From 61d50ec61e51405a477cfcd6dfca026fb3e3faa7 Mon Sep 17 00:00:00 2001 From: Kevin Guerineau Date: Fri, 10 May 2024 17:31:59 +0200 Subject: [PATCH] [IMP] Some improvements --- common.py | 6 ++++++ dc_module.py | 2 +- intermediate_module.py | 2 +- manage_pki.py | 16 +++++++++++++++- root_module.py | 18 +++++++++++++++--- user_module.py | 4 ++-- 6 files changed, 40 insertions(+), 8 deletions(-) diff --git a/common.py b/common.py index 0f08c25..bc70493 100644 --- a/common.py +++ b/common.py @@ -48,6 +48,12 @@ class TisPKI: def root_ca_keyfile(): return os.path.join(TisPKI.pki_dir(),'private','root_ca.key') + def root_ca_crlfile(): + return os.path.join(TisPKI.root_crl_path(),'root_ca.crl') + + def root_ca_configfile(): + return os.path.join(TisPKI.root_config_path(),'openssl_root_ca.ini') + def root_keyout_path(): return os.path.join(TisPKI.pki_dir(),'private') diff --git a/dc_module.py b/dc_module.py index e6e5579..94cec46 100644 --- a/dc_module.py +++ b/dc_module.py @@ -12,7 +12,7 @@ # Maange DC Certificates -from common import Printing, TisPKI, check_directories +from common import Printing, TisPKI, check_directories, config import subprocess import jinja2 diff --git a/intermediate_module.py b/intermediate_module.py index 25405a7..b2bc569 100644 --- a/intermediate_module.py +++ b/intermediate_module.py @@ -12,7 +12,7 @@ # Maange Intermediate CA -from common import Printing, TisPKI, check_directories +from common import Printing, TisPKI, check_directories, config import subprocess import jinja2 diff --git a/manage_pki.py b/manage_pki.py index 2fc0937..ffb274b 100644 --- a/manage_pki.py +++ b/manage_pki.py @@ -27,14 +27,16 @@ def main(): root_group = parser.add_argument_group('Root CA options') root_group.add_argument('--create-root', dest="initialize", action="store_true", help="Create PKI") root_group.add_argument('--full-create', dest="full_initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name") - root_group.add_argument('--root-crl', dest='root_crl', help='Regenerate CRL for root CA') + root_group.add_argument('--root-crl', dest='root_crl', action="store_true", help='Regenerate CRL for root CA') root_group.add_argument('--root-show-certs','--root-show-certificates', dest="root_certs", help='List all certificates issues of root CA') + root_group.add_argument('--root-revoke', dest='root_revoke', help='Revoke an intermediate CA') intermediate_group = parser.add_argument_group('Intermediate CA options', 'Manage intermediate CA') intermediate_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.") intermediate_group.add_argument('--name', dest='intermediate_name', help='Specify what intermediate CA to manage') intermediate_group.add_argument('--crl', dest='intermediate_crl', help='Regenerate CRL for intermediate CA. Specify name with --name option.') intermediate_group.add_argument('--show-certs', '--show-certificates', dest='intermediate_list', help='List all certificates issues of intermediate CA. Specify name with --name option.') + intermediate_group.add_argument('--revoke-certs', dest='intermediate_revoke', help="Revoke certificate issue of an intermediate CA. Specify intermediate CA name with --name option") dc_cert = parser.add_argument_group('Domain Controler options', 'Manage DC certificates') dc_cert.add_argument('--dc-cert', dest="dc_cert", action="store_true", help="Create a DC certificate. Specify intermediate CA name with --name option. \ @@ -50,21 +52,33 @@ def main(): args = parser.parse_args() + # Root CA if args.initialize: create_openssl_config(force=args.force,verbose=args.verbose) + if args.root_crl: + generate_root_crl(verbose=args.verbose) + + + # Intermediate CA if args.create_intermediate: if not args.intermediate_name: print('Add --name to create intermediate CA') else: create_openssl_intermediate(args.intermediate_name,args.force,args.verbose) + + # DC certificates if args.dc_cert: if not args.dc_name or not args.intermediate_name: print('Add --dc-name or --name with this command') else: generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose) + # User certificates + + + # Other if args.full_initialize: if not args.dc_name or not args.intermediate_name: print('Add --dc-name or --name with this command') diff --git a/root_module.py b/root_module.py index e6f707e..741f85d 100644 --- a/root_module.py +++ b/root_module.py @@ -10,9 +10,9 @@ # Licence: #------------------------------------------------------------------------------- -# Maange Root CA +# Manage Root CA -from common import Printing, TisPKI, check_directories +from common import Printing, TisPKI, check_directories, config import subprocess import jinja2 @@ -88,4 +88,16 @@ def create_openssl_config(force=False,verbose=False): os.remove(TisPKI.root_ca_keyfile()) create_openssl_config(force,verbose) else: - Printing.warning('Root CA private key and certificate already exist. Skip.') \ No newline at end of file + Printing.warning('Root CA private key and certificate already exist. Skip.') + + +def generate_root_crl(verbose=False): + Printing.information('Generate CRL for Root CA') + + root_ca_sign_intermediate = os.path.join(TisPKI.root_config_path(),'openssl_root_ca_sign_intermediate.ini') + + gen_crl = subprocess.run(f'openssl ca -config {root_ca_sign_intermediate} -gencrl -out {TisPKI.root_ca_crlfile()}',shell=True) + if gen_crl.returncode == 0: + Printing.success(f'CRL successfuly generated in : {TisPKI.root_ca_crlfile()}') + else: + Printing.error('Unable to generate CRL') diff --git a/user_module.py b/user_module.py index d878241..76a6867 100644 --- a/user_module.py +++ b/user_module.py @@ -10,9 +10,9 @@ # Licence: #------------------------------------------------------------------------------- -# Maange Users Certificates +# Manage Users Certificates -from common import Printing, TisPKI, check_directories +from common import Printing, TisPKI, check_directories, config import subprocess import jinja2