infra/samba-pki-tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[REF] Split in modules

Browse Source
This commit is contained in:
Kevin Guerineau
2024-05-10 16:47:51 +02:00
parent 3629011913
commit ce28001bae
6 changed files with 429 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files
root_module.py
+91
View File
@@ -0,0 +1,91 @@
#!/usr/bin/python3
#-------------------------------------------------------------------------------
# Name: Samba PKI Tools
# Purpose:
#
# Author: kguerineau-adm
#
# Created: 10/05/2024
# Copyright: (c) kguerineau-adm 2024
# Licence: <your licence>
#-------------------------------------------------------------------------------
# Maange Root CA
from common import Printing, TisPKI, check_directories
import subprocess
import jinja2
import os
import configparser
import sys
from colorama import Fore, Style
import shutil
import time
def create_openssl_config(force=False,verbose=False):
if force:
Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
destroy = input('If you are realy sure, please enter : "I want to remove all my PKI" : ')
if destroy == 'I want to remove all my PKI':
Printing.information('OK, too late ! Destroying your PKI !')
time.sleep(1)
shutil.rmtree(TisPKI.pki_dir(), ignore_errors=True)
Printing.information('Check Root CA OpenSSL Config')
if config.get('general','pki_dir'):
check_directories(path=config.get('general','pki_dir'),verbose=verbose)
else:
Printing.error('No pki_dir set in samba-pki-tools.ini')
sys.exit(1)
root_ca_config = os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca.ini')
if not os.path.isfile(root_ca_config):
Printing.information('Root CA OpenSSL configfile not exist. Creating...')
template_dir = os.path.join('templates')
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(template_dir))
root_ca_tmpl = jinja_env.get_template('openssl_root_ca.tmpl')
root_ca_tmpl_var = {
'organization_ou': config.get('openssl_config','organization_name') + ' CA',
'default_cert_duration': config.get('openssl_config','default_cert_duration'),
'default_crl_duration' : config.get('openssl_config','default_crl_duration'),
'pki_dir': TisPKI.pki_dir(),
'country': config.get('openssl_config','country'),
'state': config.get('openssl_config','state'),
'city': config.get('openssl_config','city'),
'organization_name': config.get('openssl_config','organization_name'),
'organization_ou': config.get('openssl_config','organization_ou'),
'organization_cn': config.get('openssl_config','organization_cn'),
'crl_uri': config.get('openssl_config','crl_uri')
}
config_string = root_ca_tmpl.render(root_ca_tmpl_var)
with open(root_ca_config,'wt') as file:
file.write(config_string)
if os.path.isfile(root_ca_config):
Printing.success('Root CA OpenSSL config file is correctly generated !')
else:
Printing.warning('Root CA OpenSSL config already exist. Skip.')
# Generate privkey and cert for Root CA
if not os.path.isfile(TisPKI.root_ca_keyfile()) or not os.path.isfile(TisPKI.root_ca_certfile()):
Printing.information('Generate Root CA private key')
gen_root_ca = subprocess.run(f'/usr/bin/openssl req -x509 -new -sha512 -config {root_ca_config} \
-days 3650 -extensions v3_ca -keyout {TisPKI.root_ca_keyfile()} -out {TisPKI.root_ca_certfile()}',
shell=True, check=False, executable='/bin/bash')
if gen_root_ca.returncode == 0:
if verbose:
subprocess.run(f'openssl x509 -in {TisPKI.root_ca_certfile()} -text', shell=True, check=True, executable='/bin/bash')
Printing.information(f'Root CA Certfile is stored in {TisPKI.root_ca_certfile()}')
else:
Printing.error('Error on generating Root CA private key')
retry = input('If you want to retry, press Y : ')
if retry == "y" or retry == 'Y':
os.remove(TisPKI.root_ca_keyfile())
create_openssl_config(force,verbose)
else:
Printing.warning('Root CA private key and certificate already exist. Skip.')