makedemocerts.py
3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/env python
#
# Copyright (c) ZeroC, Inc. All rights reserved.
#
import os, sys, socket, getopt
try:
import IceCertUtils
except Exception as ex:
print("couldn't load IceCertUtils, did you install the `zeroc-icecertutils'\n"
"package from the Python package repository?\nerror: " + str(ex))
sys.exit(1)
def usage():
print("Usage: " + sys.argv[0] + " [options]")
print("")
print("Options:")
print("-h Show this message.")
print("-d | --debug Debugging output.")
print("--ip <ip> The IP address for the server certificate.")
print("--dns <dns> The DNS name for the server certificate.")
print("--use-dns Use the DNS name for the server certificate common")
print(" name (default is to use the IP address)." )
sys.exit(1)
#
# Check arguments
#
debug = False
ip = None
dns = None
usedns = False
impl = ""
try:
opts, args = getopt.getopt(sys.argv[1:], "hd", ["help", "debug", "ip=", "dns=","use-dns","impl="])
except getopt.GetoptError as e:
print("Error %s " % e)
usage()
sys.exit(1)
for (o, a) in opts:
if o == "-h" or o == "--help":
usage()
sys.exit(0)
elif o == "-d" or o == "--debug":
debug = True
elif o == "--ip":
ip = a
elif o == "--dns":
dns = a
elif o == "--use-dns":
usedns = True
elif o == "--impl":
impl = a
def request(question, newvalue, value):
while True:
sys.stdout.write(question)
sys.stdout.flush()
input = sys.stdin.readline().strip()
if input == 'n':
sys.stdout.write(newvalue)
sys.stdout.flush()
return sys.stdin.readline().strip()
else:
return value
#
# Change to the directory where the certs files are stored
#
os.chdir(os.path.dirname(os.path.abspath(__file__)))
if not ip:
try:
ip = socket.gethostbyname(socket.gethostname())
except:
ip = "127.0.0.1"
ip = request("The IP address used for the server certificate will be: " + ip + "\n"
"Do you want to keep this IP address? (y/n) [y]", "IP : ", ip)
if not dns:
dns = "localhost"
dns = request("The DNS name used for the server certificate will be: " + dns + "\n"
"Do you want to keep this DNS name? (y/n) [y]", "DNS : ", dns)
CertificateFactory = vars(IceCertUtils)[impl + "CertificateFactory"]
factory = CertificateFactory(debug=debug, cn="Ice Demos CA")
#
# CA certificate
#
factory.getCA().save("cacert.pem").save("cacert.der")
# Client certificate
client = factory.create("client")
client.save("client.p12")
# Server certificate
server = factory.create("server", cn = (dns if usedns else ip), ip=ip, dns=dns)
server.save("server.p12")
try:
factory.getCA().save("cacert.pem").save("cacert.jks") # Used by the Database/library demo
server.save("server.jks", caalias="cacert")
client.save("client.jks", caalias="cacert")
# Don't try to generate the BKS if the JKS generation fails
try:
server.save("server.bks", caalias="cacert")
client.save("client.bks", caalias="cacert")
except Exception as ex:
for f in ["server.bks", "client.bks"]:
if os.path.exists(f): os.remove(f)
print("warning: couldn't generate BKS certificates for Android applications:\n" + str(ex))
print("Please fix this issue if you want to run the Android demos.")
except Exception as ex:
for f in ["server.jks", "client.jks"]:
if os.path.exists(f): os.remove(f)
print("warning: couldn't generate JKS certificates for Java applications:\n" + str(ex))
print("Please fix this issue if you want to run the Java demos.")
factory.destroy()