[IMP] Lot of improvements

2024-05-17 17:29:47 +02:00
parent 61d50ec61e
commit 9c58afe0f7
6 changed files with 250 additions and 33 deletions
@@ -91,6 +91,24 @@ def create_openssl_config(force=False,verbose=False):
        Printing.warning('Root CA private key and certificate already exist. Skip.')


+def revoke_intermediate_cert(name):
+    Printing.information(f'Revoke {name} CA Intermediate certificate')
+
+    Printing.error(f'Are you realy sure to revoke {name} CA Intermediate certificate ?')
+    Printing.error('If you revoke the CA Intermediate, you revoke also all users and servers certificate signed by this CA')
+    destroy = input('If you are realy sure, please enter : "I want to revoke CA Intermediate" : ')
+    if destroy == 'I want to revoke CA Intermediate':
+        Printing.information('OK, too late ! Revoking your CA Intermediate certificate !')
+        revoke_cmd = subprocess.run(f"/usr/bin/openssl ca -config {os.path.join(TisPKI.root_config_path(),'openssl_root_ca_sign_intermediate.ini')} -revoke {TisPKI.intermediate_ca_certfile(name)}",
+        shell=True, check=False, executable='/bin/bash')
+
+        if revoke_cmd.returncode == 0:
+            Printing.information('Regenerate Root CRL')
+            generate_root_crl()
+        else:
+            Printing.error('Unable to revoke CA Intermediate certificate')
+
+
 def generate_root_crl(verbose=False):
    Printing.information('Generate CRL for Root CA')

@@ -101,3 +119,51 @@ def generate_root_crl(verbose=False):
        Printing.success(f'CRL successfuly generated in : {TisPKI.root_ca_crlfile()}')
    else:
        Printing.error('Unable to generate CRL')
+
+
+def list_root_certificates():
+    Printing.information('List certificates issued of Root CA')
+    certs_list = []
+    with open(os.path.join('/opt','pki','index.txt'),'r') as index:
+        for line in index.readlines():
+            if line.split('\t')[0] == 'R':
+                status = 'Revoked'
+            elif line.split('\t')[0] == 'V':
+                status = 'Valid  '
+            elif line.split('\t')[0] == 'E':
+                status = 'Expired'
+            else:
+                status = line.split('\t')[0]
+
+            serial_number = line.split('\t')[3]
+
+            exp_date = line.split('\t')[1]
+            expiration_date = '20' + exp_date[0:2] + '/' + exp_date[2:4] + '/' + exp_date[4:6] + ' ' + exp_date[6:8] + ':' + exp_date[8:10] +':'+ exp_date[10:12]
+
+            rev_date = line.split('\t')[2]
+            if rev_date != '':
+                revocation_date = '20' + rev_date[0:2] + '/' + rev_date[2:4] + '/' + rev_date[4:6] + ' ' + rev_date[6:8] + ':' + rev_date[8:10] +':'+ rev_date[10:12]
+            else:
+                revocation_date = '                   '
+
+            cn = line.split('\t')[5].split('CN')[1].replace('=','').replace('\n','')
+            cn_len = 20
+            if len(cn) < cn_len:
+                diff = cn_len - len(cn)
+                space = ''
+                for i in range(0, diff):
+                   space = space + ' '
+                commonName = cn + space
+                commonName_full = ''
+            else:
+                commonName = cn[0:20]
+                commonName_full = cn
+
+            certs_list.append(commonName + ' | ' + status + ' | ' +  serial_number + ' | ' + expiration_date + ' | ' + revocation_date + ' | ' + commonName_full)
+
+    print('     CommonName      | Status  |              Serial Number               |   Expiration date   |   Revocation date   |')
+    print('---------------------|---------|------------------------------------------|---------------------|---------------------|')
+    for cert in certs_list:
+        print(cert)
+
+