diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-11-14 21:32:08 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-11-14 21:32:08 +0100 |
| commit | 430d2d0a1ff89ef6dbbab85bf55956c678acfebf (patch) | |
| tree | 2d386d48f09a569f7bb3d1d9b301a1304473d6ca /tools | |
| parent | 095b317ac6e9a30efec827f066ba9f34054fe0b8 (diff) | |
| download | nixos-430d2d0a1ff89ef6dbbab85bf55956c678acfebf.tar nixos-430d2d0a1ff89ef6dbbab85bf55956c678acfebf.tar.gz nixos-430d2d0a1ff89ef6dbbab85bf55956c678acfebf.tar.bz2 nixos-430d2d0a1ff89ef6dbbab85bf55956c678acfebf.tar.xz nixos-430d2d0a1ff89ef6dbbab85bf55956c678acfebf.zip | |
ca: temporary p12 output files
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/ca/ca/__main__.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/tools/ca/ca/__main__.py b/tools/ca/ca/__main__.py index b89d91ff..6615da55 100644 --- a/tools/ca/ca/__main__.py +++ b/tools/ca/ca/__main__.py | |||
| @@ -27,7 +27,7 @@ from math import ceil, ldexp | |||
| 27 | import re | 27 | import re |
| 28 | from getpass import getpass | 28 | from getpass import getpass |
| 29 | from itertools import count | 29 | from itertools import count |
| 30 | from tempfile import TemporaryFile | 30 | from tempfile import TemporaryFile, mkstemp |
| 31 | import subprocess | 31 | import subprocess |
| 32 | import json | 32 | import json |
| 33 | from leapseconddata import LeapSecondData | 33 | from leapseconddata import LeapSecondData |
| @@ -469,12 +469,16 @@ def new_client(ca_cert, ca_key, key_type, clock_skew, validity, subject, alterna | |||
| 469 | ).public_bytes(serialization.Encoding.PEM) | 469 | ).public_bytes(serialization.Encoding.PEM) |
| 470 | ) | 470 | ) |
| 471 | 471 | ||
| 472 | def to_pkcs12(random_password, random_password_length, weak_encryption, filename, output): | 472 | def to_pkcs12(random_password, random_password_length, weak_encryption, filename, temporary_output, output): |
| 473 | key_file = filename.with_suffix('.key') | 473 | key_file = filename.with_suffix('.key') |
| 474 | cert_file = filename.with_suffix('.crt') | 474 | cert_file = filename.with_suffix('.crt') |
| 475 | 475 | ||
| 476 | output_handle = None | ||
| 476 | if not output: | 477 | if not output: |
| 477 | output = filename.with_suffix('.p12') | 478 | if not temporary_output: |
| 479 | output = filename.with_suffix('.p12') | ||
| 480 | else: | ||
| 481 | output_handle, output = mkstemp(suffix='.p12', prefix=filename.stem + '.') | ||
| 478 | 482 | ||
| 479 | key = load_key(key_file) | 483 | key = load_key(key_file) |
| 480 | logger.info('Successfully loaded privkey from ‘%s’', key_file) | 484 | logger.info('Successfully loaded privkey from ‘%s’', key_file) |
| @@ -483,7 +487,7 @@ def to_pkcs12(random_password, random_password_length, weak_encryption, filename | |||
| 483 | cert = x509.load_pem_x509_certificate(fh.read()) | 487 | cert = x509.load_pem_x509_certificate(fh.read()) |
| 484 | logger.info('Successfully loaded certificate from ‘%s’', cert_file) | 488 | logger.info('Successfully loaded certificate from ‘%s’', cert_file) |
| 485 | 489 | ||
| 486 | with umask(0o0177), atomic_write(output, overwrite=False, mode='wb') as fh: | 490 | with umask(0o0177), atomic_write(output, overwrite=False, mode='wb') if not output_handle else os.fdopen(output_handle, mode='wb') as fh: |
| 487 | logger.info('Writing to ‘%s’...', output) | 491 | logger.info('Writing to ‘%s’...', output) |
| 488 | common_name_attrs = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) | 492 | common_name_attrs = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) |
| 489 | if len(common_name_attrs) != 1: | 493 | if len(common_name_attrs) != 1: |
| @@ -525,6 +529,9 @@ def to_pkcs12(random_password, random_password_length, weak_encryption, filename | |||
| 525 | logger.debug('Adjusting permissions for ‘%s’...', output) | 529 | logger.debug('Adjusting permissions for ‘%s’...', output) |
| 526 | os.chmod(output, 0o0400) | 530 | os.chmod(output, 0o0400) |
| 527 | 531 | ||
| 532 | if temporary_output: | ||
| 533 | print(f'Temporary output file: {output}', file=sys.stderr) | ||
| 534 | |||
| 528 | 535 | ||
| 529 | def main(): | 536 | def main(): |
| 530 | global logger | 537 | global logger |
| @@ -591,6 +598,7 @@ def main(): | |||
| 591 | subparser.add_argument('--random-password', '--no-random-password', action=BooleanAction, default=True) | 598 | subparser.add_argument('--random-password', '--no-random-password', action=BooleanAction, default=True) |
| 592 | subparser.add_argument('--random-password-length', type=int, default=12) | 599 | subparser.add_argument('--random-password-length', type=int, default=12) |
| 593 | subparser.add_argument('--weak-encryption', '--no-weak-encryption', action=BooleanAction, default=False) | 600 | subparser.add_argument('--weak-encryption', '--no-weak-encryption', action=BooleanAction, default=False) |
| 601 | subparser.add_argument('--temporary-output', '--no-temporary-output', action=BooleanAction, default=True) | ||
| 594 | subparser.add_argument('--output', type=Path) | 602 | subparser.add_argument('--output', type=Path) |
| 595 | subparser.add_argument('filename', metavar='BASENAME', type=Path) | 603 | subparser.add_argument('filename', metavar='BASENAME', type=Path) |
| 596 | subparser.set_defaults(cmd=to_pkcs12) | 604 | subparser.set_defaults(cmd=to_pkcs12) |