File: createSUDICA.py

package info (click to toggle)
libest 3.2.0%2Bds-1.1
  • links: PTS
  • area: main
  • in suites: forky, sid, trixie
  • size: 11,792 kB
  • sloc: ansic: 60,980; java: 12,082; sh: 4,956; python: 4,474; xml: 385; makefile: 290
file content (117 lines) | stat: -rw-r--r-- 4,334 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
#!python
import shutil
from certgen import *
msg_start_warn = """\
#################################################################
SECURITY CONSIDERATIONS - NOTE WELL
The sample scripts used to handle EST operations are NOT
intended to provide a secure implementation. They have not
been evaluated for security, they have not had a Threat Model
reviewed, they are not particularly good about cleaning up after
themselves and they assume the data exchanged is well formed
if the cryptographic checks pass.

In short: They are not to be trusted. They provide a functional
implementation only.

Continuing will completely erase/destroy/nuke the existing sudiCA\
"""
msg_destroy_alert = """\
Nuking from orbit!
#################################################################\
"""

msg_create_CA = """\
#################################################################
####(Re)creating an initial root SUDI CA certificate
#################################################################\
"""
msg_done_line = """\
#################################################################\
"""
msg_server_combine = """\
#################################################################
####Creating combined trusted cert file for server\
"""
msg_sudi_combine = """\
#################################################################
####Creating combined trusted cert file for client\
"""
msg_huge_combine = """\
#################################################################
####Creating combined trusted cert files for huge cert test\
"""


EST_OPENSSL_SUDICADIR = "sudiCA"
EST_OPENSSL_SUDICACNF = "estExampleSUDICA.cnf"
EST_OPENSSL_INT_SUDICACNF = "estExampleIntSUDICA.cnf"
EST_OPENSSL_SUDICACERT = "%s/cacert.crt" % EST_OPENSSL_SUDICADIR
EST_OPENSSL_SUDICAPRIVDIR = "%s/private" % EST_OPENSSL_SUDICADIR
EST_OPENSSL_SUDICANEWCERTSDIR = "%s/newcerts" % EST_OPENSSL_SUDICADIR
EST_OPENSSL_SUDICADATABASE = "%s/index.txt" % EST_OPENSSL_SUDICADIR
EST_OPENSSL_SUDICASERIAL = "%s/serial" % EST_OPENSSL_SUDICADIR
EST_OPENSSL_SUDICAPRIVKEY = "%s/cakey.pem" % EST_OPENSSL_SUDICAPRIVDIR
EST_OPENSSL_SUDICAPRIVKEYPARAM = "%s/cakeyparam.pem" % EST_OPENSSL_SUDICAPRIVDIR
EST_OPENSSL_SUDICASUBJ = "/CN=estExampleSUDICA"

EST_OPENSSLCMD_SUDICAECPARAMSFILE = "%s/prime256v1.pem" % EST_OPENSSL_SUDICADIR
EST_OPENSSLCMD_SUDICANEWKEY_PARAM = "-newkey ec:%s" % EST_OPENSSLCMD_SUDICAECPARAMSFILE

EST_SUDI_SUBJ = "/CN=127.0.0.1"
EST_SUDI_CERTREQ = "%s/estsudi.req" % EST_OPENSSL_SUDICADIR
EST_SUDI_CERT = "%s/estsudi.crt" % EST_OPENSSL_SUDICADIR
EST_SUDI_PRIVKEY = "estsudi.pem"
EST_SUDI_CERTANDKEY = "%s/estsudicertandkey.pem" % EST_OPENSSL_SUDICAPRIVDIR
EST_SUDI_CCAUTHZDB = "ccAuthz.db"

detectWindowsFlag()
print(msg_start_warn)
try:
    input("Press Enter to continue...")
except:
    print("")
print(msg_destroy_alert)
shutil.rmtree(EST_OPENSSL_SUDICADIR, ignore_errors=True)
print(msg_create_CA)
createCA(EST_OPENSSL_SUDICASUBJ,
         EST_OPENSSL_SUDICADIR,
         EST_OPENSSL_SUDICACERT,
         EST_OPENSSL_SUDICAPRIVDIR,
         EST_OPENSSL_SUDICASERIAL,
         EST_OPENSSL_SUDICADATABASE,
         EST_OPENSSL_SUDICANEWCERTSDIR,
         EST_OPENSSL_SUDICAPRIVKEY,
         EST_OPENSSLCMD_SUDICANEWKEY_PARAM,
         EST_OPENSSLCMD_SUDICAECPARAMSFILE)

createIntermediateCAs(EST_OPENSSL_SUDICADIR,
                      EST_OPENSSL_SUDICACERT,
                      EST_OPENSSL_SUDICAPRIVKEY,
                      EST_OPENSSL_SUDICAPRIVKEYPARAM,
                      EST_OPENSSLCMD_SUDICANEWKEY_PARAM,
                      EST_SUDI_SUBJ,
                      EST_OPENSSL_SUDICACNF,
                      EST_OPENSSL_INT_SUDICACNF,
                      EST_OPENSSL_SUDICASUBJ,
                      EST_SUDI_PRIVKEY,
                      EST_SUDI_CERT,
                      "sudi_chain.crt",
                      2,
                      1)

print(msg_server_combine)
with open("../trustedcerts.crt", "a") as fileout:
    with open("sudiCA/cacert.crt") as filein:
        fileout.write(filein.read())

print(msg_done_line)

print(msg_sudi_combine)
combinefiles("../estCA/cacert.crt", "sudi_chain.crt",
             "trustedcertswithsudichain.crt")
print(msg_done_line)

print("Resetting the est server password file")
with open("../estCA/estpwdfile", "w") as file:
    file.write("estuser:estrealm:36807fa200741bb0e8fb04fcf08e2de6")