58 lines
1.6 KiB
Python
58 lines
1.6 KiB
Python
#!python3
|
|
# dlitz 2025-2026
|
|
|
|
import tempfile
|
|
import os
|
|
|
|
from cryptography import x509
|
|
from cryptography.hazmat.primitives.hashes import SHA256
|
|
from cryptography.hazmat.primitives.serialization import (
|
|
BestAvailableEncryption,
|
|
KeySerializationEncryption,
|
|
PrivateFormat,
|
|
load_pem_private_key,
|
|
load_pem_public_key,
|
|
pkcs12,
|
|
)
|
|
|
|
from .cert_util import split_certs
|
|
from .routeros_ssh import RouterOS_SSH
|
|
from .ssl_util import SSLUtil
|
|
|
|
|
|
class MTCertPusher:
|
|
|
|
temporary_directory = "/dev/shm"
|
|
|
|
def __init__(self, ssl_util: SSLUtil, ros_ssh: RouterOS_SSH):
|
|
self.ssl_util = ssl_util
|
|
self.ros = ros_ssh
|
|
self.tempdir = tempfile.TemporaryDirectory(dir=self.temporary_directory)
|
|
|
|
def __del__(self):
|
|
self.close()
|
|
|
|
def close(self):
|
|
try:
|
|
tempdir = self.tempdir
|
|
except AttributeError:
|
|
pass
|
|
else:
|
|
self.tempdir.cleanup()
|
|
del self.tempdir
|
|
|
|
def generate_random_pkcs12_passphrase(self):
|
|
return os.urandom(64).hex()
|
|
|
|
def install_key_and_certificates(
|
|
self, key: str, cert: str, chain: str | None = None
|
|
):
|
|
private_key_obj = load_pem_private_key(key.encode())
|
|
cert_obj = x509.load_pem_x509_certificate(cert.encode())
|
|
if cert_obj.public_key() != private_key_obj.public_key():
|
|
raise ValueError("certificate does not match private key")
|
|
|
|
passphrase = self.generate_random_pkcs12_passphrase()
|
|
p12 = self.ssl_util.create_pkcs12_from_key_and_certificates(key=key, cert=cert, passphrase=passphrase)
|
|
|