[IMP] Some improvements

common.py

@@ -183,13 +183,12 @@ def create_openssl_config(force=False,verbose=False):
             if verbose:
                 subprocess.run(f'openssl x509 -in {TisPKI.root_ca_certfile()} -text', shell=True, check=True, executable='/bin/bash')
             Printing.information(f'Root CA Certfile is stored in {TisPKI.root_ca_certfile()}')
-            input("Press Enter to continue...")
         else:
             Printing.error('Error on generating Root CA private key')
             os.remove(TisPKI.root_ca_keyfile())
             retry = input('If you want to retry, press Y : ')
             if retry == "y" or retry == 'Y':
-                create_openssl_config()
+                create_openssl_config(force,verbose)
     else:
         Printing.warning('Root CA private key and certificate already exist. Skip.')
 
@@ -266,13 +265,15 @@ def create_openssl_intermediate(name, force=False,verbose=False):
         -out {TisPKI.intermediate_ca_certfile(name)}", shell=True, check=True, executable='/bin/bash')
 
         if sign_intermediate_ca.returncode == 0:
-
             if verbose:
                 subprocess.run(f'openssl x509 -in {TisPKI.intermediate_ca_certfile(name)} -text', shell=True, check=True, executable='/bin/bash')
             Printing.success(f'Intermediate CA Certfile is stored in : {TisPKI.intermediate_ca_certfile(name)}')
         else:
             Printing.error('Error on generating Intermediate CA private key')
-            sys.exit(1)
+            os.remove(TisPKI.intermediate_ca_keyfile(name))
+            retry = input('If you want to retry, press Y : ')
+            if retry == "y" or retry == 'Y':
+                create_openssl_intermediate(name, force, verbose)
     else:
         Printing.warning('Intermediate CA private key and certificate already exist. Skip.')
 
@@ -308,16 +309,17 @@ def generate_dc_certificate(dc_name=None, ca_name=None, force=False, verbose=Fal
             Printing.error('Unable to find dc_guid')
             sys.exit(1)
         else:
-            dc_guid = str(subprocess.check_output(f'/bin/bash get_guid.sh',shell=True).decode("utf-8")).strip()
+            dc_name_guid = dc_name.split('.')[0]
+            dc_guid = str(subprocess.check_output(f'/bin/bash get_guid.sh {dc_name_guid}',shell=True).decode("utf-8")).strip()
 
         if verbose:
-            Printing.information(f'{dc_name} GUID is : ', str(dc_guid).strip())
+            Printing.information(f'{dc_name} GUID is : ' + str(dc_guid).strip())
 
         template_dir = ('templates')
         jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(template_dir))
         dc_tmpl = jinja_env.get_template('openssl_server_cert.tmpl')
         dc_tmpl_var = {
-            'dc_name': f"{dc_name}",
+            'dc_name': dc_name,
             'dc_guid': str(dc_guid),
             'crl_uri': crl_uri,
             'pki_dir': pki_dir,
@@ -328,7 +330,9 @@ def generate_dc_certificate(dc_name=None, ca_name=None, force=False, verbose=Fal
             'organization_name': config.get('openssl_config','organization_name'),
             'organization_ou': config.get('openssl_config','organization_ou'),
             'dc_ca_keyfile': dc_ca_keyfile,
-            'dc_ca_certfile': dc_ca_certfile
+            'dc_ca_certfile': dc_ca_certfile,
+            'commonName': dc_name
+
         }
 
         config_string = dc_tmpl.render(dc_tmpl_var)

get_guid.sh

@@ -28,8 +28,7 @@ convertToHex() {
 realm=$(grep -i realm /etc/samba/smb.conf | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
 dc=$(echo $realm | awk -F '.' '{for(i = 1; i <= NF; i++) {printf ",DC=" $i}}')
 base="OU=Domain Controllers${dc}"
-cn=$(hostname -s)
-#cn=$(srvads2)
+cn=$1
 GUID=$(ldbsearch  -H /var/lib/samba/private/sam.ldb --basedn="$base" "CN=${cn}" objectGUID \
   | grep '^objectGUID:' \
   | awk '{print $2}' \

manage_pki.py

@@ -22,7 +22,7 @@ def main():
 
     create_group = parser.add_argument_group('Create options')
     create_group.add_argument('--initialize', dest="initialize", action="store_true", help="Create PKI")
-    create_group.add_argument('--full-initialize', dest="full-initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name")
+    create_group.add_argument('--full-initialize', dest="full_initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name")
     create_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.")
     create_group.add_argument('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler")
 
@@ -69,7 +69,9 @@ def main():
             print('Add --dc-name or --name with this command')
         else:
             create_openssl_config(force=args.force,verbose=args.verbose)
+            input("Press Enter to continue...")
             create_openssl_intermediate(args.intermediate_name,args.force,args.verbose)
+            input("Press Enter to continue...")
             generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose)
 
 

templates/openssl_server_cert.tmpl

@@ -81,6 +81,7 @@ organizationalUnitName_default      = {{ organization_unit }}
 
 commonName          		= Common Name (eg, Your Name or server name)
 commonName_max              = 64
+commonName_default			= {{ commonName }}
 
 emailAddress                = Email Address
 emailAddress_max    		= 64