pycli/Provisioning/verification_certificate.py - a71ch-crypto-support - Git at Google

 #
 # Copyright 2018-2020 NXP
 # SPDX-License-Identifier: Apache-2.0
 #
 #

 """License text"""

 # This script is used to generate keys and CA certificates using openssl engine.
 # The generated keys shall be available in aws directory
 # These keys are used to provision to the secure element

 import os
 import sys
 import subprocess
 import logging
 log = logging.getLogger(__name__)


 def main():
     """
     Generates keys and CA certificates using openssl engine.
     :return: None
     """
     cur_dir = os.path.abspath(os.path.dirname(__file__))
     openssl_dir = os.path.abspath(os.path.dirname(__file__)
                                   + ".."
                                   + os.sep + ".."
                                   + os.sep + "ext"
                                   + os.sep + "openssl"
                                   + os.sep + "bin")

     os.environ['PATH'] = openssl_dir + os.pathsep + os.environ["PATH"]

     if "linux" in sys.platform:
         OPENSSL_EXE = 'openssl'
     else:
         OPENSSL_EXE = os.path.join(cur_dir, '..', '..', 'ext', 'openssl', 'bin', 'openssl.exe')
     OPENSSL_CONFIG_FILE = os.path.join(cur_dir, "..", "..", "ext", "openssl", "ssl", "openssl.cnf")
     os.environ['OPENSSL_CONF'] = OPENSSL_CONFIG_FILE
     ROOTCA_CERT = sys.argv[1]
     ROOTCA_KEY = sys.argv[2]
     VERIFICATION_CODE = sys.argv[3]
     VERIFY_CERT = "verifyCert.cer"
     VERIFY_KEY = "verifyKey.pem"
     VERIFY_CSR = "verify_csr.csr"

     error_file = cur_dir + os.sep + "error_log.txt"
     err_write = open(error_file, 'wb+')

     output_file = cur_dir + os.sep + "output_log.txt"
     output_write = open(output_file, 'wb+')

     a = subprocess.Popen("\"%s\" ecparam -name prime256v1 -genkey -out \"%s\"" %
                          (OPENSSL_EXE, VERIFY_KEY),
                          shell=True, stdout=output_write,
                          stderr=err_write)
     a.wait()

     a = subprocess.Popen("\"%s\" req -new -key \"%s\" -subj \"/CN=%s\" -out \"%s\"" %
                          (OPENSSL_EXE, VERIFY_KEY, VERIFICATION_CODE, VERIFY_CSR),
                          shell=True, stdout=output_write, stderr=err_write)
     a.wait()

     a = subprocess.Popen("\"%s\" x509 -req -sha256 -days 2800 -in \"%s\" -CAserial root_srl.srl "
                          "-CAcreateserial -CA \"%s\" -CAkey \"%s\" -out \"%s\"" %
                          (OPENSSL_EXE, VERIFY_CSR, ROOTCA_CERT, ROOTCA_KEY, VERIFY_CERT),
                          shell=True, stdout=output_write, stderr=err_write)
     a.wait()

     output_write.close()
     err_write.close()
     os.remove(VERIFY_KEY)
     os.remove(VERIFY_CSR)
     os.remove("root_srl.srl")


 def usage():
     """
     Usage information
     :return: None
     """
     print("Usage:\n%s <RootCA_Certificate> <RootCA_Keypair> <verification_code>" % sys.argv[0])


 if __name__ == "__main__":
     if len(sys.argv) == 4:
         main()
     else:
         usage()
	#
	# Copyright 2018-2020 NXP
	# SPDX-License-Identifier: Apache-2.0
	#
	#

	"""License text"""

	# This script is used to generate keys and CA certificates using openssl engine.
	# The generated keys shall be available in aws directory
	# These keys are used to provision to the secure element

	import os
	import sys
	import subprocess
	import logging
	log = logging.getLogger(__name__)


	def main():
	"""
	Generates keys and CA certificates using openssl engine.
	:return: None
	"""
	cur_dir = os.path.abspath(os.path.dirname(__file__))
	openssl_dir = os.path.abspath(os.path.dirname(__file__)
	+ ".."
	+ os.sep + ".."
	+ os.sep + "ext"
	+ os.sep + "openssl"
	+ os.sep + "bin")

	os.environ['PATH'] = openssl_dir + os.pathsep + os.environ["PATH"]

	if "linux" in sys.platform:
	OPENSSL_EXE = 'openssl'
	else:
	OPENSSL_EXE = os.path.join(cur_dir, '..', '..', 'ext', 'openssl', 'bin', 'openssl.exe')
	OPENSSL_CONFIG_FILE = os.path.join(cur_dir, "..", "..", "ext", "openssl", "ssl", "openssl.cnf")
	os.environ['OPENSSL_CONF'] = OPENSSL_CONFIG_FILE
	ROOTCA_CERT = sys.argv[1]
	ROOTCA_KEY = sys.argv[2]
	VERIFICATION_CODE = sys.argv[3]
	VERIFY_CERT = "verifyCert.cer"
	VERIFY_KEY = "verifyKey.pem"
	VERIFY_CSR = "verify_csr.csr"

	error_file = cur_dir + os.sep + "error_log.txt"
	err_write = open(error_file, 'wb+')

	output_file = cur_dir + os.sep + "output_log.txt"
	output_write = open(output_file, 'wb+')

	a = subprocess.Popen("\"%s\" ecparam -name prime256v1 -genkey -out \"%s\"" %
	(OPENSSL_EXE, VERIFY_KEY),
	shell=True, stdout=output_write,
	stderr=err_write)
	a.wait()

	a = subprocess.Popen("\"%s\" req -new -key \"%s\" -subj \"/CN=%s\" -out \"%s\"" %
	(OPENSSL_EXE, VERIFY_KEY, VERIFICATION_CODE, VERIFY_CSR),
	shell=True, stdout=output_write, stderr=err_write)
	a.wait()

	a = subprocess.Popen("\"%s\" x509 -req -sha256 -days 2800 -in \"%s\" -CAserial root_srl.srl "
	"-CAcreateserial -CA \"%s\" -CAkey \"%s\" -out \"%s\"" %
	(OPENSSL_EXE, VERIFY_CSR, ROOTCA_CERT, ROOTCA_KEY, VERIFY_CERT),
	shell=True, stdout=output_write, stderr=err_write)
	a.wait()

	output_write.close()
	err_write.close()
	os.remove(VERIFY_KEY)
	os.remove(VERIFY_CSR)
	os.remove("root_srl.srl")


	def usage():
	"""
	Usage information
	:return: None
	"""
	print("Usage:\n%s <RootCA_Certificate> <RootCA_Keypair> <verification_code>" % sys.argv[0])


	if __name__ == "__main__":
	if len(sys.argv) == 4:
	main()
	else:
	usage()