xref: /wlan-dirver/utils/sigma-dut/dpp-ca.py (revision 9541ee876754c01f8bf1b2ec81d493e077d71c61) 
1#!/usr/bin/env python3
2#
3# Sigma Control API DUT (DPP CA)
4# Copyright (c) 2020, The Linux Foundation
5# All Rights Reserved.
6# Licensed under the Clear BSD license. See README for more details.
7
8import base64
9import OpenSSL
10import os
11import subprocess
12import sys
13
14def dpp_sign_cert(cacert, cakey, csr_der):
15    csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_ASN1,
16                                                  csr_der)
17    cert = OpenSSL.crypto.X509()
18    cert.set_serial_number(12345)
19    cert.gmtime_adj_notBefore(-10)
20    cert.gmtime_adj_notAfter(100000)
21    cert.set_pubkey(csr.get_pubkey())
22    dn = csr.get_subject()
23    cert.set_subject(dn)
24    cert.set_version(2)
25    cert.add_extensions([
26        OpenSSL.crypto.X509Extension(b"basicConstraints", True,
27                                     b"CA:FALSE"),
28        OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False,
29                                     b"hash", subject=cert),
30        OpenSSL.crypto.X509Extension(b"authorityKeyIdentifier", False,
31                                     b"keyid:always", issuer=cacert),
32    ])
33    cert.set_issuer(cacert.get_subject())
34    cert.sign(cakey, "sha256")
35    return cert
36
37def main():
38    if len(sys.argv) < 2:
39        print("No certificate directory path provided")
40        sys.exit(-1)
41
42    cert_dir = sys.argv[1]
43    cacert_file = os.path.join(cert_dir, "dpp-ca.pem")
44    cakey_file = os.path.join(cert_dir, "dpp-ca.key")
45    csr_file = os.path.join(cert_dir, "dpp-ca-csr")
46    cert_file = os.path.join(cert_dir, "dpp-ca-cert")
47    pkcs7_file = os.path.join(cert_dir, "dpp-ca-pkcs7")
48    certbag_file = os.path.join(cert_dir, "dpp-ca-certbag")
49
50    with open(cacert_file, "rb") as f:
51        res = f.read()
52        cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
53                                                 res)
54
55    with open(cakey_file, "rb") as f:
56        res = f.read()
57        cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res)
58
59    if not os.path.exists(csr_file):
60        print("No CSR file: %s" % csr_file)
61        sys.exit(-1)
62
63    with open(csr_file) as f:
64        csr_b64 = f.read()
65
66    csr = base64.b64decode(csr_b64)
67    if not csr:
68        print("Could not base64 decode CSR")
69        sys.exit(-1)
70
71    cert = dpp_sign_cert(cacert, cakey, csr)
72    with open(cert_file, 'wb') as f:
73        f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
74                                                cert))
75
76    subprocess.check_call(['openssl', 'crl2pkcs7', '-nocrl',
77                           '-certfile', cert_file,
78                           '-certfile', cacert_file,
79                           '-outform', 'DER', '-out', pkcs7_file])
80
81    with open(pkcs7_file, 'rb') as f:
82        pkcs7_der = f.read()
83        certbag = base64.b64encode(pkcs7_der)
84    with open(certbag_file, 'wb') as f:
85        f.write(certbag)
86
87if __name__ == "__main__":
88    main()
89