#------------------------------------------------------------------------------- # Name: Samba Manage PKI # Purpose: Generate and manage Samba PKI # # Author: Kevin Guerineau # # Created: 07/05/2024 # Copyright: (c) kevin 2024 # Licence: #------------------------------------------------------------------------------- from optparse import OptionParser, OptionGroup from argparse import ArgumentParser from common import * from root_module import * from intermediate_module import * from dc_module import * from user_module import * def main(): usage = 'Usage : ' parser = ArgumentParser(prog='Samba PKI Tools', description='Manage PKI for Samba') root_group = parser.add_argument_group('Root CA options') root_group.add_argument('--create-root', dest="initialize", action="store_true", help="Create PKI") root_group.add_argument('--full-create', dest="full_initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name") root_group.add_argument('--root-crl', dest='root_crl', action="store_true", help='Regenerate CRL for root CA') root_group.add_argument('--root-show-certs','--root-show-certificates', dest="root_certs", action="store_true", help='List all certificates issues of root CA') root_group.add_argument('--root-revoke', dest='root_revoke', action="store_true", help='Revoke an intermediate CA. Use with --name') intermediate_group = parser.add_argument_group('Intermediate CA options', 'Manage intermediate CA') intermediate_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.") intermediate_group.add_argument('--name', dest='intermediate_name', help='Specify what intermediate CA to manage') intermediate_group.add_argument('--crl', dest='intermediate_crl', action="store_true", help='Regenerate CRL for intermediate CA. Specify name with --name option.') intermediate_group.add_argument('--show-certs', '--show-certificates', dest='intermediate_list', action="store_true", help='List all certificates issues of intermediate CA. Specify name with --name option.') intermediate_group.add_argument('--revoke-certs', dest='intermediate_revoke', action='store_true', help="Revoke certificate issue of an intermediate CA. Specify intermediate CA name with --name option") dc_cert = parser.add_argument_group('Domain Controler options', 'Manage DC certificates') dc_cert.add_argument('--dc-cert', dest="dc_cert", action="store_true", help="Create a DC certificate. Specify intermediate CA name with --name option. \ If you want to use Root ca, set \"Root\" for name value. ") dc_cert.add_argument('--dc-name', dest='dc_name', help='Specity the FQDN of DC.') dc_cert.add_argument('--revoke-dc-cert', dest="revoke_dc_cert", action="store_true", help="Revoke a DC certificate. Specify intermediate CA name with --name option.") dangerous_group = parser.add_argument_group('Dangerous options', "Caution: use these options at your own risk.") dangerous_group.add_argument('-f', '--force', dest="force", action="store_true", help="Force reinitialize PKI. VERY DANGEROUS") debug_group = parser.add_argument_group('Debug options') debug_group.add_argument('-v', '--verbose', dest="verbose", action="store_true", help="Print all command") args = parser.parse_args() # Root CA if args.initialize: create_openssl_config(force=args.force,verbose=args.verbose) if args.root_crl: generate_root_crl(verbose=args.verbose) if args.root_revoke: if not args.intermediate_name: print('Add --name to revoke intermediate CA') else: revoke_intermediate_cert(args.intermediate_name) if args.root_certs: list_root_certificates() # Intermediate CA if args.create_intermediate: if not args.intermediate_name: print('Add --name to create intermediate CA') else: create_openssl_intermediate(args.intermediate_name,args.force,args.verbose) if args.intermediate_crl: if not args.intermediate_name: print('Add --name to create intermediate CA') else: generate_intermediate_crl(ca_name=args.intermediate_name,verbose=args.verbose) if args.intermediate_list: if not args.intermediate_name: print('Add --name to specify which intermediate CA use.') else: list_ca_certificates(ca_name=args.intermediate_name) # DC certificates if args.dc_cert: if not args.dc_name or not args.intermediate_name: print('Add --dc-name or --name with this command') else: generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, verbose=args.verbose) if args.revoke_dc_cert: if not args.dc_name or not args.intermediate_name: print('Add --dc-name or --name with this command') else: revoke_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, verbose=args.verbose) # User certificates # Other if args.full_initialize: if not args.dc_name or not args.intermediate_name: print('Add --dc-name or --name with this command') else: create_openssl_config(force=args.force,verbose=args.verbose) input("Press Enter to continue...") create_openssl_intermediate(args.intermediate_name,args.force,args.verbose) input("Press Enter to continue...") generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, verbose=args.verbose) # If no args if len(sys.argv) == 1: parser.print_help() if __name__ == '__main__': main()