67 lines
2.4 KiB
Python
67 lines
2.4 KiB
Python
import argparse
|
|
from datetime import datetime, timedelta
|
|
from pathlib import Path
|
|
|
|
from cryptography import x509
|
|
from cryptography.hazmat.primitives import serialization, hashes
|
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
|
|
|
|
def run(parser: argparse.ArgumentParser, arguments: argparse.Namespace):
|
|
print("creating a new machine...")
|
|
|
|
directory_admin = Path("./assets/admin/")
|
|
if not directory_admin.exists():
|
|
raise ValueError("Can't find the admin. Have you initialized it ?")
|
|
|
|
directory_machine = Path(f"./assets/machine/{arguments.name}/")
|
|
if directory_machine.exists():
|
|
raise ValueError("This machine already exists !")
|
|
|
|
directory_machine.mkdir(parents=True)
|
|
|
|
# Generate a private key
|
|
private_key = rsa.generate_private_key(
|
|
public_exponent=65537,
|
|
key_size=2048,
|
|
)
|
|
|
|
(directory_machine / "private.key").write_bytes(
|
|
private_key.private_bytes(
|
|
encoding=serialization.Encoding.PEM,
|
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
|
encryption_algorithm=serialization.NoEncryption(),
|
|
)
|
|
)
|
|
|
|
certificate_admin = x509.load_pem_x509_certificate(
|
|
(directory_admin / "certificate.pem").read_bytes()
|
|
)
|
|
private_key_admin = serialization.load_pem_private_key(
|
|
(directory_admin / "private.key").read_bytes(),
|
|
password=None
|
|
)
|
|
|
|
# Generate a self-signed root certificate
|
|
subject = x509.Name([
|
|
x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "FR"),
|
|
x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, "Province"),
|
|
x509.NameAttribute(x509.NameOID.LOCALITY_NAME, "Locality"),
|
|
x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "Organization"),
|
|
x509.NameAttribute(x509.NameOID.COMMON_NAME, "domain.com"),
|
|
])
|
|
certificate = (
|
|
x509.CertificateBuilder()
|
|
.subject_name(subject)
|
|
.issuer_name(certificate_admin.subject)
|
|
.public_key(private_key.public_key())
|
|
.serial_number(x509.random_serial_number())
|
|
.not_valid_before(datetime.now() - timedelta(days=1)) # TODO(Faraphel): settings
|
|
.not_valid_after(datetime.now() + timedelta(days=365)) # TODO(Faraphel): settings
|
|
.sign(private_key_admin, hashes.SHA256())
|
|
)
|
|
|
|
# Save the root certificate to a file
|
|
(directory_machine / "certificate.pem").write_bytes(certificate.public_bytes(serialization.Encoding.PEM))
|
|
|
|
print("machine created !")
|