From c5c11970a13636e1794522c35a78d66c954f6d82 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Sun, 30 Jun 2024 10:14:42 +0200 Subject: [PATCH] Sign CSR --- python_device/src/args.py | 3 ++- python_device/src/main.py | 14 ++++++++++++-- python_device/src/pki.py | 15 ++++++++++++++- python_device/src/utils.py | 5 +++++ 4 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 python_device/src/utils.py diff --git a/python_device/src/args.py b/python_device/src/args.py index 5a3d1a3..29f1ece 100644 --- a/python_device/src/args.py +++ b/python_device/src/args.py @@ -11,4 +11,5 @@ args = parser.parse_args() args.secure_origin_path = os.path.join(args.storage, "SECURE_ORIGIN") args.root_ca_path = os.path.join(args.storage, "root_ca.pem") -args.dev_priv_key = os.path.join(args.storage, "dev.key") \ No newline at end of file +args.dev_priv_key_path = os.path.join(args.storage, "dev.key") +args.dev_csr_path = os.path.join(args.storage, "dev.csr") \ No newline at end of file diff --git a/python_device/src/main.py b/python_device/src/main.py index dd088b3..72a087f 100644 --- a/python_device/src/main.py +++ b/python_device/src/main.py @@ -1,6 +1,7 @@ from src.args import args import src.api as api import src.pki as pki +import src.utils as utils import os print("Check storage") @@ -28,8 +29,17 @@ if not os.path.isfile(args.root_ca_path): f.write(origin) print("Check private key") -if not os.path.isfile(args.dev_priv_key): +if not os.path.isfile(args.dev_priv_key_path): print("Generate private key...") key = pki.gen_priv_key() - with open(args.dev_priv_key, "w") as f: + with open(args.dev_priv_key_path, "w") as f: f.write(key) + +print("Check CSR") +if not os.path.isfile(args.dev_csr_path): + print("Generate CSR...") + with open(args.dev_priv_key_path, "r") as f: + priv_key = "".join(f.readlines()) + csr = pki.gen_csr(priv_key=priv_key, cn=f"PyDev {utils.rand_str(10)}") + with open(args.dev_csr_path, "w") as f: + f.write(csr) diff --git a/python_device/src/pki.py b/python_device/src/pki.py index 63de59e..5457ba8 100644 --- a/python_device/src/pki.py +++ b/python_device/src/pki.py @@ -3,4 +3,17 @@ from OpenSSL import crypto def gen_priv_key(): key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) - return crypto.dump_privatekey(crypto.FILETYPE_PEM, key).decode("utf-8") \ No newline at end of file + return crypto.dump_privatekey(crypto.FILETYPE_PEM, key).decode("utf-8") + +def parse_priv_key(priv_key: str) -> crypto.PKey: + return crypto.load_privatekey(crypto.FILETYPE_PEM, priv_key) + +def gen_csr(priv_key: str, cn: str) -> str: + priv_key = parse_priv_key(priv_key) + + req = crypto.X509Req() + req.get_subject().CN = cn + req.set_pubkey(priv_key) + req.sign(priv_key, "sha256") + + return crypto.dump_certificate_request(crypto.FILETYPE_PEM, req).decode("utf-8") diff --git a/python_device/src/utils.py b/python_device/src/utils.py new file mode 100644 index 0000000..cf91073 --- /dev/null +++ b/python_device/src/utils.py @@ -0,0 +1,5 @@ +import string +import random + +def rand_str(len: int) -> str: + return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(len)) \ No newline at end of file