Sign CSR

2024-06-30 10:14:42 +02:00 · 2024-06-30 10:14:42 +02:00 · c5c11970a1
commit c5c11970a1
parent 426c25fce5
4 changed files with 33 additions and 4 deletions
--- a/python_device/src/args.py
+++ b/python_device/src/args.py
@ -11,4 +11,5 @@ args = parser.parse_args()

 args.secure_origin_path = os.path.join(args.storage, "SECURE_ORIGIN")
 args.root_ca_path = os.path.join(args.storage, "root_ca.pem")
-args.dev_priv_key = os.path.join(args.storage, "dev.key")
+args.dev_priv_key_path = os.path.join(args.storage, "dev.key")
+args.dev_csr_path = os.path.join(args.storage, "dev.csr")
--- a/python_device/src/main.py
+++ b/python_device/src/main.py
@ -1,6 +1,7 @@
 from src.args import args
 import src.api as api
 import src.pki as pki
+import src.utils as utils
 import os

 print("Check storage")
@ -28,8 +29,17 @@ if not os.path.isfile(args.root_ca_path):
        f.write(origin)

 print("Check private key")
-if not os.path.isfile(args.dev_priv_key):
+if not os.path.isfile(args.dev_priv_key_path):
    print("Generate private key...")
    key = pki.gen_priv_key()
-    with open(args.dev_priv_key, "w") as f:
+    with open(args.dev_priv_key_path, "w") as f:
        f.write(key)
+
+print("Check CSR")
+if not os.path.isfile(args.dev_csr_path):
+    print("Generate CSR...")
+    with open(args.dev_priv_key_path, "r") as f:
+        priv_key = "".join(f.readlines())
+    csr = pki.gen_csr(priv_key=priv_key, cn=f"PyDev {utils.rand_str(10)}")
+    with open(args.dev_csr_path, "w") as f:
+        f.write(csr)
--- a/python_device/src/pki.py
+++ b/python_device/src/pki.py
@ -4,3 +4,16 @@ def gen_priv_key():
    key = crypto.PKey()
    key.generate_key(crypto.TYPE_RSA, 2048)
    return crypto.dump_privatekey(crypto.FILETYPE_PEM, key).decode("utf-8")
+
+def parse_priv_key(priv_key: str) -> crypto.PKey:
+    return crypto.load_privatekey(crypto.FILETYPE_PEM, priv_key)
+
+def gen_csr(priv_key: str, cn: str) -> str:
+    priv_key = parse_priv_key(priv_key)
+
+    req = crypto.X509Req()
+    req.get_subject().CN = cn
+    req.set_pubkey(priv_key)
+    req.sign(priv_key, "sha256")
+    
+    return crypto.dump_certificate_request(crypto.FILETYPE_PEM, req).decode("utf-8")
--- a/python_device/src/utils.py
+++ b/python_device/src/utils.py
@ -0,0 +1,5 @@
+import string
+import random
+
+def rand_str(len: int) -> str:
+    return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(len))