2018-01-20 17:17:02 +01:00
|
|
|
from OpenSSL import crypto
|
|
|
|
from datetime import datetime
|
|
|
|
import pytz
|
|
|
|
import os
|
|
|
|
CRYPT_PATH = os.path.abspath(os.path.dirname(os.path.realpath(__file__)) + "/../../")
|
|
|
|
CERT_FILE = CRYPT_PATH + "/saml_cert.crt"
|
|
|
|
KEY_FILE = CRYPT_PATH + "/saml_cert.key"
|
|
|
|
|
|
|
|
|
|
|
|
def check_certificate():
|
|
|
|
if not os.path.isfile(CERT_FILE):
|
|
|
|
return False
|
|
|
|
st_cert = open(CERT_FILE, 'rt').read()
|
|
|
|
cert = crypto.load_certificate(crypto.FILETYPE_PEM, st_cert)
|
|
|
|
now = datetime.now(pytz.utc)
|
|
|
|
begin = datetime.strptime(cert.get_notBefore(), "%Y%m%d%H%M%SZ").replace(tzinfo=pytz.UTC)
|
|
|
|
begin_ok = begin < now
|
|
|
|
end = datetime.strptime(cert.get_notAfter(), "%Y%m%d%H%M%SZ").replace(tzinfo=pytz.UTC)
|
|
|
|
end_ok = end > now
|
|
|
|
if begin_ok and end_ok:
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
def create_self_signed_cert():
|
|
|
|
|
|
|
|
# create a key pair
|
|
|
|
k = crypto.PKey()
|
|
|
|
k.generate_key(crypto.TYPE_RSA, 2048)
|
|
|
|
|
|
|
|
# create a self-signed cert
|
|
|
|
cert = crypto.X509()
|
|
|
|
cert.get_subject().C = "DE"
|
|
|
|
cert.get_subject().ST = "NRW"
|
|
|
|
cert.get_subject().L = "Dortmund"
|
|
|
|
cert.get_subject().O = "Dummy Company Ltd"
|
|
|
|
cert.get_subject().OU = "Dummy Company Ltd"
|
|
|
|
cert.get_subject().CN = "PowerDNS-Admin"
|
|
|
|
cert.set_serial_number(1000)
|
|
|
|
cert.gmtime_adj_notBefore(0)
|
|
|
|
cert.gmtime_adj_notAfter(10*365*24*60*60)
|
|
|
|
cert.set_issuer(cert.get_subject())
|
|
|
|
cert.set_pubkey(k)
|
|
|
|
cert.sign(k, 'sha256')
|
|
|
|
|
2019-12-19 00:40:25 +01:00
|
|
|
open(CERT_FILE, "bw").write(
|
2018-01-20 17:17:02 +01:00
|
|
|
crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
|
2019-12-19 00:40:25 +01:00
|
|
|
open(KEY_FILE, "bw").write(
|
2018-01-20 17:17:02 +01:00
|
|
|
crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
|