samba-pki-tools/manage_pki.py

#-------------------------------------------------------------------------------
# Name:         Samba Manage PKI
# Purpose:      Generate and manage Samba PKI
#
# Author:       Kevin Guerineau
#
# Created:      07/05/2024
# Copyright:    (c) kevin 2024
# Licence:      <your licence>
#-------------------------------------------------------------------------------

from optparse import OptionParser, OptionGroup
from argparse import ArgumentParser

from common import *

def main():

    usage = 'Usage : '
    parser = ArgumentParser(prog='Samba PKI Tools',
        description='Manage PKI for Samba')

    create_group = parser.add_argument_group('Create options')
    create_group.add_argument('--initialize', dest="initialize", action="store_true", help="Create PKI")
    create_group.add_argument('--full-initialize', dest="full_initialize", action="store_true", help="Create Root CA, intermediate CA and DC certificate. Use --name and --dc-name")
    create_group.add_argument('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA. Specify name with --name option.")
    create_group.add_argument('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler")

    root_group = parser.add_argument_group('Root CA options')
    root_group.add_argument('--root-crl', dest='root_crl', help='Regenerate CRL for root CA')
    root_group.add_argument('--root-show-certs','--root-show-certificates', dest="root_certs", help='List all certificates issues of root CA')

    intermediate_group = parser.add_argument_group('Intermediate CA options', 'Manage intermediate CA')
    intermediate_group.add_argument('--name', dest='intermediate_name', help='Specify what intermediate CA to manage')
    intermediate_group.add_argument('--crl', dest='intermediate_crl', help='Regenerate CRL for intermediate CA')
    intermediate_group.add_argument('--show-certs', '--show-certificates', dest='intermediate_list', help='List all certificates issues of intermediate CA')

    dc_cert = parser.add_argument_group('Domain Controler options', 'Manage DC certificates')
    dc_cert.add_argument('--dc-cert', dest="dc_cert", action="store_true", help="Create a DC certificate. Specify intermediate CA name with --name option. \
    If you want to use Root ca, set \"Root\" for name value. ")
    dc_cert.add_argument('--dc-name', dest='dc_name', help='Specity the FQDN of DC.')


    dangerous_group = parser.add_argument_group('Dangerous options', "Caution: use these options at your own risk.")
    dangerous_group.add_argument('-f', '--force', dest="force", action="store_true", help="Force reinitialize PKI. VERY DANGEROUS")

    debug_group = parser.add_argument_group('Debug options')
    debug_group.add_argument('-v', '--verbose', dest="verbose", action="store_true", help="Print all command")

    args = parser.parse_args()

    if args.initialize:
        create_openssl_config(force=args.force,verbose=args.verbose)

    if args.create_intermediate:
        if not args.intermediate_name:
            print('Add --name to create intermediate CA')
        else:
            create_openssl_intermediate(args.intermediate_name,args.force,args.verbose)

    if args.dc_cert:
        if not args.dc_name or not args.intermediate_name:
            print('Add --dc-name or --name with this command')
        else:
            generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose)

    if args.full_initialize:
        if not args.dc_name or not args.intermediate_name:
            print('Add --dc-name or --name with this command')
        else:
            create_openssl_config(force=args.force,verbose=args.verbose)
            input("Press Enter to continue...")
            create_openssl_intermediate(args.intermediate_name,args.force,args.verbose)
            input("Press Enter to continue...")
            generate_dc_certificate(dc_name=args.dc_name, ca_name=args.intermediate_name, force=args.force, verbose=args.verbose)


if __name__ == '__main__':
    main()