demos/opc_ua/scripts/createOPCUACredentials_Optional.py - a71ch-crypto-support - Git at Google

 #
 # Copyright 2019 NXP
 # SPDX-License-Identifier: Apache-2.0
 #
 #

 # Create Keys for OPC UA demo
 #
 # Preconditions
 # - Openssl installed
 #

 import os
 import sys
 import logging
 import re
 import subprocess

 def run(cmd_str, ignore_result=0, exp_retcode=0):
     print("Running command: %s" %cmd_str)
     pipes = subprocess.Popen(
         cmd_str,
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE,
         shell=True,
     )
     std_out, std_err = pipes.communicate()
     std_out = std_out.strip()
     std_err = std_err.strip()
     if not ignore_result:
         if pipes.returncode != exp_retcode:
             print("Command execution failed.")
         else:
             print("Command execution was successful.")
     assert pipes.returncode == exp_retcode


 cur_dir = os.path.abspath(os.path.dirname(__file__))

 if len(sys.argv) == 2:
     hostname = sys.argv[1]
     EXT_CNF = os.path.join(cur_dir, '..', 'credentials', 'extensions_new.cnf')
     f= open('%s' %EXT_CNF,"w+")
     f.write("basicConstraints=CA:TRUE \n")
     ip_address_match = re.match("^(\d{0,3})\.(\d{0,3})\.(\d{0,3})\.(\d{0,3})$", hostname)
     if ip_address_match:
         f.write("subjectAltName=URI:\"urn:open62541:%s\",IP:\"%s\"" % (hostname, hostname))
     else:
         f.write("subjectAltName=URI:\"urn:open62541:%s\",DNS:\"%s\"" % (hostname, hostname))
     f.close()
 else:
     EXT_CNF = os.path.join(cur_dir, '..', 'credentials', 'extensions.cnf')


 CA_KEY_LEN = 2048
 RSA_KEY_LEN = 2048
 ROOTCA_CERT_SUB = "/OU=NXP Plug Trust CA/CN=NXP RootCAvRxxx"
 CERT_VALIDITY = 4380  # 12 years

 ROOT_CA_KEY = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_key_pair.pem')
 ROOT_CA_CERT_CER = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_cert.cer')
 ROOT_CA_CERT_DER = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_cert.der')
 ROOT_CA_CERT_SRL = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_cert.srl')

 SERVER_KEY = os.path.join(cur_dir, '..', 'credentials', 'open62541_server_key_pair.pem')
 SERVER_CERT_CER = os.path.join(cur_dir, '..', 'credentials', 'open62541_server_cert.cer')
 SERVER_CERT_DER = os.path.join(cur_dir, '..', 'credentials', 'open62541_server_cert.der')
 SERVER_CERT_CSR = os.path.join(cur_dir, '..', 'credentials', 'open62541_server.csr')
 SERVER_CERT_SUB = "/CN=NXP_SE050_OPEN62541_SERVER"

 CLIENT_KEY = os.path.join(cur_dir, '..', 'credentials', 'open62541_client_key_pair.pem')
 CLIENT_CERT_CER = os.path.join(cur_dir, '..', 'credentials', 'open62541_client_cert.cer')
 CLIENT_CERT_DER = os.path.join(cur_dir, '..', 'credentials', 'open62541_client_cert.der')
 CLIENT_CERT_CSR = os.path.join(cur_dir, '..', 'credentials', 'open62541_client.csr')
 CLIENT_CERT_SUB = "/CN=NXP_SE050_OPEN62541_CLIENT"

 CLIENT_CONF = os.path.join(cur_dir, '..', 'credentials', 'client.conf')


 if sys.platform.startswith("win"):
     openssl = os.path.join(cur_dir, '..', '..', '..', 'ext', 'openssl', 'bin', 'openssl.exe')
     openssl_config_file = os.path.join(cur_dir, '..', '..', '..', 'ext', 'openssl', 'ssl', 'openssl.cnf')
     os.environ['OPENSSL_CONF'] = openssl_config_file
 else:
     openssl = 'openssl'

