Working on SSL certificate generation

2020-04-18 19:17:25 +02:00 · 2020-04-18 19:17:25 +02:00 · 7311ef3e72
commit 7311ef3e72
parent 22a20b98fc
2 changed files with 77 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -63,37 +63,31 @@ python -m filebridging.client --help

 Store configuration in file `mycert.csr.cnf` and run the following command to generate a self-signed SSL certificate.
 ```bash
-openssl req -newkey rsa:2048 -nodes -keyout ./mycert.key \
- -x509 -days 365 -out ./mycert.crt \
+openssl req -newkey rsa:4096 -nodes -keyout ./mycert.key \
+ -x509 -days 365 -out ./mycert.crt -extensions req_ext \
 -config <( cat mycert.csr.cnf )
 ```


 **mycert.csr.cnf**
 ```text
-[req]
-default_bits = 2048
+[ req ]
+default_bits = 4096
 prompt = no
 default_md = sha256
 distinguished_name = dn
-req_extensions = v3_req
-subjectAltName = @alt_names
+req_extensions = req_ext

-[ v3_req ]
+[ req_ext ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectAltName = @alt_names

-[dn]
-C=US
-ST=YourState
-L=YourTown
-O=FileBridging
-OU=filebridging
-emailAddress=filebridging@yourdomain.com
+[ dn ]
 CN = yourdomain.com

 [ alt_names ]
 DNS.1 = yourdomain.com
 DNS.2 = 1.111.111.11
+DNS.3 = https://www.yourdomain.com
 ```
--- a/filebridging/create_certificate.py
+++ b/filebridging/create_certificate.py
@ -0,0 +1,69 @@
+"""Create a SSL certificate.
+
+Requirements: OpenSSL.
+"""
+
+import argparse
+import logging
+import os
+
+
+def get_paths(path):
+    """"""
+    return [
+        os.path.abspath(path) + string
+        for string in (".crt", ".key", "csr.cnf")
+    ]
+
+
+def main():
+    cli_parser = argparse.ArgumentParser(description='Create SSL certificate',
+                                         allow_abbrev=False)
+    cli_parser.add_argument('-n', '--name',
+                            type=str,
+                            default=None,
+                            required=False,
+                            help='Certificate, key and configuration file name')
+    cli_parser.add_argument('-f', '--force', '--overwrite',
+                            action='store_true',
+                            help='Overwrite certificate and key if they exist')
+    arguments = vars(cli_parser.parse_args())
+    name = arguments['name']
+    if name is None:
+        try:
+            from config import name
+        except ImportError:
+            name = None
+    while name is None or not os.access(os.path.dirname(os.path.abspath(name)),
+                                        os.W_OK):
+        try:
+            name = input(
+                "Enter a valid file name for certificate, key and "
+                "configuration file. Directory must be writeable.\n"
+                "\t\t"
+            )
+        except KeyboardInterrupt:
+            print()
+            logging.error("Aborting...")
+            return
+    certificate_path, key_path, configuration_path = get_paths(
+        name
+    )
+    if not os.access(os.path.dirname(certificate_path), os.W_OK):
+        logging.error(f"Invalid path `{certificate_path}`!")
+        return
+    if any(
+            os.path.isfile(path)
+            for path in (certificate_path, key_path, configuration_path)
+    ) and not arguments['force'] and not input(
+        "Do you want to overwrite existing certificate, key and "
+        "configuration file?"
+        "\n[Y]es or [N]o\t\t\t\t"
+    ).lower().startswith('y'):
+        logging.error("Interrupted. Provide a different --name.")
+        return
+    print(certificate_path)
+
+
+if __name__ == '__main__':
+    main()