def main():
args = misc.parse_arguments()
# Compile the ASN.1 specification
asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')
# Import the root private key and cert
root_privkey = io.import_rsa_private_key(args.root_key_file)
root_pubkey = root_privkey.publickey()
# Generate an RSA public key pair for intermediate CA
(sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)
# Create empty nc extension
nc = empty_name_constraints(asn)
# Encode intermediate tbsCertificate
sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
subject_public_key=sub_pubkey,
issuer_cn='root',
subject_cn='intermediate',
is_ca=True,
additional_extensions=[nc],
asn=asn)
sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)
# Sign the intermediate tbsCertificate
sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)
# Encode the intermediate CA Certificate
sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)
# Generate an RSA public key pair for end entity certificate
(end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)
# Create valid san extension
san = valid_san(asn)
# Encode end entity tbsCertificate
end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
subject_public_key=end_pubkey,
issuer_cn='intermediate',
subject_cn='localhost',
is_ca=False,
additional_extensions=[san],
asn=asn)
end_tbs_der = asn.encode('TBSCertificate', end_tbs)
# Sign the end entity tbsCertificate
end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)
# Encode the end entity Certificate
end_cert_der = x509.certificate(end_tbs, end_sig, asn)
# Write the chain into file
io.export_chain([end_cert_der, sub_cert_der],
args.build_dir + EXPORTED_CHAIN_NAME)
# Export the private key
io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
def main():
parser = argparse.ArgumentParser()
parser.add_argument('--root_key_file')
parser.add_argument('--root_cert_file')
parser.add_argument('--asn_dir')
args = parser.parse_args()
# Compile the ASN.1 specification
asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')
# Generate an RSA public key pair
(privkey, pubkey) = crypto.new_rsa_keypair(2048)
# Export key so other certs can be signed with it
io.export_private_key(privkey, args.root_key_file)
# Encode tbsCertificate
tbs = x509.default_tbs(issuer_public_key=pubkey,
subject_public_key=pubkey,
issuer_cn='root',
subject_cn='root',
is_ca=True,
additional_extensions=[],
asn=asn)
tbs_der = asn.encode('TBSCertificate', tbs)
# Sign the tbsCertificate
sig = crypto.rsa_sha256_sign(privkey, tbs_der)
# Create the certificate
cert_der = x509.certificate(tbs, sig, asn)
# Write the certificate into file
io.export_cert(cert_der, args.root_cert_file)
def main():
args = misc.parse_arguments()
# Compile the ASN.1 specification
asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')
# Generate an RSA public key pair for end entity certificate
(end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)
# Encode end entity tbsCertificate
end_tbs = x509.default_tbs(issuer_public_key=end_pubkey,
subject_public_key=end_pubkey,
issuer_cn='localhost',
subject_cn='localhost',
is_ca=False,
additional_extensions=[],
asn=asn)
end_tbs_der = asn.encode('TBSCertificate', end_tbs)
# Sign the end entity tbsCertificate
end_sig = crypto.rsa_sha256_sign(end_privkey, end_tbs_der)
# Encode the end entity Certificate
end_cert_der = x509.certificate(end_tbs, end_sig, asn)
# Write the chain into file
io.export_chain([end_cert_der], args.build_dir + EXPORTED_CHAIN_NAME)
# Export the private key
io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
def main():
args = misc.parse_arguments()
# Compile the ASN.1 specification
asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')
# Import the root private key and cert
root_privkey = io.import_rsa_private_key(args.root_key_file)
root_pubkey = root_privkey.publickey()
# Generate an RSA public key pair for intermediate CA
(sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)
# Encode intermediate tbsCertificate
sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
subject_public_key=sub_pubkey,
issuer_cn='root',
subject_cn='intermediate',
is_ca=True,
additional_extensions=[],
asn=asn)
sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)
# Sign the intermediate tbsCertificate
sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)
# Encode the intermediate CA Certificate
sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)
# Generate an RSA public key pair for end entity certificate
(end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)
# Encode end entity tbsCertificate
end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
subject_public_key=end_pubkey,
issuer_cn='intermediate',
subject_cn='localhost',
is_ca=False,
additional_extensions=[x509.crl_distribution_points(['http://localhost:49999/crl.der'], asn)],
asn=asn)
end_tbs_der = asn.encode('TBSCertificate', end_tbs)
# Sign the end entity tbsCertificate
end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)
