study-faraphel/M1-PCA-Project
2
1
Fork 0
Code Issues 7 Pull requests Projects 1 Releases Packages Wiki Activity
M1-PCA-Project/mains/role/admin/action/init/run.py

53 lines
1.9 KiB
Python
Raw Blame History

import argparse
from datetime import datetime, timedelta
from pathlib import Path
from cryptography import x509
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import rsa
def run(parser: argparse.ArgumentParser, arguments: argparse.Namespace):
print("initializing the admin...")
directory = Path(f"./assets/admin/")
if directory.exists():
raise ValueError("The admin already exists !")
directory.mkdir(parents=True)
# Generate a private key
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=4096,
)
(directory / "private.key").write_bytes(
private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
)
# Generate a self-signed root certificate
subject = x509.Name([
x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "FR"),
x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, "Province"),
x509.NameAttribute(x509.NameOID.LOCALITY_NAME, "Locality"),
x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "Organization"),
x509.NameAttribute(x509.NameOID.COMMON_NAME, "domain.com"),
])
certificate = (
x509.CertificateBuilder()
.subject_name(subject)
.issuer_name(subject)
.public_key(private_key.public_key())
.serial_number(x509.random_serial_number())
.not_valid_before(datetime.now() - timedelta(days=1)) # TODO(Faraphel): settings
.not_valid_after(datetime.now() + timedelta(days=365)) # TODO(Faraphel): settings
.sign(private_key, hashes.SHA256())
)
# Save the root certificate to a file
(directory / "certificate.pem").write_bytes(certificate.public_bytes(serialization.Encoding.PEM))
Reference in a new issue View git blame Copy permalink