summaryrefslogtreecommitdiff
path: root/roles/x509/ownca/contrib/gen-ca.py
diff options
context:
space:
mode:
Diffstat (limited to 'roles/x509/ownca/contrib/gen-ca.py')
-rwxr-xr-xroles/x509/ownca/contrib/gen-ca.py72
1 files changed, 72 insertions, 0 deletions
diff --git a/roles/x509/ownca/contrib/gen-ca.py b/roles/x509/ownca/contrib/gen-ca.py
new file mode 100755
index 00000000..f5bc1fe7
--- /dev/null
+++ b/roles/x509/ownca/contrib/gen-ca.py
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509.oid import NameOID
+import datetime
+import argparse
+
+parser = argparse.ArgumentParser("spreadspace ansible CA-generator")
+parser.add_argument("-n", "--varaiable-name", dest='varname', help="ansible variable name to be used", type=str, required=True)
+parser.add_argument("-CN", "--common-name", dest='CN', help="Common Name field of the CA's subject", type=str, required=True)
+parser.add_argument("-O", "--organization-name", dest='O', help="Organization Name field of the CA's subject", type=str)
+parser.add_argument("-OU", "--organizational-unit", dest='OU', help="Organizational Unit field of the CA's subject", type=str)
+parser.add_argument("-C", "--country-name", dest='C', help="Country Name field of the CA's subject", type=str)
+parser.add_argument("-ST", "--state-or-provice", dest='ST', help="State-or-Province field of the CA's subject", type=str)
+parser.add_argument("-L", "--locality", dest='L', help="Locality Name field of the CA's subject", type=str)
+args = parser.parse_args()
+
+subject_fields = []
+if args.CN:
+ subject_fields.append(x509.NameAttribute(NameOID.COMMON_NAME, args.CN))
+if args.O:
+ subject_fields.append(x509.NameAttribute(NameOID.ORGANIZATION_NAME, args.O))
+if args.OU:
+ subject_fields.append(x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, args.OU))
+if args.C:
+ subject_fields.append(x509.NameAttribute(NameOID.COUNTRY_NAME, args.C))
+if args.ST:
+ subject_fields.append(x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, args.ST))
+if args.L:
+ subject_fields.append(x509.NameAttribute(NameOID.LOCALITY_NAME, args.L))
+
+subject = issuer = x509.Name(subject_fields)
+private_key = rsa.generate_private_key(
+ public_exponent=65537,
+ key_size=4096,
+)
+public_key = private_key.public_key()
+
+builder = x509.CertificateBuilder()
+builder = builder.subject_name(subject)
+builder = builder.issuer_name(issuer)
+builder = builder.not_valid_before(datetime.datetime.today() - datetime.timedelta(days=1))
+builder = builder.not_valid_after(datetime.datetime.today() + datetime.timedelta(weeks=2080)) # about 20years
+builder = builder.serial_number(x509.random_serial_number())
+builder = builder.public_key(public_key)
+builder = builder.add_extension(x509.BasicConstraints(ca=True, path_length=1), critical=True)
+certificate = builder.sign(private_key=private_key, algorithm=hashes.SHA256())
+
+
+private_key_pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption())
+certificate_pem = certificate.public_bytes(serialization.Encoding.PEM)
+
+
+print("## Add this to vault file")
+print("")
+print("vault_%s_key: |" % (args.varname))
+for line in private_key_pem.splitlines():
+ print(" {}".format(line.decode('utf-8')))
+
+print("")
+print("")
+print("")
+print("")
+print("## Add this to vars file")
+print("")
+print("%s_key: \"{{ vault_%s_key }}\"" % (args.varname, args.varname))
+print("%s_cert: |" % (args.varname))
+for line in certificate_pem.splitlines():
+ print(" {}".format(line.decode('utf-8')))
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 02:43:13 +0000