 # Create root CA key pair
 cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, ROOT_CA_KEY, CA_KEY_LEN)
 run(cmd_str)

 #Create rootCA certificate
 cmd_str = "\"%s\" req -x509 -new -nodes -key \"%s\" -subj \"%s\" -days \"%s\" -out \"%s\"" % (openssl, ROOT_CA_KEY, ROOTCA_CERT_SUB, CERT_VALIDITY, ROOT_CA_CERT_CER)
 run(cmd_str)

 # Create server key pair
 cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, SERVER_KEY, RSA_KEY_LEN)
 run(cmd_str)

 # Create certificate signing request for server
 cmd_str = "\"%s\" req -new -key \"%s\" -subj \"%s\" -out \"%s\" " % (openssl, SERVER_KEY, SERVER_CERT_SUB, SERVER_CERT_CSR)
 run(cmd_str)

 # Sign and create server certificate
 cmd_str = "\"%s\" x509 -req -extfile \"%s\" -sha256 -days \"%s\" -in \"%s\" -CAcreateserial -CA \"%s\" -CAkey \"%s\" -out \"%s\" " % (openssl, EXT_CNF, CERT_VALIDITY, SERVER_CERT_CSR, ROOT_CA_CERT_CER, ROOT_CA_KEY, SERVER_CERT_CER)
 run(cmd_str)

 # Convert root ca certificate to DER format
 cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, ROOT_CA_CERT_CER, ROOT_CA_CERT_DER)
 run(cmd_str)

 # Convert server certificate to DER format
 cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, SERVER_CERT_CER, SERVER_CERT_DER)
 run(cmd_str)


 # create client certificate (CA signed)

 # Create client key pair
 #cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, CLIENT_KEY, RSA_KEY_LEN)
 #run(cmd_str)

 # Create certificate signing request for client
 #cmd_str = "\"%s\" req -new -key \"%s\" -subj \"%s\" -out \"%s\" " % (openssl, CLIENT_KEY, CLIENT_CERT_SUB, CLIENT_CERT_CSR)
 #run(cmd_str)

 # Sign and create client certificate
 #cmd_str = "\"%s\" x509 -req -extfile \"%s\" -sha256 -days \"%s\" -in \"%s\" -CAcreateserial -CA \"%s\" -CAkey \"%s\" -out \"%s\" " % (openssl, CLIENT_EXT_CNF, CERT_VALIDITY, CLIENT_CERT_CSR, ROOT_CA_CERT_CER, ROOT_CA_KEY, CLIENT_CERT_CER)
 #run(cmd_str)

 # Convert client certificate to DER format
 #cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, CLIENT_CERT_CER, CLIENT_CERT_DER)
 #run(cmd_str)


 # create client certificate (self signed)
 cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, CLIENT_KEY, RSA_KEY_LEN)
 run(cmd_str)

 #Create rootCA certificate
 cmd_str = "\"%s\" req -x509 -new -nodes -key \"%s\" -subj \"%s\" -days \"%s\" -out \"%s\" -config \"%s\" " % (openssl, CLIENT_KEY, CLIENT_CERT_SUB, CERT_VALIDITY, CLIENT_CERT_CER, CLIENT_CONF)
 run(cmd_str)

 # Convert client certificate to DER format
 cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, CLIENT_CERT_CER, CLIENT_CERT_DER)
 run(cmd_str)


 #os.remove('.rnd')
 os.remove(SERVER_CERT_CSR)
 os.remove(SERVER_CERT_CER)
 #os.remove(CLIENT_CERT_CSR)
 os.remove(CLIENT_CERT_CER)
 os.remove(ROOT_CA_CERT_CER)
 #os.remove(ROOT_CA_CERT_SRL)
 if len(sys.argv) == 2:
     os.remove(EXT_CNF)

 print("##############################################################")
 print("#                                                            #")
 print("#     Program Completed Successfully                         #")
 print("#                                                            #")
 print("##############################################################")
	#
	# Copyright 2019 NXP
	# SPDX-License-Identifier: Apache-2.0
	#
	#

