From c42097adbb209201599c7e2ea5b7b43f03373218 Mon Sep 17 00:00:00 2001 From: Kevin Guerineau Date: Tue, 7 May 2024 21:29:52 +0200 Subject: [PATCH] [IMP] Add full initialize option --- common.py | 12 ++++++------ manage_pki.py | 9 +++++++++ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/common.py b/common.py index 77fb0b1..f0d0d8c 100644 --- a/common.py +++ b/common.py @@ -107,7 +107,7 @@ def check_directories(path,verbose=False): if verbose: Printing.information('Check directories') - directories_list = ['certs','config','crl','private','csr','p12'] + directories_list = ['certs','config','crl','private','csr','p12','newcerts'] if not os.path.isdir(path): if verbose: @@ -280,13 +280,13 @@ def create_openssl_intermediate(name, force=False,verbose=False): def generate_dc_certificate(dc_name=None, ca_name=None, force=False, verbose=False): if ca_name != "Root": - dc_certfile = TisPKI.intermediate_ca_certfile(ca_name) - dc_keyfile = TisPKI.intermediate_ca_keyfile(ca_name) + dc_certfile = os.path.join(TisPKI.intermediate_cert_path(ca_name),f'{dc_name}.crt') + dc_keyfile = os.path.join(TisPKI.intermediate_keyout_path(ca_name),f'{dc_name}.key') dc_csrfile = os.path.join(TisPKI.intermediate_csr_path(ca_name),f'{dc_name}.csr') dc_openssl_configfile = os.path.join(TisPKI.intermediate_config_path(ca_name),f'openssl_{dc_name}.ini') crl_file = os.path.join(TisPKI.intermediate_crl_path(ca_name),'intermediate_ca.crl') dc_ca_keyfile = TisPKI.intermediate_ca_keyfile(ca_name) - dc_ca_certfile = TisPKI.intermediate_cert_path(ca_name) + dc_ca_certfile = TisPKI.intermediate_ca_certfile(ca_name) crl_uri = config.get('openssl_config','intermediate_crl_uri') pki_dir = TisPKI.pki_intermediate_dir(ca_name) else: @@ -350,11 +350,11 @@ def generate_dc_certificate(dc_name=None, ca_name=None, force=False, verbose=Fal if os.path.isfile(dc_certfile): print('Concatenation of DC and Root cert') subprocess.run(f'cat {dc_certfile} {TisPKI.root_ca_certfile()} > {dc_certfile}_full',shell=True) + Printing.success(f'Certificat is stored in : {dc_certfile}') + Printing.success(f'Key is stored in : {dc_keyfile}') def generate_user_certificate(): - - default_bits_user = config.get('openssl_config','default_bits_user') username = input('Enter username') diff --git a/manage_pki.py b/manage_pki.py index 32d5f61..0db3dc4 100644 --- a/manage_pki.py +++ b/manage_pki.py @@ -22,6 +22,7 @@ def main(): create_group = parser.add_argument_group('Create options') create_group.add_argument('--initialize', dest="initialize", action="store_true", help="Create PKI") + create_group.add_argument('--full-initialize', dest="full-initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name") create_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.") create_group.add_argument('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler") @@ -63,6 +64,14 @@ def main(): else: generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose) + if args.full_initialize: + if not args.dc_name or not args.intermediate_name: + print('Add --dc-name or --name with this command') + else: + create_openssl_config(force=args.force,verbose=args.verbose) + create_openssl_intermediate(args.intermediate_name,args.force,args.verbose) + generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose) + if __name__ == '__main__': main()