#!/usr/bin/env python
|
|
# **********************************************************************
|
|
#
|
|
# Copyright (c) 2003-2018 ZeroC, Inc. All rights reserved.
|
|
#
|
|
# **********************************************************************
|
|
|
|
import os, sys, socket, getopt
|
|
|
|
try:
|
|
import IceCertUtils
|
|
except Exception as ex:
|
|
print("couldn't load IceCertUtils, did you install the `zeroc-icecertutils'\n"
|
|
"package from the Python package repository?\nerror: " + str(ex))
|
|
sys.exit(1)
|
|
|
|
def usage():
|
|
print("Usage: " + sys.argv[0] + " [options]")
|
|
print("")
|
|
print("Options:")
|
|
print("-h Show this message.")
|
|
print("-d | --debug Debugging output.")
|
|
print("--ip <ip> The IP address for the server certificate.")
|
|
print("--dns <dns> The DNS name for the server certificate.")
|
|
print("--use-dns Use the DNS name for the server certificate common")
|
|
print(" name (default is to use the IP address)." )
|
|
sys.exit(1)
|
|
|
|
#
|
|
# Check arguments
|
|
#
|
|
debug = False
|
|
ip = None
|
|
dns = None
|
|
usedns = False
|
|
impl = ""
|
|
try:
|
|
opts, args = getopt.getopt(sys.argv[1:], "hd", ["help", "debug", "ip=", "dns=","use-dns","impl="])
|
|
except getopt.GetoptError as e:
|
|
print("Error %s " % e)
|
|
usage()
|
|
sys.exit(1)
|
|
|
|
for (o, a) in opts:
|
|
if o == "-h" or o == "--help":
|
|
usage()
|
|
sys.exit(0)
|
|
elif o == "-d" or o == "--debug":
|
|
debug = True
|
|
elif o == "--ip":
|
|
ip = a
|
|
elif o == "--dns":
|
|
dns = a
|
|
elif o == "--use-dns":
|
|
usedns = True
|
|
elif o == "--impl":
|
|
impl = a
|
|
|
|
def request(question, newvalue, value):
|
|
while True:
|
|
sys.stdout.write(question)
|
|
sys.stdout.flush()
|
|
input = sys.stdin.readline().strip()
|
|
if input == 'n':
|
|
sys.stdout.write(newvalue)
|
|
sys.stdout.flush()
|
|
return sys.stdin.readline().strip()
|
|
else:
|
|
return value
|
|
|
|
#
|
|
# Change to the directory where the certs files are stored
|
|
#
|
|
os.chdir(os.path.dirname(os.path.abspath(__file__)))
|
|
|
|
if not ip:
|
|
try:
|
|
ip = socket.gethostbyname(socket.gethostname())
|
|
except:
|
|
ip = "127.0.0.1"
|
|
ip = request("The IP address used for the server certificate will be: " + ip + "\n"
|
|
"Do you want to keep this IP address? (y/n) [y]", "IP : ", ip)
|
|
|
|
if not dns:
|
|
dns = "localhost"
|
|
dns = request("The DNS name used for the server certificate will be: " + dns + "\n"
|
|
"Do you want to keep this DNS name? (y/n) [y]", "DNS : ", dns)
|
|
|
|
CertificateFactory = vars(IceCertUtils)[impl + "CertificateFactory"]
|
|
factory = CertificateFactory(debug=debug, cn="Ice Demos CA")
|
|
|
|
#
|
|
# CA certificate
|
|
#
|
|
factory.getCA().save("cacert.pem").save("cacert.der")
|
|
|
|
# Client certificate
|
|
client = factory.create("client")
|
|
client.save("client.p12")
|
|
|
|
# Server certificate
|
|
server = factory.create("server", cn = (dns if usedns else ip), ip=ip, dns=dns)
|
|
server.save("server.p12")
|
|
|
|
try:
|
|
factory.getCA().save("cacert.pem").save("cacert.jks") # Used by the Database/library demo
|
|
server.save("server.jks", caalias="cacert")
|
|
client.save("client.jks", caalias="cacert")
|
|
|
|
# Don't try to generate the BKS if the JKS generation fails
|
|
try:
|
|
server.save("server.bks", caalias="cacert")
|
|
client.save("client.bks", caalias="cacert")
|
|
except Exception as ex:
|
|
for f in ["server.bks", "client.bks"]:
|
|
if os.path.exists(f): os.remove(f)
|
|
print("warning: couldn't generate BKS certificates for Android applications:\n" + str(ex))
|
|
print("Please fix this issue if you want to run the Android demos.")
|
|
|
|
except Exception as ex:
|
|
for f in ["server.jks", "client.jks"]:
|
|
if os.path.exists(f): os.remove(f)
|
|
print("warning: couldn't generate JKS certificates for Java applications:\n" + str(ex))
|
|
print("Please fix this issue if you want to run the Java demos.")
|
|
|
|
factory.destroy()
|