# Encode the end entity Certificate
end_cert_der = x509.certificate(end_tbs, end_sig, asn)
# Create the CRL entry
crl_entry_tbs = x509.revoked_certificate(end_tbs['serialNumber'],
('generalTime', misc.current_time()))
# Create the CRL
crl_tbs = x509.default_tbs_crl(issuer_public_key=sub_pubkey,
issuer_cn='intermediate',
number=1,
revoked=[crl_entry_tbs],
additional_extensions=[],
asn=asn)
crl_tbs['thisUpdate'] = ('generalTime', datetime.min)
crl_tbs_der = asn.encode('TBSCertList', crl_tbs)
crl_sig = crypto.rsa_sha256_sign(sub_privkey, crl_tbs_der)
crl_der = x509.certificate_list(crl_tbs, crl_sig, asn)
# Write the chain into file
io.export_chain([end_cert_der, sub_cert_der],
args.build_dir + EXPORTED_CHAIN_NAME)
# Write the CRL into file
io.export_crl(crl_der, args.build_dir + EXPORTED_CRL_NAME)
# Export the private key
io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
def main():
args = misc.parse_arguments()
# Compile the ASN.1 specification
asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')
# Import the root private key and cert
root_privkey = io.import_rsa_private_key(args.root_key_file)
root_pubkey = root_privkey.publickey()
# Generate an RSA public key pair for intermediate CA
(sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)
# Encode intermediate tbsCertificate
sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
subject_public_key=sub_pubkey,
issuer_cn='root',
subject_cn='intermediate',
is_ca=True,
additional_extensions=[],
asn=asn)
sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)
# Sign the intermediate tbsCertificate
sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)
# Encode the intermediate CA Certificate
sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)
# Generate an RSA public key pair for end entity certificate
(end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)
# Encode end entity tbsCertificate
end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
subject_public_key=end_pubkey,
issuer_cn='intermediate',
subject_cn='localhost',
is_ca=False,
additional_extensions=[],
asn=asn)
end_tbs_der = asn.encode('TBSCertificate', end_tbs)
# Sign the end entity tbsCertificate
end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)
# Change signature algorithm
oid = x509.algorithm_identifier('sha512WithRSAEncryption')
end_cert = {
'tbsCertificate': end_tbs,
'signatureAlgorithm': oid,
'signatureValue': (end_sig, len(end_sig) * 8)
}
end_cert_der = asn.encode('Certificate', end_cert)
# Write the chain into file
io.export_chain([end_cert_der, sub_cert_der],
args.build_dir + EXPORTED_CHAIN_NAME)
# Export the private key
io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
def main():
args = misc.parse_arguments()
# Compile the ASN.1 specification
asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')
# Import the root private key and cert
(root_privkey, root_pubkey) = crypto.new_rsa_keypair(2048)
# Encode root tbsCertificate
root_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
subject_public_key=root_pubkey,
issuer_cn='root',
subject_cn='root',
is_ca=True,
additional_extensions=[],
asn=asn)
root_tbs_der = asn.encode('TBSCertificate', root_tbs)
# Sign the root tbsCertificate
root_sig = crypto.rsa_sha256_sign(root_privkey, root_tbs_der)
# Encode the root CA Certificate
root_cert_der = x509.certificate(root_tbs, root_sig, asn)
# Generate an RSA public key pair for intermediate CA
(sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)
# Encode intermediate tbsCertificate
sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
subject_public_key=sub_pubkey,
issuer_cn='root',
subject_cn='intermediate',
is_ca=True,
additional_extensions=[],
asn=asn)
sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)
# Sign the intermediate tbsCertificate
sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)
# Encode the intermediate CA Certificate
sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)
# Generate an RSA public key pair for end entity certificate
(end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)
# Extended key usage
ext_key_usage = extended_key_usage_server(asn)
# Encode end entity tbsCertificate
end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
subject_public_key=end_pubkey,
issuer_cn='intermediate',
subject_cn='localhost',
is_ca=False,
additional_extensions=[ext_key_usage],
asn=asn)
end_tbs_der = asn.encode('TBSCertificate', end_tbs)
# Sign the end entity tbsCertificate
end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)
# Encode the end entity Certificate
end_cert_der = x509.certificate(end_tbs, end_sig, asn)
# Write the chain into file
io.export_chain([end_cert_der, sub_cert_der],
args.build_dir + EXPORTED_CHAIN_NAME)
rt = args.build_dir + 'marked_root.pem'
io.export_cert(root_cert_der, rt)
os.system('openssl x509 -addreject serverAuth -in ' + rt + ' -out ' + rt)
# Export the private key
io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)