Blame - dpp-ca.py - platform/vendor/qcom-opensource/wlan/utils/sigma-dut

blob: 7ce6ec807421a2b4c7a1ee93cdc340f230d5bec9 [file] [log] [blame]

Jouni Malinen	9541ee8	2020-06-22 21:46:31 +0300	[diff] [blame]	1	#!/usr/bin/env python3
				2	#
				3	# Sigma Control API DUT (DPP CA)
				4	# Copyright (c) 2020, The Linux Foundation
				5	# All Rights Reserved.
				6	# Licensed under the Clear BSD license. See README for more details.
				7
				8	import base64
				9	import OpenSSL
				10	import os
				11	import subprocess
				12	import sys
				13
				14	def dpp_sign_cert(cacert, cakey, csr_der):
				15	csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_ASN1,
				16	csr_der)
				17	cert = OpenSSL.crypto.X509()
				18	cert.set_serial_number(12345)
				19	cert.gmtime_adj_notBefore(-10)
				20	cert.gmtime_adj_notAfter(100000)
				21	cert.set_pubkey(csr.get_pubkey())
				22	dn = csr.get_subject()
				23	cert.set_subject(dn)
				24	cert.set_version(2)
				25	cert.add_extensions([
				26	OpenSSL.crypto.X509Extension(b"basicConstraints", True,
				27	b"CA:FALSE"),
				28	OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False,
				29	b"hash", subject=cert),
				30	OpenSSL.crypto.X509Extension(b"authorityKeyIdentifier", False,
				31	b"keyid:always", issuer=cacert),
				32	])
				33	cert.set_issuer(cacert.get_subject())
				34	cert.sign(cakey, "sha256")
				35	return cert
				36
				37	def main():
				38	if len(sys.argv) < 2:
				39	print("No certificate directory path provided")
				40	sys.exit(-1)
				41
				42	cert_dir = sys.argv[1]
				43	cacert_file = os.path.join(cert_dir, "dpp-ca.pem")
				44	cakey_file = os.path.join(cert_dir, "dpp-ca.key")
				45	csr_file = os.path.join(cert_dir, "dpp-ca-csr")
				46	cert_file = os.path.join(cert_dir, "dpp-ca-cert")
				47	pkcs7_file = os.path.join(cert_dir, "dpp-ca-pkcs7")
				48	certbag_file = os.path.join(cert_dir, "dpp-ca-certbag")
				49
				50	with open(cacert_file, "rb") as f:
				51	res = f.read()
				52	cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
				53	res)
				54
				55	with open(cakey_file, "rb") as f:
				56	res = f.read()
				57	cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res)
				58
				59	if not os.path.exists(csr_file):
				60	print("No CSR file: %s" % csr_file)
				61	sys.exit(-1)
				62
				63	with open(csr_file) as f:
				64	csr_b64 = f.read()
				65
				66	csr = base64.b64decode(csr_b64)
				67	if not csr:
				68	print("Could not base64 decode CSR")
				69	sys.exit(-1)
				70
				71	cert = dpp_sign_cert(cacert, cakey, csr)
				72	with open(cert_file, 'wb') as f:
				73	f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
				74	cert))
				75
				76	subprocess.check_call(['openssl', 'crl2pkcs7', '-nocrl',
				77	'-certfile', cert_file,
				78	'-certfile', cacert_file,
				79	'-outform', 'DER', '-out', pkcs7_file])
				80
				81	with open(pkcs7_file, 'rb') as f:
				82	pkcs7_der = f.read()
				83	certbag = base64.b64encode(pkcs7_der)
				84	with open(certbag_file, 'wb') as f:
				85	f.write(certbag)
				86
				87	if __name__ == "__main__":
				88	main()