infra/samba-pki-tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[IMP] Lot of improvements

Browse Source
This commit is contained in:
Kevin Guerineau
2024-05-17 17:29:47 +02:00
parent 61d50ec61e
commit 9c58afe0f7
6 changed files with 250 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
intermediate_module.py
+74 -3
View File
@@ -13,6 +13,7 @@
# Maange Intermediate CA
from common import Printing, TisPKI, check_directories, config
from root_module import generate_root_crl
import subprocess
import jinja2
@@ -22,9 +23,9 @@ import sys
from colorama import Fore, Style
import shutil
import time
import glob
def create_openssl_intermediate(name, force=False,verbose=False):
def create_openssl_intermediate(name, force=False, verbose=False):
## if force:
## Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
@@ -113,4 +114,74 @@ def create_openssl_intermediate(name, force=False,verbose=False):
os.remove(TisPKI.intermediate_ca_keyfile(name))
create_openssl_intermediate(name, force, verbose)
else:
Printing.warning('Intermediate CA private key and certificate already exist. Skip.')
Printing.warning('Intermediate CA private key and certificate already exist. Skip.')
def generate_intermediate_crl(configfile=None, ca_name=None, verbose=False):
Printing.information(f'Generate CRL for {ca_name} intermediate CA')
if configfile==None:
for file in glob.glob(os.path.join(TisPKI.intermediate_config_path(ca_name),'openssl_*.ini')):
configfile = file
break
gen_crl = subprocess.run(f'openssl ca -config {configfile} -gencrl -out {TisPKI.intermediate_ca_crlfile(ca_name)}',shell=True)
if gen_crl.returncode == 0:
if verbose:
subprocess.run(f'openssl crl -in {TisPKI.intermediate_ca_crlfile(ca_name)} -text')
Printing.success(f'CRL successfuly generated in : {TisPKI.intermediate_ca_crlfile(ca_name)}')
else:
Printing.error('Unable to generate CRL')
def list_ca_certificates(ca_name=None):
Printing.information(f'List certificates issued of {ca_name}')
certs_list = []
try:
with open(os.path.join('/opt',TisPKI.pki_intermediate_dir(ca_name),'index.txt'),'r') as index:
for line in index.readlines():
if line.split('\t')[0] == 'R':
status = 'Revoked'
elif line.split('\t')[0] == 'V':
status = 'Valid '
elif line.split('\t')[0] == 'E':
status = 'Expired'
else:
status = line.split('\t')[0]
serial_number = line.split('\t')[3]
exp_date = line.split('\t')[1]
expiration_date = '20' + exp_date[0:2] + '/' + exp_date[2:4] + '/' + exp_date[4:6] + ' ' + exp_date[6:8] + ':' + exp_date[8:10] +':'+ exp_date[10:12]
rev_date = line.split('\t')[2]
if rev_date != '':
revocation_date = '20' + rev_date[0:2] + '/' + rev_date[2:4] + '/' + rev_date[4:6] + ' ' + rev_date[6:8] + ':' + rev_date[8:10] +':'+ rev_date[10:12]
else:
revocation_date = ' '
cn = line.split('\t')[5].split('CN')[1].replace('=','').replace('\n','')
cn_len = 20
if len(cn) < cn_len:
diff = cn_len - len(cn)
space = ''
for i in range(0, diff):
space = space + ' '
commonName = cn + space
commonName_full = ''
else:
commonName = cn[0:20]
commonName_full = cn
certs_list.append(commonName + ' | ' + status + ' | ' + serial_number + ' | ' + expiration_date + ' | ' + revocation_date + ' | ' + commonName_full)
print(' CommonName | Status | Serial Number | Expiration date | Revocation date |')
print('---------------------|---------|------------------------------------------|---------------------|---------------------|')
for cert in certs_list:
print(cert)
except Exception as e:
if "Errno 2" in str(e):
Printing.error('Unable to find CA')
else:
Printing.error('Error when list certificates %s' % e)