Davte
Queer European MD passionate about IT
Home Explore Help
Sign In
Davte
/
filebridging
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Working on SSL certificate generation

Davte 5 years ago
parent
22a20b98fc
commit
7311ef3e72
2 changed files with 77 additions and 14 deletions
Split View Show Diff Stats
  1. 8 14
      README.md
  2. 69 0
      filebridging/create_certificate.py

+ 8 - 14
README.md
View File 

@@ -63,37 +63,31 @@ python -m filebridging.client --help
 
 
 Store configuration in file `mycert.csr.cnf` and run the following command to generate a self-signed SSL certificate.
 
 ```bash
 
-openssl req -newkey rsa:2048 -nodes -keyout ./mycert.key \
 
- -x509 -days 365 -out ./mycert.crt \
 
+openssl req -newkey rsa:4096 -nodes -keyout ./mycert.key \
 
+ -x509 -days 365 -out ./mycert.crt -extensions req_ext \
 
  -config <( cat mycert.csr.cnf )
 
 ```
 
 
 
 **mycert.csr.cnf**
 
 ```text
 
-[req]
 
-default_bits = 2048
 
+[ req ]
 
+default_bits = 4096
 
 prompt = no
 
 default_md = sha256
 
 distinguished_name = dn
 
-req_extensions = v3_req
 
-subjectAltName = @alt_names
 
+req_extensions = req_ext
 
 
-[ v3_req ]
 
+[ req_ext ]
 
 basicConstraints = CA:FALSE
 
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 subjectAltName = @alt_names
 
 
-[dn]
 
-C=US
 
-ST=YourState
 
-L=YourTown
 
-O=FileBridging
 
-OU=filebridging
 
-emailAddress=filebridging@yourdomain.com
 
+[ dn ]
 
 CN = yourdomain.com
 
 
 [ alt_names ]
 
 DNS.1 = yourdomain.com
 
 DNS.2 = 1.111.111.11
 
+DNS.3 = https://www.yourdomain.com
 
 ```

+ 69 - 0
filebridging/create_certificate.py
View File 

@@ -0,0 +1,69 @@
 
+"""Create a SSL certificate.
 
+
 
+Requirements: OpenSSL.
 
+"""
 
+
 
+import argparse
 
+import logging
 
+import os
 
+
 
+
 
+def get_paths(path):
 
+    """"""
 
+    return [
 
+        os.path.abspath(path) + string
 
+        for string in (".crt", ".key", "csr.cnf")
 
+    ]
 
+
 
+
 
+def main():
 
+    cli_parser = argparse.ArgumentParser(description='Create SSL certificate',
 
+                                         allow_abbrev=False)
 
+    cli_parser.add_argument('-n', '--name',
 
+                            type=str,
 
+                            default=None,
 
+                            required=False,
 
+                            help='Certificate, key and configuration file name')
 
+    cli_parser.add_argument('-f', '--force', '--overwrite',
 
+                            action='store_true',
 
+                            help='Overwrite certificate and key if they exist')
 
+    arguments = vars(cli_parser.parse_args())
 
+    name = arguments['name']
 
+    if name is None:
 
+        try:
 
+            from config import name
 
+        except ImportError:
 
+            name = None
 
+    while name is None or not os.access(os.path.dirname(os.path.abspath(name)),
 
+                                        os.W_OK):
 
+        try:
 
+            name = input(
 
+                "Enter a valid file name for certificate, key and "
 
+                "configuration file. Directory must be writeable.\n"
 
+                "\t\t"
 
+            )
 
+        except KeyboardInterrupt:
 
+            print()
 
+            logging.error("Aborting...")
 
+            return
 
+    certificate_path, key_path, configuration_path = get_paths(
 
+        name
 
+    )
 
+    if not os.access(os.path.dirname(certificate_path), os.W_OK):
 
+        logging.error(f"Invalid path `{certificate_path}`!")
 
+        return
 
+    if any(
 
+            os.path.isfile(path)
 
+            for path in (certificate_path, key_path, configuration_path)
 
+    ) and not arguments['force'] and not input(
 
+        "Do you want to overwrite existing certificate, key and "
 
+        "configuration file?"
 
+        "\n[Y]es or [N]o\t\t\t\t"
 
+    ).lower().startswith('y'):
 
+        logging.error("Interrupted. Provide a different --name.")
 
+        return
 
+    print(certificate_path)
 
+
 
+
 
+if __name__ == '__main__':
 
+    main()