diff options
Diffstat (limited to 'roles/x509/ownca/contrib/gen-ca.py')
| -rwxr-xr-x | roles/x509/ownca/contrib/gen-ca.py | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/roles/x509/ownca/contrib/gen-ca.py b/roles/x509/ownca/contrib/gen-ca.py deleted file mode 100755 index 8f99da6c..00000000 --- a/roles/x509/ownca/contrib/gen-ca.py +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env python3 - -from cryptography import x509 -from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import rsa -from cryptography.x509.oid import NameOID -import datetime -import argparse - -parser = argparse.ArgumentParser("spreadspace ansible CA-generator") -parser.add_argument("-n", "--variable-name", dest='varname', help="ansible variable name to be used", type=str, required=True) -parser.add_argument("-CN", "--common-name", dest='CN', help="Common Name field of the CA's subject", type=str, required=True) -parser.add_argument("-O", "--organization-name", dest='O', help="Organization Name field of the CA's subject", type=str) -parser.add_argument("-OU", "--organizational-unit", dest='OU', help="Organizational Unit field of the CA's subject", type=str) -parser.add_argument("-C", "--country-name", dest='C', help="Country Name field of the CA's subject", type=str) -parser.add_argument("-ST", "--state-or-provice", dest='ST', help="State-or-Province field of the CA's subject", type=str) -parser.add_argument("-L", "--locality", dest='L', help="Locality Name field of the CA's subject", type=str) -args = parser.parse_args() - -subject_fields = [] -if args.CN: - subject_fields.append(x509.NameAttribute(NameOID.COMMON_NAME, args.CN)) -if args.O: - subject_fields.append(x509.NameAttribute(NameOID.ORGANIZATION_NAME, args.O)) -if args.OU: - subject_fields.append(x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, args.OU)) -if args.C: - subject_fields.append(x509.NameAttribute(NameOID.COUNTRY_NAME, args.C)) -if args.ST: - subject_fields.append(x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, args.ST)) -if args.L: - subject_fields.append(x509.NameAttribute(NameOID.LOCALITY_NAME, args.L)) - -subject = issuer = x509.Name(subject_fields) -private_key = rsa.generate_private_key( - public_exponent=65537, - key_size=4096, -) -public_key = private_key.public_key() - -builder = x509.CertificateBuilder() -builder = builder.subject_name(subject) -builder = builder.issuer_name(issuer) -builder = builder.not_valid_before(datetime.datetime.today() - datetime.timedelta(days=1)) -builder = builder.not_valid_after(datetime.datetime.today() + datetime.timedelta(weeks=2080)) # about 20years -builder = builder.serial_number(x509.random_serial_number()) -builder = builder.public_key(public_key) -builder = builder.add_extension(x509.BasicConstraints(ca=True, path_length=1), critical=True) -certificate = builder.sign(private_key=private_key, algorithm=hashes.SHA256()) - - -private_key_pem = private_key.private_bytes(encoding=serialization.Encoding.PEM, - format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) -certificate_pem = certificate.public_bytes(serialization.Encoding.PEM) - - -print("## Add this to vault file") -print("") -print("vault_%s_key: |" % (args.varname)) -for line in private_key_pem.splitlines(): - print(" {}".format(line.decode('utf-8'))) - -print("") -print("") -print("") -print("") -print("## Add this to vars file") -print("") -print("%s_key: \"{{ vault_%s_key }}\"" % (args.varname, args.varname)) -print("%s_cert: |" % (args.varname)) -for line in certificate_pem.splitlines(): - print(" {}".format(line.decode('utf-8'))) |