[REF] Split in modules
This commit is contained in:
Kevin Guerineau
@@ -0,0 +1,95 @@
|
||||
#!/usr/bin/python3
|
||||
#-------------------------------------------------------------------------------
|
||||
# Name: Samba PKI Tools
|
||||
# Purpose:
|
||||
#
|
||||
# Author: kguerineau-adm
|
||||
#
|
||||
# Created: 10/05/2024
|
||||
# Copyright: (c) kguerineau-adm 2024
|
||||
# Licence: <your licence>
|
||||
#-------------------------------------------------------------------------------
|
||||
|
||||
# Maange Users Certificates
|
||||
|
||||
from common import Printing, TisPKI, check_directories
|
||||
|
||||
import subprocess
|
||||
import jinja2
|
||||
import os
|
||||
import configparser
|
||||
import sys
|
||||
from colorama import Fore, Style
|
||||
import shutil
|
||||
import time
|
||||
|
||||
def generate_user_certificate():
|
||||
default_bits_user = config.get('openssl_config','default_bits_user')
|
||||
|
||||
username = input('Enter username')
|
||||
|
||||
upn_suffix = config.get('samba_ad','upn_suffix')
|
||||
upn = f'{username}@{upn_suffix}'
|
||||
|
||||
if TisPKI.intermediate_ca:
|
||||
crl_file = os.path.join(TisPKI.intermediate_crl_path(),'intermediate_ca.crl')
|
||||
dc_ca_keyfile = os.path.join(TisPKI.intermediate_keyout_path(),'intermediate_ca.key')
|
||||
dc_ca_certfile = os.path.join(TisPKI.intermediate_cert_path(),'intermediate_ca.crt')
|
||||
crl_uri = config.get('openssl_config','intermediate_crl_uri')
|
||||
pki_dir = TisPKI.pki_intermediate_dir()
|
||||
openssl_user_file = os.path.join(TisPKI.intermediate_config_path(),'openssl_user.ini')
|
||||
emailAddress = upn
|
||||
commonName = username
|
||||
else:
|
||||
crl_file = os.path.join(TisPKI.root_crl_path(),'root_ca.crl')
|
||||
dc_ca_keyfile = os.path.join(TisPKI.root_keyout_path(),'root_ca.key')
|
||||
dc_ca_certfile = os.path.join(TisPKI.root_cert_path(),'root_ca.crt')
|
||||
crl_uri = config.get('openssl_config','crl_uri')
|
||||
pki_dir = TisPKI.pki_dir()
|
||||
openssl_user_file = os.path.join(TisPKI.root_config_path(),'openssl_user.ini')
|
||||
emailAddress = upn
|
||||
commonName = username
|
||||
|
||||
template_dir = ('templates')
|
||||
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(template_dir))
|
||||
user_tmpl = jinja_env.get_template('openssl_user_cert.tmpl')
|
||||
user_tmpl_var = {
|
||||
'crl_uri': crl_uri,
|
||||
'pki_dir': pki_dir,
|
||||
'default_cert_duration': config.get('openssl_config','default_cert_duration'),
|
||||
'country': config.get('openssl_config','country'),
|
||||
'state': config.get('openssl_config','state'),
|
||||
'city': config.get('openssl_config','city'),
|
||||
'organization_name': config.get('openssl_config','organization_name'),
|
||||
'organization_ou': config.get('openssl_config','organization_ou'),
|
||||
'dc_ca_keyfile': dc_ca_keyfile,
|
||||
'dc_ca_certfile': dc_ca_certfile,
|
||||
'default_bits_user': config.get('openssl_config','default_bits_user'),
|
||||
'emailAddress' : emailAddress,
|
||||
'commonName' : commonName
|
||||
|
||||
}
|
||||
|
||||
config_string = user_tmpl.render(user_tmpl_var)
|
||||
with open(openssl_user_file,'wt') as file:
|
||||
file.write(config_string)
|
||||
|
||||
if os.path.isfile(openssl_user_file):
|
||||
print(f'User OpenSSL configfile is correctly generated !')
|
||||
|
||||
|
||||
|
||||
|
||||
print(f'Generate private key for {upn}')
|
||||
print(subprocess.run(f"openssl req -new -newkey rsa:{default_bits_user} -keyout {TisPKI.root_keyout_path()}/{username}.key -out {TisPKI.root_csr_path()}/{username}.csr -config <(cat {openssl_user_file} <(cat <<-EOF\n[ sanuser ]\notherName=msUPN;UTF8:{upn}\nemail=copy\nEOF\n)\n)",shell=True,check=True, executable='/bin/bash'))
|
||||
|
||||
print(f'Sign certificate')
|
||||
print(subprocess.run(f'openssl ca -extensions usr_cert_scarduser -days 730 -notext -md sha512 -create_serial -in {TisPKI.root_csr_path()}/{username}.csr -out {TisPKI.root_cert_path()}/{username}.crt -config <(cat {openssl_user_file} <(cat <<-EOF\n[ sanuser ]\notherName=msUPN;UTF8:{upn}\nemail=copy\nEOF\n)\n)',shell=True,check=True, executable='/bin/bash'))
|
||||
|
||||
|
||||
print('Remove password in rsa key')
|
||||
print(subprocess.run(f'openssl rsa -in {TisPKI.root_keyout_path()}/{username}.key -out {TisPKI.root_keyout_path()}/{username}-nopasswd.key',shell=True,check=True, executable='/bin/bash'))
|
||||
|
||||
print('Create p12')
|
||||
print(subprocess.run(f'openssl pkcs12 -export -inkey {TisPKI.root_keyout_path()}/{username}-nopasswd.key -in {TisPKI.root_cert_path()}/{username}.crt -out {TisPKI.root_p12_path()}/{username}.p12', shell=True,check=True, executable='/bin/bash'))
|
||||
|
||||
Reference in New Issue
Block a user