Spaces:
Running
Running
Update privcsr.py
Browse files- privcsr.py +81 -81
privcsr.py
CHANGED
|
@@ -1,82 +1,82 @@
|
|
| 1 |
-
from cryptography.hazmat.primitives import serialization, hashes
|
| 2 |
-
from cryptography import x509
|
| 3 |
-
from cryptography.hazmat.primitives.asymmetric import ec, rsa
|
| 4 |
-
from cryptography.hazmat.backends import default_backend
|
| 5 |
-
from cryptography.x509.oid import NameOID
|
| 6 |
-
from typing import List, Tuple
|
| 7 |
-
|
| 8 |
-
def gen_pvt(key_type: str, key_size: int = None, key_curve: str = None) -> bytes:
|
| 9 |
-
if key_type.lower() == "
|
| 10 |
-
if key_curve == 'SECP256R1' or key_curve == 'ec256':
|
| 11 |
-
key = ec.generate_private_key(ec.SECP256R1(), default_backend())
|
| 12 |
-
elif key_curve == 'SECP384R1' or key_curve == 'ec384':
|
| 13 |
-
key = ec.generate_private_key(ec.SECP384R1(), default_backend())
|
| 14 |
-
else:
|
| 15 |
-
key = ec.generate_private_key(ec.SECP256R1(), default_backend())
|
| 16 |
-
private_key = key.private_bytes(
|
| 17 |
-
encoding=serialization.Encoding.PEM,
|
| 18 |
-
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
| 19 |
-
encryption_algorithm=serialization.NoEncryption()
|
| 20 |
-
)
|
| 21 |
-
elif key_type.lower() == "rsa":
|
| 22 |
-
if key_size not in [2048, 4096]:
|
| 23 |
-
key_size = 4096
|
| 24 |
-
key = rsa.generate_private_key(
|
| 25 |
-
public_exponent=65537,
|
| 26 |
-
key_size=key_size,
|
| 27 |
-
backend=default_backend()
|
| 28 |
-
)
|
| 29 |
-
private_key = key.private_bytes(
|
| 30 |
-
encoding=serialization.Encoding.PEM,
|
| 31 |
-
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
| 32 |
-
encryption_algorithm=serialization.NoEncryption()
|
| 33 |
-
)
|
| 34 |
-
else:
|
| 35 |
-
raise ValueError("Unsupported key type or parameters")
|
| 36 |
-
return private_key
|
| 37 |
-
|
| 38 |
-
def gen_csr(private_key: bytes, domains: List[str], email: str, common_name: str = None, country: str = None,
|
| 39 |
-
state: str = None, locality: str = None, organization: str = None, organization_unit: str = None) -> bytes:
|
| 40 |
-
|
| 41 |
-
ssl_domains = [x509.DNSName(domain.strip()) for domain in domains]
|
| 42 |
-
private_key_obj = serialization.load_pem_private_key(private_key, password=None, backend=default_backend())
|
| 43 |
-
try:
|
| 44 |
-
if email.split("@")[1] in ["demo.com", "example.com"] or email.count("@") > 1 or email.count(".") < 1 or email is None:
|
| 45 |
-
print("Invalid email address")
|
| 46 |
-
email = f"admin@{domains[0]}"
|
| 47 |
-
except Exception as e:
|
| 48 |
-
print(f"Error in email address: {e}")
|
| 49 |
-
email = f"admin@{domains[0]}"
|
| 50 |
-
country: str = country or "IN"
|
| 51 |
-
state: str = state or "Maharashtra"
|
| 52 |
-
locality: str = locality or "Mumbai"
|
| 53 |
-
organization_unit: str = organization_unit or "IT Department"
|
| 54 |
-
common_name: str = common_name or domains[0]
|
| 55 |
-
organization: str = organization or common_name.split(".")[0]
|
| 56 |
-
subject = x509.Name([
|
| 57 |
-
x509.NameAttribute(NameOID.COUNTRY_NAME, country),
|
| 58 |
-
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
|
| 59 |
-
x509.NameAttribute(NameOID.LOCALITY_NAME, locality),
|
| 60 |
-
x509.NameAttribute(NameOID.EMAIL_ADDRESS, email),
|
| 61 |
-
x509.NameAttribute(NameOID.ORGANIZATION_NAME, organization),
|
| 62 |
-
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, organization_unit),
|
| 63 |
-
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
|
| 64 |
-
])
|
| 65 |
-
builder = x509.CertificateSigningRequestBuilder()
|
| 66 |
-
builder = builder.subject_name(subject)
|
| 67 |
-
builder = builder.add_extension(
|
| 68 |
-
x509.SubjectAlternativeName(ssl_domains),
|
| 69 |
-
critical=False,
|
| 70 |
-
)
|
| 71 |
-
csr = builder.sign(private_key_obj, hashes.SHA256(), default_backend())
|
| 72 |
-
return csr.public_bytes(serialization.Encoding.PEM)
|
| 73 |
-
|
| 74 |
-
def gen_pvt_csr(domains: List[str], email: str, key_type: str, key_size: int = None, key_curve: str = None,
|
| 75 |
-
common_name: str = None, country: str = None, state: str = None, locality: str = None,
|
| 76 |
-
organization: str = None, organization_unit: str = None) -> Tuple[bytes, bytes]:
|
| 77 |
-
if key_type.lower() == "rsa":
|
| 78 |
-
private_key = gen_pvt(key_type, key_size)
|
| 79 |
-
else:
|
| 80 |
-
private_key = gen_pvt(key_type, key_curve)
|
| 81 |
-
csr = gen_csr(private_key, domains, email, common_name, country, state, locality, organization, organization_unit)
