add mkcert utils

e11b5e47 · Nicolas KAROLAK · 639da4d2 · e11b5e47
Commit e11b5e47 authored 6 years ago by Nicolas KAROLAK
--- a/utils.py
+++ b/utils.py
@@ -310,3 +310,61 @@ def add_hosts_to_localhost(hosts: list):
        log('/etc/hosts updated.')
    else:
        log('/etc/hosts is already up to date.')
+OPENSSL_CONFIG_TEMPLATE = """
+[ req ]
+prompt             = no
+default_bits       = 4096
+default_keyfile    = envsetup.csr.pem
+distinguished_name = subject
+req_extensions     = req_ext
+x509_extensions    = x509_ext
+string_mask        = utf8only
+[ subject ]
+C            = FR
+ST           = IDF
+L            = Paris
+O            = UbiCast
+CN           = MediaServer
+emailAddress = root@localhost
+[ x509_ext ]
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid,issuer
+basicConstraints       = CA:FALSE
+keyUsage               = digitalSignature, keyEncipherment
+subjectAltName         = @alternate_names
+nsComment              = "OpenSSL Generated Certificate"
+[ req_ext ]
+subjectKeyIdentifier = hash
+basicConstraints     = CA:FALSE
+keyUsage             = digitalSignature, keyEncipherment
+subjectAltName       = @alternate_names
+nsComment            = "OpenSSL Generated Certificate"
+[ alternate_names ]
+"""
+def mkcert(domains: list, keysize: int = 4096, days: int = 1825, config_tpl: str = OPENSSL_CONFIG_TEMPLATE):
+    # populate template with domains
+    for i, domain in enumerate(domains, start=1):
+        config_tpl = config_tpl + "DNS.{} = {}\n".format(i, domain)
+    # write openssl config file
+    with open("/etc/ssl/envsetup.conf", "w") as config_fh:
+        config_fh.write(config_tpl)
+    # execute openssl to generate keypair
+    subprocess.check_call([
+        "openssl", "req",
+        "-config", "/etc/ssl/envsetup.conf",
+        "-new", "-x509", "-sha256", "-newkey", "rsa:{}".format(str(keysize)), "-nodes",
+        "-keyout", "/etc/ssl/private/envsetup.key.pem",
+        "-days", str(days),
+        "-out", "/etc/ssl/certs/envsetup.cert.pem"
+    ])