Beispiel #1
0
def make_crt(
    issuer_crt,
    issuer_key,
    subject=None,
    not_before=None,
    not_after=None,
    serial_number=None,
    basic_constraints=None,
    digestmod=None,
):
    if subject is None:
        subject = "OU=test, CN=hostname"
    if not_before is None:
        not_before = issuer_crt.not_before
    if not_after is None:
        not_after = issuer_crt.not_after
    if serial_number is None:
        serial_number = 0x123456
    if basic_constraints is None:
        basic_constraints = BasicConstraints()
    if digestmod is None:
        # TODO: issuer_crt.digestmod should work but doesn't.
        digestmod = hashlib.sha256

    key = RSA()
    key.generate()
    crt = issuer_crt.sign(
        csr=CSR.new(key, subject, digestmod()),
        issuer_key=issuer_key,
        not_before=not_before,
        not_after=not_after,
        serial_number=serial_number,
        basic_constraints=basic_constraints,
    )
    return crt, key
Beispiel #2
0
def make_root_ca(
    subject=None,
    not_before=None,
    not_after=None,
    serial_number=None,
    basic_constraints=None,
    digestmod=None,
):
    if subject is None:
        subject = "OU=test, CN=Trusted CA"
    if not_before is None:
        not_before = dt.datetime.utcnow()
    if not_after is None:
        not_after = not_before + dt.timedelta(days=90)
    if serial_number is None:
        serial_number = 0x123456
    if basic_constraints is None:
        basic_constraints = BasicConstraints(True, -1)
    if digestmod is None:
        digestmod = hashlib.sha256

    key = RSA()
    key.generate()
    crt = CRT.selfsign(
        csr=CSR.new(key, subject, digestmod()),
        issuer_key=key,
        not_before=not_before,
        not_after=not_after,
        serial_number=serial_number,
        basic_constraints=basic_constraints,
    )
    return crt, key
Beispiel #3
0
 def ca0_crt(self, ca0_key, digestmod, now):
     ca0_csr = CSR.new(ca0_key, "CN=Trusted CA", digestmod())
     return CRT.selfsign(ca0_csr,
                         ca0_key,
                         not_before=now,
                         not_after=now + dt.timedelta(days=90),
                         serial_number=0x123456,
                         basic_constraints=BasicConstraints(True, -1))
Beispiel #4
0
 def ca1_crt(self, ca1_key, ca0_crt, ca0_key, digestmod, now):
     ca1_csr = CSR.new(ca1_key, "CN=Intermediate CA", digestmod())
     return ca0_crt.sign(ca1_csr,
                         ca0_key,
                         now,
                         now + dt.timedelta(days=90),
                         0x234567,
                         basic_constraints=BasicConstraints(True, -1))
Beispiel #5
0
 def ee0_crt(self, ee0_key, ca1_crt, ca1_key, digestmod, now):
     ee0_csr = CSR.new(ee0_key, "CN=End Entity", digestmod())
     return ca1_crt.sign(ee0_csr, ca1_key, now, now + dt.timedelta(days=90),
                         0x345678)