|
| 82 |
return private_key, csr
|
|
|
|
| 1 |
+
from cryptography.hazmat.primitives import serialization, hashes
|
| 2 |
+
from cryptography import x509
|
| 3 |
+
from cryptography.hazmat.primitives.asymmetric import ec, rsa
|
| 4 |
+
from cryptography.hazmat.backends import default_backend
|
| 5 |
+
from cryptography.x509.oid import NameOID
|
| 6 |
+
from typing import List, Tuple
|
| 7 |
+
|
| 8 |
+
def gen_pvt(key_type: str, key_size: int = None, key_curve: str = None) -> bytes:
|
| 9 |
+
if key_type.lower() == "ecc":
|
| 10 |
+
if key_curve == 'SECP256R1' or key_curve == 'ec256':
|
| 11 |
+
key = ec.generate_private_key(ec.SECP256R1(), default_backend())
|
| 12 |
+
elif key_curve == 'SECP384R1' or key_curve == 'ec384':
|
| 13 |
+
key = ec.generate_private_key(ec.SECP384R1(), default_backend())
|
| 14 |
+
else:
|
| 15 |
+
key = ec.generate_private_key(ec.SECP256R1(), default_backend())
|
| 16 |
+
private_key = key.private_bytes(
|
| 17 |
+
encoding=serialization.Encoding.PEM,
|
| 18 |
+
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
| 19 |
+
encryption_algorithm=serialization.NoEncryption()
|
| 20 |
+
)
|
| 21 |
+
elif key_type.lower() == "rsa":
|
| 22 |
+
if key_size not in [2048, 4096]:
|
| 23 |
+
key_size = 4096
|
| 24 |
+
key = rsa.generate_private_key(
|
| 25 |
+
public_exponent=65537,
|
| 26 |
+
key_size=key_size,
|
| 27 |
+
backend=default_backend()
|
| 28 |
+
)
|
| 29 |
+
private_key = key.private_bytes(
|
| 30 |
+
encoding=serialization.Encoding.PEM,
|
| 31 |
+
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
| 32 |
+
encryption_algorithm=serialization.NoEncryption()
|
| 33 |
+
)
|
| 34 |
+
else:
|
| 35 |
+
raise ValueError("Unsupported key type or parameters")
|
| 36 |
+
return private_key
|
| 37 |
+
|
| 38 |
+
def gen_csr(private_key: bytes, domains: List[str], email: str, common_name: str = None, country: str = None,
|
| 39 |
+
state: str = None, locality: str = None, organization: str = None, organization_unit: str = None) -> bytes:
|
| 40 |
+
|
| 41 |
+
ssl_domains = [x509.DNSName(domain.strip()) for domain in domains]
|
| 42 |
+
private_key_obj = serialization.load_pem_private_key(private_key, password=None, backend=default_backend())
|
| 43 |
+
try:
|
| 44 |
+
if email.split("@")[1] in ["demo.com", "example.com"] or email.count("@") > 1 or email.count(".") < 1 or email is None:
|
| 45 |
+
print("Invalid email address")
|
| 46 |
+
email = f"admin@{domains[0]}"
|
| 47 |
+
except Exception as e:
|
| 48 |
+
print(f"Error in email address: {e}")
|
| 49 |
+
email = f"admin@{domains[0]}"
|
| 50 |
+
country: str = country or "IN"
|
| 51 |
+
state: str = state or "Maharashtra"
|
| 52 |
+
locality: str = locality or "Mumbai"
|
| 53 |
+
organization_unit: str = organization_unit or "IT Department"
|
| 54 |
+
common_name: str = common_name or domains[0]
|
| 55 |
+
organization: str = organization or common_name.split(".")[0]
|
| 56 |
+
subject = x509.Name([
|
| 57 |
+
x509.NameAttribute(NameOID.COUNTRY_NAME, country),
|
| 58 |
+
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
|
| 59 |
+
x509.NameAttribute(NameOID.LOCALITY_NAME, locality),
|
| 60 |
+
x509.NameAttribute(NameOID.EMAIL_ADDRESS, email),
|
| 61 |
+
x509.NameAttribute(NameOID.ORGANIZATION_NAME, organization),
|
| 62 |
+
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, organization_unit),
|
| 63 |
+
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
|
| 64 |
+
])
|
| 65 |
+
builder = x509.CertificateSigningRequestBuilder()
|
| 66 |
+
builder = builder.subject_name(subject)
|
| 67 |
+
builder = builder.add_extension(
|
| 68 |
+
x509.SubjectAlternativeName(ssl_domains),
|
| 69 |
+
critical=False,
|
| 70 |
+
)
|
| 71 |
+
csr = builder.sign(private_key_obj, hashes.SHA256(), default_backend())
|
| 72 |
+
return csr.public_bytes(serialization.Encoding.PEM)
|
| 73 |
+
|
| 74 |
+
def gen_pvt_csr(domains: List[str], email: str, key_type: str, key_size: int = None, key_curve: str = None,
|
| 75 |
+
common_name: str = None, country: str = None, state: str = None, locality: str = None,
|
| 76 |
+
organization: str = None, organization_unit: str = None) -> Tuple[bytes, bytes]:
|
| 77 |
+
if key_type.lower() == "rsa":
|
| 78 |
+
private_key = gen_pvt(key_type, key_size)
|
| 79 |
+
else:
|
| 80 |
+
private_key = gen_pvt(key_type, key_curve)
|
| 81 |
+
csr = gen_csr(private_key, domains, email, common_name, country, state, locality, organization, organization_unit)
|
| 82 |
return private_key, csr
|