forked from freddy36/StartSSL_API
-
Notifications
You must be signed in to change notification settings - Fork 2
/
startssl_certify.py
executable file
·146 lines (105 loc) · 4.34 KB
/
startssl_certify.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/usr/bin/python
import subprocess, re, datetime, sys, os.path, tempfile
import urllib
scriptPath = os.path.dirname(os.path.realpath(sys.argv[0]))
execfile(scriptPath+"/config.py")
with open(scriptPath+'/startssl_cookie.txt', 'r') as infile:
cookie = infile.read()
def startssl_request(params):
curl_command = "curl -b \"%s\" --data '%s' -s \"%s\"" % (cookie, urllib.urlencode(params), STARTSSL_BASEURI)
return subprocess.check_output(curl_command, shell=True)
now = datetime.datetime.now()
if len(sys.argv) == 2:
privkey_file = sys.argv[1] + "_privatekey_%s.pem" % (now.strftime("%y%m%d"))
domainlist_file = sys.argv[1] + "_domains.txt"
cert_file = sys.argv[1] + "_cert_%s.pem" % (now.strftime("%y%m%d"))
elif len(sys.argv) == 4:
privkey_file = sys.argv[1]
domainlist_file = sys.argv[2]
cert_file = sys.argv[3]
else:
print "Invalid command line params"
sys.exit(5)
if not os.path.isfile(privkey_file):
print "Private key file %s doesn't exist, generating..." % privkey_file
os.system("openssl genrsa -out \"%s\" 4096" % privkey_file)
if not os.path.isfile(domainlist_file):
sys.exit("Domain list file %s doesn't exist" % domainlist_file)
if os.path.exists(cert_file):
sys.exit("Certificate file %s already exists, refusing to overwrite!" % cert_file)
print "Generating CSR from private key ..."
print "Private key: ", privkey_file
tempcsr = tempfile.mktemp(".csr")
os.system("openssl req -new -key \"%s\" -out \"%s\" -batch" % (privkey_file, tempcsr))
print "CSR path: ", tempcsr
print "Certificate: ", cert_file
with open(tempcsr, 'r') as content_file:
csr_content = content_file.read()
os.remove(tempcsr)
cert_type = "server"
#print csr_content
# ------ second step --------
CERT_TOKEN = re.compile(r"x_third_step_certs\(\\'([a-z]+)\\',\\'([0-9]+)\\',")
params = [('app',12), ('rs','second_step_certs'), ('rst',''),
('rsargs[]', cert_type), ('rsargs[]', csr_content)]
output = startssl_request(params)
tokens = CERT_TOKEN.search(output)
if tokens:
token2 = tokens.group(2)
else:
print "Error in second step (submitting csr)"
print output
sys.exit(1)
print "Certification token: %s" % token2
# ------- third step --------
VALID_DOMAINS = re.compile('option value=\\\\"([a-zA-Z0-9._-]+)\\\\"')
params = [('app',12), ('rs','third_step_certs'), ('rst',''),
('rsargs[]', cert_type), ('rsargs[]', token2), ('rsargs[]', '')]
output = startssl_request(params)
valid_domains = VALID_DOMAINS.findall(output)
#for i, adr in enumerate(valid_domains):
# print adr
top_domains = []
sub_domains = []
with open(domainlist_file, 'r') as content_file:
for line in content_file:
line = line.strip()
#print "Checking '%s'"%line
for domain in valid_domains:
#print "- ",domain
if line.endswith("." + domain):
sub_domains.append(line)
break
elif line == domain:
top_domains.append(domain)
break
else:
sys.exit("Invalid domain requested: "+line)
print "Top:",top_domains
print "Sub:",sub_domains
for domain in top_domains:
params = [('app',12), ('rs','fourth_step_certs'), ('rst',''),
('rsargs[]', cert_type), ('rsargs[]', token2), ('rsargs[]', domain), ('rsargs[]', '')]
output = startssl_request(params)
for domain in sub_domains:
params = [('app',12), ('rs','fourth_step_certs'), ('rst',''),
('rsargs[]', cert_type), ('rsargs[]', token2), ('rsargs[]', ''), ('rsargs[]', domain)]
output = startssl_request(params)
# ----- fifth step ----
params = [('app',12), ('rs','fifth_step_certs'), ('rst',''),
('rsargs[]', cert_type), ('rsargs[]', token2), ('rsargs[]', ''), ('rsargs[]', '')]
output = startssl_request(params)
if not "We have gathered enough information" in output:
sys.exit("Error in fifth step: "+output)
params = [('app',12), ('rs','sixth_step_certs'), ('rst',''),
('rsargs[]', cert_type), ('rsargs[]', token2)]
output = startssl_request(params)
REQUEST_CERTIFICATE_CERT = re.compile('<textarea.*?>(?P<certificate>.*?)</textarea>')
m = REQUEST_CERTIFICATE_CERT.search(output)
if m:
print "Success"
cert = m.group("certificate").replace("\\n", "\n")
with open(cert_file, 'w') as outfile:
outfile.write(cert+"\n")
else:
sys.exit("Error in last step: "+output)