def generate_self_signed_certificate(
common_name: str,
curve: EllipticCurve,
host: str,
private_key: _EllipticCurvePrivateKey = None,
days_valid: int = 365) -> Tuple[Certificate, _EllipticCurvePrivateKey]:
if not private_key:
private_key = ec.generate_private_key(curve, default_backend())
public_key = private_key.public_key()
now = datetime.datetime.utcnow()
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
])
cert = x509.CertificateBuilder().subject_name(subject)
cert = cert.issuer_name(issuer)
cert = cert.public_key(public_key)
cert = cert.serial_number(x509.random_serial_number())
cert = cert.not_valid_before(now)
cert = cert.not_valid_after(now + datetime.timedelta(days=days_valid))
# TODO: What are we going to do about domain name here? 179
cert = cert.add_extension(x509.SubjectAlternativeName([x509.DNSName(host)
]),
critical=False)
cert = cert.sign(private_key, hashes.SHA512(), default_backend())
return cert, private_key
def generate_self_signed_certificate(
host: str,
checksum_address: str,
curve: EllipticCurve,
private_key: _EllipticCurvePrivateKey = None,
days_valid: int = 365) -> Tuple[Certificate, _EllipticCurvePrivateKey]:
if not private_key:
private_key = ec.generate_private_key(curve, default_backend())
public_key = private_key.public_key()
now = datetime.datetime.utcnow()
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, host),
x509.NameAttribute(NameOID.PSEUDONYM, checksum_address)
])
cert = x509.CertificateBuilder().subject_name(subject)
cert = cert.issuer_name(issuer)
cert = cert.public_key(public_key)
cert = cert.serial_number(x509.random_serial_number())
cert = cert.not_valid_before(now)
cert = cert.not_valid_after(now + datetime.timedelta(days=days_valid))
cert = cert.add_extension(x509.SubjectAlternativeName(
[x509.IPAddress(IPv4Address(host))]),
critical=False)
cert = cert.sign(private_key, hashes.SHA512(), default_backend())
return cert, private_key
def get_input_aux_data(
self, data_to_sign: bytes,
private_key: _EllipticCurvePrivateKey) -> Tuple[bytes, bytes]:
""" Sign the data to be used in input and get public key compressed in bytes
:param data_to_sign: Data to be signed
:type data_to_sign: bytes
:param private_key: private key to sign data
:type private_key: pycoin.key.Key.Key
:return: public key compressed in bytes and signature
:rtype: tuple[bytes, bytes]
"""
public_key_bytes = get_public_key_bytes_compressed(
private_key.public_key())
hashed_data = hashlib.sha256(data_to_sign).digest()
signature = private_key.sign(hashed_data, ec.ECDSA(hashes.SHA256()))
return public_key_bytes, signature
def generate_public_key(private_key: _EllipticCurvePrivateKey):
"""
Create public key from the private key.
Public key is used to challenge ownership of cryptocurrency
and can be shared with the rest of the network.
:param _EllipticCurvePrivateKey private_key: wallet private key.
:return str: public key derived from private key.
"""
public_key = private_key.public_key()
encoded_key = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
return encoded_key.decode('utf-8')
def get_node_id_raw(key: _EllipticCurvePrivateKey) -> bytes:
curve = key.public_key().public_numbers()
pk_bytes = curve.x.to_bytes(32, 'big') + curve.y.to_bytes(32, 'big')
return keccak(pk_bytes)[12:]