From 9e49aba47788a4b46df8404582b9658fe9e8893e Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Mon, 20 Feb 2023 16:21:18 +0300
Subject: [PATCH] Use GoGOST instead of PyGOST utilities

---
 README   |  9 ++++-----
 zeasypki | 38 ++++++++++++++++++++------------------
 2 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/README b/README
index 344b3d5..8717fad 100644
--- a/README
+++ b/README
@@ -2,16 +2,15 @@ zeasypki -- easy PKI
 This is helper script for managing X.509 TLS PKI.
 
 ECDSA keypairs are handled with GnuTLS'es certtool.
-GOST keypairs are handled with PyGOST'es utilities
-(http://www.pygost.cypherpunks.ru).
+GOST keypairs are handled with GoGOST'es utilities
+(http://www.gogost.cypherpunks.ru).
 
 CA certificates have 10 years validity lifetime.
 EE certificates have 365 days one.
 EE certificates contain only domain name and a country.
 
-Edit zeasypki to suit your needs and working environment. Probably you
-want to change goston(), that activates PyGOST venv and key encryption
-procedures.
+Edit zeasypki to suit your needs and working environment. Probably you want
+to change path-variable setting, that points to GoGOST'es built utilities.
 
 * Create CA keypairs:
     $ mkdir mypki && cd mypki
diff --git a/zeasypki b/zeasypki
index 19df233..f9693fc 100755
--- a/zeasypki
+++ b/zeasypki
@@ -7,10 +7,11 @@ set -e
 KEY_ENCRYPT_RECIPIENT=${KEY_ENCRYPT_RECIPIENT:-12AD32689C660D426967FD75CB8205632107AD8A}
 COUNTRY=${COUNTRY:-RU}
 
-# Turn on PyGOST utilities
-path=(~/local/stow/py310/bin ~/work/pygost/pygost/asn1schemas $path)
-export -TU PYTHONPATH pythonpath
-pythonpath=(~/work/pygost ~/work/pyderasn)
+path=(
+    ~/work/gogost/cmd/cer-selfsigned-example
+    ~/work/gogost/cmd/cer-dane-hash
+    $path
+)
 
 key_encrypt() {
     gpg --encrypt --recipient $KEY_ENCRYPT_RECIPIENT
@@ -91,7 +92,7 @@ ee_key_new_eddsa() {
 }
 
 ee_key_new_gost() {
-    cert-selfsigned-example.py --cn does-not-matter --ai 256A --only-key
+    cer-selfsigned-example -cn does-not-matter -ai 256A -only-key
 }
 
 ee_renew_xdsa() {
@@ -138,13 +139,14 @@ ee_renew_gost() {
     trap "rm -f $cakey $key $cert" HUP PIPE INT QUIT TERM EXIT
     key_get ca/gost/$ca
     mapfile[$cakey]=$REPLY
+    print >> $cakey
     cat >> $cakey < ca/gost/$ca/cer.pem
     key_get ee/gost/$ca/$domain
     mapfile[$key]=$REPLY
-    cert-selfsigned-example.py \
-        --issue-with $cakey \
-        --reuse-key $key \
-        --cn $domain --country $COUNTRY --ai 256A
+    cer-selfsigned-example \
+        -issue-with $cakey \
+        -reuse-key $key \
+        -cn $domain -country $COUNTRY -ai 256A
 }
 
 ca_new_gost() {
@@ -152,14 +154,14 @@ ca_new_gost() {
     local key=`mktemp`
     local cert=`mktemp`
     trap "rm -f $key $cert" HUP PIPE INT QUIT TERM EXIT
-    cert-selfsigned-example.py \
-        --ca \
-        --cn $domain \
-        --country $COUNTRY \
-        --serial 1 \
-        --ai 512C \
-        --out-key $key \
-        --out-cert $cert
+    cer-selfsigned-example \
+        -ca \
+        -cn $domain \
+        -country $COUNTRY \
+        -serial 1 \
+        -ai 512C \
+        -out-key $key \
+        -out-cert $cert
     reply=(${mapfile[$key]} ${mapfile[$cert]})
 }
 
@@ -172,7 +174,7 @@ dane_eddsa() {
 }
 
 dane_gost() {
-    cert-dane-hash.py
+    cer-dane-hash
 }
 
 case $1 in
-- 
2.44.0