File: lib.py

package info (click to toggle)
receptor 1.5.5-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,772 kB
  • sloc: python: 1,643; makefile: 305; sh: 174
file content (108 lines) | stat: -rw-r--r-- 3,037 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
import os
import subprocess

__OIDReceptorName = "1.3.6.1.4.1.2312.19.1"
__OIDReceptorNameFormat = "UTF8"


def __init__():
    pass


def create_certificate(tmp_dir: str, commonName: str = "localhost"):
    def generate_cert(name, commonName):
        keyPath = os.path.join(tmp_dir, name + ".key")
        crtPath = os.path.join(tmp_dir, name + ".crt")
        subprocess.check_output(["openssl", "genrsa", "-out", keyPath, "2048"])
        subprocess.check_output(
            [
                "openssl",
                "req",
                "-x509",
                "-new",
                "-nodes",
                "-key",
                keyPath,
                "-subj",
                "/C=/ST=/L=/O=/OU=ReceptorTesting/CN=ca",
                "-sha256",
                "-out",
                crtPath,
            ]
        )
        return keyPath, crtPath

    def generate_cert_with_ca(name, caKeyPath, caCrtPath, commonName):
        keyPath = os.path.join(tmp_dir, name + ".key")
        crtPath = os.path.join(tmp_dir, name + ".crt")
        csrPath = os.path.join(tmp_dir, name + ".csa")
        extPath = os.path.join(tmp_dir, name + ".ext")

        # create x509 extension
        with open(extPath, "w") as ext:
            # DNSName to SAN
            ext.write("subjectAltName=DNS:" + commonName)
            # Receptor NodeID (otherName) to SAN
            ext.write(
                ",otherName:"
                + __OIDReceptorName
                + ";"
                + __OIDReceptorNameFormat
                + ":"
                + commonName
            )
            ext.close()
        subprocess.check_output(["openssl", "genrsa", "-out", keyPath, "2048"])

        # create cert request
        subprocess.check_output(
            [
                "openssl",
                "req",
                "-new",
                "-sha256",
                "-key",
                keyPath,
                "-subj",
                "/C=/ST=/L=/O=/OU=ReceptorTesting/CN=" + commonName,
                "-out",
                csrPath,
            ]
        )

        # sign cert request
        subprocess.check_output(
            [
                "openssl",
                "x509",
                "-req",
                "-extfile",
                extPath,
                "-in",
                csrPath,
                "-CA",
                caCrtPath,
                "-CAkey",
                caKeyPath,
                "-CAcreateserial",
                "-out",
                crtPath,
                "-sha256",
            ]
        )

        return keyPath, crtPath

    # Create a new CA
    caKeyPath, caCrtPath = generate_cert("ca", "ca")
    clientKeyPath, clientCrtPath = generate_cert_with_ca(
        "client", caKeyPath, caCrtPath, commonName
    )
    generate_cert_with_ca("server", caKeyPath, caCrtPath, commonName)

    return {
        "caKeyPath": caKeyPath,
        "caCrtPath": caCrtPath,
        "clientKeyPath": clientKeyPath,
        "clientCrtPath": clientCrtPath,
    }