-
Notifications
You must be signed in to change notification settings - Fork 50
/
Copy pathmakecerts-sk163.py
166 lines (144 loc) · 4.98 KB
/
makecerts-sk163.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python
# **********************************************************************
#
# Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
#
# modify by sk163
#
# **********************************************************************
import os, sys, socket, getopt,getpass
try:
import IceCertUtils
except:
print("error: couldn't find IceCertUtils, install `zeroc-icecertutils' package "
"from Python package repository")
sys.exit(1)
def question(message, expected = None):
sys.stdout.write(message)
sys.stdout.write(' ')
sys.stdout.flush()
choice = sys.stdin.readline().strip()
if expected:
return choice in expected
else:
return choice
def usage():
print("Usage: " + sys.argv[0] + " [options]")
print("")
print("Options:")
print("-h Show this message.")
print("-d | --debug Debugging output.")
print("--ip <ip> The IP address for the server certificate.")
print("--dns <dns> The DNS name for the server certificate.")
print("--use-dns Use the DNS name for the server certificate common")
print(" name (default is to use the IP address)." )
sys.exit(1)
#
# Check arguments
#
debug = False
ip = None
dns = None
usedns = False
impl = ""
createCA=False
try:
opts, args = getopt.getopt(sys.argv[1:], "hd", ["help", "debug", "ip=", "dns=","use-dns","impl="])
except getopt.GetoptError as e:
print("Error %s " % e)
usage()
sys.exit(1)
for (o, a) in opts:
if o == "-h" or o == "--help":
usage()
sys.exit(0)
elif o == "-d" or o == "--debug":
debug = True
elif o == "--ip":
ip = a
elif o == "--dns":
dns = a
elif o == "--use-dns":
usedns = True
elif o == "--impl":
impl = a
def request(question, newvalue, value):
while True:
sys.stdout.write(question)
sys.stdout.flush()
input = sys.stdin.readline().strip()
if input == 'n':
sys.stdout.write(newvalue)
sys.stdout.flush()
return sys.stdin.readline().strip()
else:
return value
home = os.getcwd()
print home
if question("create CA? (y/n) [n]", ['y', 'Y']):
if not ip:
try:
#ip = socket.gethostbyname(socket.gethostname())
ip = "127.0.0.1"
except:
ip = "127.0.0.1"
ip = request("The IP address used for the server certificate will be: " + ip + "\n"
"Do you want to keep this IP address? (y/n) [y]", "IP : ", ip)
if not dns:
dns = "localhost"
dns = request("The DNS name used for the server certificate will be: " + dns + "\n"
"Do you want to keep this DNS name? (y/n) [y]", "DNS : ", dns)
CertificateFactory = vars(IceCertUtils)[impl + "CertificateFactory"]
# Construct the DN for the CA certificate.
DNelements = {
'C': "Country name",
'ST':"State or province name",
'L': "Locality",
'O': "Organization name",
'OU':"Organizational unit name",
'CN':"Common name",
'emailAddress': "Email address"
}
dn = IceCertUtils.DistinguishedName("Ice CertUtils CA")
while True:
print("")
print("The subject name for your CA will be " + str(dn))
print("")
if question("Do you want to keep this as the CA subject name? (y/n) [y]", ['n', 'N']):
for k,v in DNelements.items():
v = question(v + ": ")
if k == 'C' and len(v) > 2:
print("The contry code can't be longer than 2 characters")
continue
setattr(dn, k, v)
else:
break
#factory = CertificateFactory(debug=debug, cn="Ice Demos CA")
capass = getpass.getpass("Enter the CA passphrase:")
home = os.path.normpath(home)
factory =lambda: IceCertUtils.CertificateFactory(home=home, debug=debug, dn=dn, password=capass)
else:
#ca_path=question("ca.pem follder path:");
if not os.path.exists(home+"/ca.pem"):
print("ca.pem not found");
sys.exit(1)
capass = getpass.getpass("Enter the CA passphrase:")
factory =lambda: IceCertUtils.CertificateFactory(home=home, debug=debug, password=capass)
# Client certificate
if question("create Client Cert? (y/n) [n]", ['y', 'Y']):
client_alias=question("client_alias:");
clinetpass = getpass.getpass("Enter the Client pass passphrase:")
client = factory().create(client_alias)
client.save(client_alias+".p12",password=clinetpass).save(client_alias+".jks", caalias="ca",password=clinetpass)
# Server certificate
if question("create Server Cert? (y/n) [n]", ['y', 'Y']):
server_alias=question("server_alias:");
serverpass = getpass.getpass("Enter the Server pass passphrase:")
server = factory().create("server", cn = (dns if usedns else ip), ip=ip, dns=dns)
server.save("server.p12",password=serverpass).save("server.jks", caalias="ca",password=serverpass)
#try:
# client.save("client.bks", caalias="cacert")
# server.save("server.bks", caalias="cacert")
#except Exception as ex:
# print("warning: couldn't generate BKS certificates:\n" + str(ex))
#factory.destroy()