	# Create Keys for OPC UA demo
	#
	# Preconditions
	# - Openssl installed
	#

	import os
	import sys
	import logging
	import re
	import subprocess

	def run(cmd_str, ignore_result=0, exp_retcode=0):
	print("Running command: %s" %cmd_str)
	pipes = subprocess.Popen(
	cmd_str,
	stdout=subprocess.PIPE,
	stderr=subprocess.PIPE,
	shell=True,
	)
	std_out, std_err = pipes.communicate()
	std_out = std_out.strip()
	std_err = std_err.strip()
	if not ignore_result:
	if pipes.returncode != exp_retcode:
	print("Command execution failed.")
	else:
	print("Command execution was successful.")
	assert pipes.returncode == exp_retcode


	cur_dir = os.path.abspath(os.path.dirname(__file__))

	if len(sys.argv) == 2:
	hostname = sys.argv[1]
	EXT_CNF = os.path.join(cur_dir, '..', 'credentials', 'extensions_new.cnf')
	f= open('%s' %EXT_CNF,"w+")
	f.write("basicConstraints=CA:TRUE \n")
	ip_address_match = re.match("^(\d{0,3})\.(\d{0,3})\.(\d{0,3})\.(\d{0,3})$", hostname)
	if ip_address_match:
	f.write("subjectAltName=URI:\"urn:open62541:%s\",IP:\"%s\"" % (hostname, hostname))
	else:
	f.write("subjectAltName=URI:\"urn:open62541:%s\",DNS:\"%s\"" % (hostname, hostname))
	f.close()
	else:
	EXT_CNF = os.path.join(cur_dir, '..', 'credentials', 'extensions.cnf')


	CA_KEY_LEN = 2048
	RSA_KEY_LEN = 2048
	ROOTCA_CERT_SUB = "/OU=NXP Plug Trust CA/CN=NXP RootCAvRxxx"
	CERT_VALIDITY = 4380 # 12 years

	ROOT_CA_KEY = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_key_pair.pem')
	ROOT_CA_CERT_CER = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_cert.cer')
	ROOT_CA_CERT_DER = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_cert.der')
	ROOT_CA_CERT_SRL = os.path.join(cur_dir, '..', 'credentials', 'open62541_rootCA_cert.srl')

	SERVER_KEY = os.path.join(cur_dir, '..', 'credentials', 'open62541_server_key_pair.pem')
	SERVER_CERT_CER = os.path.join(cur_dir, '..', 'credentials', 'open62541_server_cert.cer')
	SERVER_CERT_DER = os.path.join(cur_dir, '..', 'credentials', 'open62541_server_cert.der')
	SERVER_CERT_CSR = os.path.join(cur_dir, '..', 'credentials', 'open62541_server.csr')
	SERVER_CERT_SUB = "/CN=NXP_SE050_OPEN62541_SERVER"

	CLIENT_KEY = os.path.join(cur_dir, '..', 'credentials', 'open62541_client_key_pair.pem')
	CLIENT_CERT_CER = os.path.join(cur_dir, '..', 'credentials', 'open62541_client_cert.cer')
	CLIENT_CERT_DER = os.path.join(cur_dir, '..', 'credentials', 'open62541_client_cert.der')
	CLIENT_CERT_CSR = os.path.join(cur_dir, '..', 'credentials', 'open62541_client.csr')
	CLIENT_CERT_SUB = "/CN=NXP_SE050_OPEN62541_CLIENT"

	CLIENT_CONF = os.path.join(cur_dir, '..', 'credentials', 'client.conf')


	if sys.platform.startswith("win"):
	openssl = os.path.join(cur_dir, '..', '..', '..', 'ext', 'openssl', 'bin', 'openssl.exe')
	openssl_config_file = os.path.join(cur_dir, '..', '..', '..', 'ext', 'openssl', 'ssl', 'openssl.cnf')
	os.environ['OPENSSL_CONF'] = openssl_config_file
	else:
	openssl = 'openssl'

