def main():
    args = misc.parse_arguments()

    # Compile the ASN.1 specification
    asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')

    # Import the root private key and cert
    root_privkey = io.import_rsa_private_key(args.root_key_file)
    root_pubkey = root_privkey.publickey()

    # Generate an RSA public key pair for intermediate CA
    (sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)

    # Create empty nc extension
    nc = empty_name_constraints(asn)

    # Encode intermediate tbsCertificate
    sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
                               subject_public_key=sub_pubkey,
                               issuer_cn='root',
                               subject_cn='intermediate',
                               is_ca=True,
                               additional_extensions=[nc],
                               asn=asn)
    sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)

    # Sign the intermediate tbsCertificate
    sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)

    # Encode the intermediate CA Certificate
    sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)

    # Generate an RSA public key pair for end entity certificate
    (end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)

    # Create valid san extension
    san = valid_san(asn)

    # Encode end entity tbsCertificate
    end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
                               subject_public_key=end_pubkey,
                               issuer_cn='intermediate',
                               subject_cn='localhost',
                               is_ca=False,
                               additional_extensions=[san],
                               asn=asn)
    end_tbs_der = asn.encode('TBSCertificate', end_tbs)

    # Sign the end entity tbsCertificate
    end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)

    # Encode the end entity Certificate
    end_cert_der = x509.certificate(end_tbs, end_sig, asn)

    # Write the chain into file
    io.export_chain([end_cert_der, sub_cert_der],
                    args.build_dir + EXPORTED_CHAIN_NAME)

    # Export the private key
    io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('--root_key_file')
    parser.add_argument('--root_cert_file')
    parser.add_argument('--asn_dir')
    args = parser.parse_args()

    # Compile the ASN.1 specification
    asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')

    # Generate an RSA public key pair
    (privkey, pubkey) = crypto.new_rsa_keypair(2048)

    # Export key so other certs can be signed with it
    io.export_private_key(privkey, args.root_key_file)

    # Encode tbsCertificate
    tbs = x509.default_tbs(issuer_public_key=pubkey,
                           subject_public_key=pubkey,
                           issuer_cn='root',
                           subject_cn='root',
                           is_ca=True,
                           additional_extensions=[],
                           asn=asn)
    tbs_der = asn.encode('TBSCertificate', tbs)

    # Sign the tbsCertificate
    sig = crypto.rsa_sha256_sign(privkey, tbs_der)

    # Create the certificate
    cert_der = x509.certificate(tbs, sig, asn)

    # Write the certificate into file
    io.export_cert(cert_der, args.root_cert_file)
def main():
    args = misc.parse_arguments()

    # Compile the ASN.1 specification
    asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')

    # Generate an RSA public key pair for end entity certificate
    (end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)

    # Encode end entity tbsCertificate
    end_tbs = x509.default_tbs(issuer_public_key=end_pubkey,
                               subject_public_key=end_pubkey,
                               issuer_cn='localhost',
                               subject_cn='localhost',
                               is_ca=False,
                               additional_extensions=[],
                               asn=asn)
    end_tbs_der = asn.encode('TBSCertificate', end_tbs)

    # Sign the end entity tbsCertificate
    end_sig = crypto.rsa_sha256_sign(end_privkey, end_tbs_der)

    # Encode the end entity Certificate
    end_cert_der = x509.certificate(end_tbs, end_sig, asn)

    # Write the chain into file
    io.export_chain([end_cert_der], args.build_dir + EXPORTED_CHAIN_NAME)

    # Export the private key
    io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
Beispiel #4
0
def main():
    args = misc.parse_arguments()

    # Compile the ASN.1 specification
    asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')

    # Import the root private key and cert
    root_privkey = io.import_rsa_private_key(args.root_key_file)
    root_pubkey = root_privkey.publickey()

    # Generate an RSA public key pair for intermediate CA
    (sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)

    # Encode intermediate tbsCertificate
    sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
                               subject_public_key=sub_pubkey,
                               issuer_cn='root',
                               subject_cn='intermediate',
                               is_ca=True,
                               additional_extensions=[],
                               asn=asn)
    sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)

    # Sign the intermediate tbsCertificate
    sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)
    
    # Encode the intermediate CA Certificate
    sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)

    # Generate an RSA public key pair for end entity certificate
    (end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)
    
    # Encode end entity tbsCertificate
    end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
                               subject_public_key=end_pubkey,
                               issuer_cn='intermediate',
                               subject_cn='localhost',
                               is_ca=False,
                               additional_extensions=[x509.crl_distribution_points(['http://localhost:49999/crl.der'], asn)],
                               asn=asn)
    end_tbs_der = asn.encode('TBSCertificate', end_tbs)
    
    # Sign the end entity tbsCertificate
    end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)
    
    # Encode the end entity Certificate
    end_cert_der = x509.certificate(end_tbs, end_sig, asn)

    # Create the CRL entry
    crl_entry_tbs = x509.revoked_certificate(end_tbs['serialNumber'], 
                                             ('generalTime', misc.current_time()))
    # Create the CRL
    crl_tbs = x509.default_tbs_crl(issuer_public_key=sub_pubkey,
                                   issuer_cn='intermediate',
                                   number=1,
                                   revoked=[crl_entry_tbs],
                                   additional_extensions=[],
                                   asn=asn)
    crl_tbs['thisUpdate'] = ('generalTime', datetime.min)
    crl_tbs_der = asn.encode('TBSCertList', crl_tbs)
    crl_sig = crypto.rsa_sha256_sign(sub_privkey, crl_tbs_der)
    crl_der = x509.certificate_list(crl_tbs, crl_sig, asn)

