argument('--dc-cert', dest="dc_cert", action="store_true", help="Create a DC certificate. Specify intermediate CA name with --name option. \
@@ -50,21 +52,33 @@ def main():
 
     args = parser.parse_args()
 
+    # Root CA
     if args.initialize:
         create_openssl_config(force=args.force,verbose=args.verbose)
 
+    if args.root_crl:
+        generate_root_crl(verbose=args.verbose)
+
+
+    # Intermediate CA
     if args.create_intermediate:
         if not args.intermediate_name:
             print('Add --name to create intermediate CA')
         else:
             create_openssl_intermediate(args.intermediate_name,args.force,args.verbose)
 
+
+    # DC certificates
     if args.dc_cert:
         if not args.dc_name or not args.intermediate_name:
             print('Add --dc-name or --name with this command')
         else:
             generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose)
 
+    # User certificates
+
+
+    # Other
     if args.full_initialize:
         if not args.dc_name or not args.intermediate_name:
             print('Add --dc-name or --name with this command')

root_module.py

@@ -10,9 +10,9 @@
 # Licence:     <your licence>
 #-------------------------------------------------------------------------------
 
-# Maange Root CA
+# Manage Root CA
 
-from common import Printing, TisPKI, check_directories
+from common import Printing, TisPKI, check_directories, config
 
 import subprocess
 import jinja2
@@ -88,4 +88,16 @@ def create_openssl_config(force=False,verbose=False):
                 os.remove(TisPKI.root_ca_keyfile())
                 create_openssl_config(force,verbose)
     else:
-        Printing.warning('Root CA private key and certificate already exist. Skip.')
+        Printing.warning('Root CA private key and certificate already exist. Skip.')
+
+
+def generate_root_crl(verbose=False):
+    Printing.information('Generate CRL for Root CA')
+
+    root_ca_sign_intermediate = os.path.join(TisPKI.root_config_path(),'openssl_root_ca_sign_intermediate.ini')
+
+    gen_crl = subprocess.run(f'openssl ca -config {root_ca_sign_intermediate} -gencrl -out {TisPKI.root_ca_crlfile()}',shell=True)
+    if gen_crl.returncode == 0:
+        Printing.success(f'CRL successfuly generated in : {TisPKI.root_ca_crlfile()}')
+    else:
+        Printing.error('Unable to generate CRL')

user_module.py

@@ -10,9 +10,9 @@
 # Licence:     <your licence>
 #-------------------------------------------------------------------------------
 
-# Maange Users Certificates
+# Manage Users Certificates
 
-from common import Printing, TisPKI, check_directories
+from common import Printing, TisPKI, check_directories, config
 
 import subprocess
 import jinja2