	# Create root CA key pair
	cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, ROOT_CA_KEY, CA_KEY_LEN)
	run(cmd_str)

	#Create rootCA certificate
	cmd_str = "\"%s\" req -x509 -new -nodes -key \"%s\" -subj \"%s\" -days \"%s\" -out \"%s\"" % (openssl, ROOT_CA_KEY, ROOTCA_CERT_SUB, CERT_VALIDITY, ROOT_CA_CERT_CER)
	run(cmd_str)

	# Create server key pair
	cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, SERVER_KEY, RSA_KEY_LEN)
	run(cmd_str)

	# Create certificate signing request for server
	cmd_str = "\"%s\" req -new -key \"%s\" -subj \"%s\" -out \"%s\" " % (openssl, SERVER_KEY, SERVER_CERT_SUB, SERVER_CERT_CSR)
	run(cmd_str)

	# Sign and create server certificate
	cmd_str = "\"%s\" x509 -req -extfile \"%s\" -sha256 -days \"%s\" -in \"%s\" -CAcreateserial -CA \"%s\" -CAkey \"%s\" -out \"%s\" " % (openssl, EXT_CNF, CERT_VALIDITY, SERVER_CERT_CSR, ROOT_CA_CERT_CER, ROOT_CA_KEY, SERVER_CERT_CER)
	run(cmd_str)

	# Convert root ca certificate to DER format
	cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, ROOT_CA_CERT_CER, ROOT_CA_CERT_DER)
	run(cmd_str)

	# Convert server certificate to DER format
	cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, SERVER_CERT_CER, SERVER_CERT_DER)
	run(cmd_str)


	# create client certificate (CA signed)

	# Create client key pair
	#cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, CLIENT_KEY, RSA_KEY_LEN)
	#run(cmd_str)

	# Create certificate signing request for client
	#cmd_str = "\"%s\" req -new -key \"%s\" -subj \"%s\" -out \"%s\" " % (openssl, CLIENT_KEY, CLIENT_CERT_SUB, CLIENT_CERT_CSR)
	#run(cmd_str)

	# Sign and create client certificate
	#cmd_str = "\"%s\" x509 -req -extfile \"%s\" -sha256 -days \"%s\" -in \"%s\" -CAcreateserial -CA \"%s\" -CAkey \"%s\" -out \"%s\" " % (openssl, CLIENT_EXT_CNF, CERT_VALIDITY, CLIENT_CERT_CSR, ROOT_CA_CERT_CER, ROOT_CA_KEY, CLIENT_CERT_CER)
	#run(cmd_str)

	# Convert client certificate to DER format
	#cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, CLIENT_CERT_CER, CLIENT_CERT_DER)
	#run(cmd_str)


	# create client certificate (self signed)
	cmd_str = "\"%s\" genrsa -out \"%s\" \"%s\"" % (openssl, CLIENT_KEY, RSA_KEY_LEN)
	run(cmd_str)

	#Create rootCA certificate
	cmd_str = "\"%s\" req -x509 -new -nodes -key \"%s\" -subj \"%s\" -days \"%s\" -out \"%s\" -config \"%s\" " % (openssl, CLIENT_KEY, CLIENT_CERT_SUB, CERT_VALIDITY, CLIENT_CERT_CER, CLIENT_CONF)
	run(cmd_str)

	# Convert client certificate to DER format
	cmd_str = "\"%s\" x509 -in \"%s\" -outform DER -out \"%s\" " % (openssl, CLIENT_CERT_CER, CLIENT_CERT_DER)
	run(cmd_str)


	#os.remove('.rnd')
	os.remove(SERVER_CERT_CSR)
	os.remove(SERVER_CERT_CER)
	#os.remove(CLIENT_CERT_CSR)
	os.remove(CLIENT_CERT_CER)
	os.remove(ROOT_CA_CERT_CER)
	#os.remove(ROOT_CA_CERT_SRL)
	if len(sys.argv) == 2:
	os.remove(EXT_CNF)

	print("##############################################################")
	print("# #")
	print("# Program Completed Successfully #")
	print("# #")
	print("##############################################################")