    # Write the chain into file
    io.export_chain([end_cert_der, sub_cert_der], 
                    args.build_dir + EXPORTED_CHAIN_NAME)

    # Write the CRL into file
    io.export_crl(crl_der, args.build_dir + EXPORTED_CRL_NAME)

    # Export the private key
    io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
Beispiel #5
0
def main():
    args = misc.parse_arguments()

    # Compile the ASN.1 specification
    asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')

    # Import the root private key and cert
    root_privkey = io.import_rsa_private_key(args.root_key_file)
    root_pubkey = root_privkey.publickey()

    # Generate an RSA public key pair for intermediate CA
    (sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)

    # Encode intermediate tbsCertificate
    sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
                               subject_public_key=sub_pubkey,
                               issuer_cn='root',
                               subject_cn='intermediate',
                               is_ca=True,
                               additional_extensions=[],
                               asn=asn)

    sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)

    # Sign the intermediate tbsCertificate
    sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)

    # Encode the intermediate CA Certificate
    sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)

    # Generate an RSA public key pair for end entity certificate
    (end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)

    # Encode end entity tbsCertificate
    end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
                               subject_public_key=end_pubkey,
                               issuer_cn='intermediate',
                               subject_cn='localhost',
                               is_ca=False,
                               additional_extensions=[],
                               asn=asn)

    end_tbs_der = asn.encode('TBSCertificate', end_tbs)

    # Sign the end entity tbsCertificate
    end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)

    # Change signature algorithm
    oid = x509.algorithm_identifier('sha512WithRSAEncryption')
    end_cert = {
        'tbsCertificate': end_tbs,
        'signatureAlgorithm': oid,
        'signatureValue': (end_sig, len(end_sig) * 8)
    }
    end_cert_der = asn.encode('Certificate', end_cert)

    # Write the chain into file
    io.export_chain([end_cert_der, sub_cert_der],
                    args.build_dir + EXPORTED_CHAIN_NAME)

    # Export the private key
    io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)
def main():
    args = misc.parse_arguments()

    # Compile the ASN.1 specification
    asn = asn1tools.compile_files(args.asn_dir + VALID_ASN_FILE, 'der')

    # Import the root private key and cert
    (root_privkey, root_pubkey) = crypto.new_rsa_keypair(2048)

    # Encode root tbsCertificate
    root_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
                                subject_public_key=root_pubkey,
                                issuer_cn='root',
                                subject_cn='root',
                                is_ca=True,
                                additional_extensions=[],
                                asn=asn)
    root_tbs_der = asn.encode('TBSCertificate', root_tbs)

    # Sign the root tbsCertificate
    root_sig = crypto.rsa_sha256_sign(root_privkey, root_tbs_der)

    # Encode the root CA Certificate
    root_cert_der = x509.certificate(root_tbs, root_sig, asn)

    # Generate an RSA public key pair for intermediate CA
    (sub_privkey, sub_pubkey) = crypto.new_rsa_keypair(2048)

    # Encode intermediate tbsCertificate
    sub_tbs = x509.default_tbs(issuer_public_key=root_pubkey,
                               subject_public_key=sub_pubkey,
                               issuer_cn='root',
                               subject_cn='intermediate',
                               is_ca=True,
                               additional_extensions=[],
                               asn=asn)
    sub_tbs_der = asn.encode('TBSCertificate', sub_tbs)

    # Sign the intermediate tbsCertificate
    sub_sig = crypto.rsa_sha256_sign(root_privkey, sub_tbs_der)

    # Encode the intermediate CA Certificate
    sub_cert_der = x509.certificate(sub_tbs, sub_sig, asn)

    # Generate an RSA public key pair for end entity certificate
    (end_privkey, end_pubkey) = crypto.new_rsa_keypair(2048)

    # Extended key usage
    ext_key_usage = extended_key_usage_server(asn)

    # Encode end entity tbsCertificate
    end_tbs = x509.default_tbs(issuer_public_key=sub_pubkey,
                               subject_public_key=end_pubkey,
                               issuer_cn='intermediate',
                               subject_cn='localhost',
                               is_ca=False,
                               additional_extensions=[ext_key_usage],
                               asn=asn)
    end_tbs_der = asn.encode('TBSCertificate', end_tbs)

    # Sign the end entity tbsCertificate
    end_sig = crypto.rsa_sha256_sign(sub_privkey, end_tbs_der)

    # Encode the end entity Certificate
    end_cert_der = x509.certificate(end_tbs, end_sig, asn)

    # Write the chain into file
    io.export_chain([end_cert_der, sub_cert_der],
                    args.build_dir + EXPORTED_CHAIN_NAME)

    rt = args.build_dir + 'marked_root.pem'

    io.export_cert(root_cert_der, rt)
    os.system('openssl x509 -addreject serverAuth -in ' + rt + ' -out ' + rt)

    # Export the private key
    io.export_private_key(end_privkey, args.build_dir + EXPORTED_KEY_NAME)