Add preliminary PKCS#12 bundle generation

2016-03-01 11:01:53 +02:00 · 2016-03-01 11:01:53 +02:00 · d38a9a8103
parent 449dcea821
commit d38a9a8103
4 changed files with 33 additions and 4 deletions
--- a/certidude/init.py
+++ b/certidude/init.py
@ -0,0 +1,6 @@
+
+try:
+    from future.standard_library import install_aliases
+    install_aliases()
+except ImportError:
+    pass
--- a/certidude/authority.py
+++ b/certidude/authority.py
@ -146,6 +146,31 @@ def delete_request(common_name):
    requests.delete(config.PUSH_PUBLISH % request_sha1sum,
        headers={"User-Agent": "Certidude API"})

+def generate_p12_bundle(common_name):
+    # Construct private key
+    click.echo("Generating 4096-bit RSA key...")
+    key = crypto.PKey()
+    key.generate_key(crypto.TYPE_RSA, 512)
+
+    # Construct CSR
+    csr = crypto.X509Req()
+    csr.set_version(2) # Corresponds to X.509v3
+    csr.set_pubkey(key)
+    csr.get_subject().CN = common_name
+    buf = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr).decode("utf-8")
+
+    # Sign CSR
+    cert = sign(Request(buf), overwrite=True)
+
+    # Generate P12
+    ca_certs = crypto.load_certificate(crypto.FILETYPE_PEM, open(config.AUTHORITY_CERTIFICATE_PATH).read()),
+    p12 = crypto.PKCS12()
+    p12.set_privatekey( key )
+    p12.set_certificate( cert._obj )
+    p12.set_ca_certificates( ca_certs )
+    return p12.export()
+
+
@publish_certificate
 def sign(req, overwrite=False, delete=True):
    """
--- a/certidude/cli.py
+++ b/certidude/cli.py
@ -23,8 +23,6 @@ from jinja2 import Environment, PackageLoader
 from time import sleep
 from setproctitle import setproctitle
 from OpenSSL import crypto
-from future.standard_library import install_aliases
-install_aliases()

 env = Environment(loader=PackageLoader("certidude", "templates"), trim_blocks=True)

--- a/certidude/wrappers.py
+++ b/certidude/wrappers.py
@ -199,7 +199,7 @@ class Request(CertificateBase):
        self.path = NotImplemented
        self.created = NotImplemented

-        if isinstance(mixed, file):
+        if hasattr(mixed, "read"):
            self.path = mixed.name
            _, _, _, _, _, _, _, _, mtime, _ = os.stat(self.path)
            self.created = datetime.fromtimestamp(mtime)
@ -248,7 +248,7 @@ class Certificate(CertificateBase):
        self.path = NotImplemented
        self.changed = NotImplemented

-        if isinstance(mixed, file):
+        if hasattr(mixed, "read"):
            self.path = mixed.name
            _, _, _, _, _, _, _, _, mtime, _ = os.stat(self.path)
            self.changed = datetime.fromtimestamp(mtime)