Ejemplo n.º 1
0
def mkcert_casigned(id_xmpp, webid, req, cacert, capk,
        serial_path="/tmp/xmpp_foaf_cert_serial.txt"):
    """
    Create an x509 CA signed certificate
    
    @param id_xmpp: xmpp id
    @param webid: FOAF WebId
    @param cacert: CA certificate
    @param capk: CA private key
    @param seria_path: serial path
    @type id_xmpp: string
    @type webid: string
    @type cacert: X509.X509
    @type capk: EVP.PKey
    @type serial_path: string
    @return:  x509 CA signed certificate
    @rtype: X509.X509
    """

    # the cert public key is the req public key
    cert = mkcert_defaults(req, serial_path)

    # if certificate is going to be signed by a CA

    # this is not optional
    # set the certificate Issuer name as the CA subject name
#    issuer = X509.X509_Name()
#    issuer.C  = "CR"
#    issuer.CN = "Rhizomatik Labs"
#    cert.set_issuer(issuer)
    #cert.set_issuer_name(cacert.get_subject().x509_name)
#    cert.set_issuer_name(x509_name.x509_name)
    cert.set_issuer(cacert.get_subject())

    # set subjectAltName extension
#    ext = X509.new_extension('subjectAltName', 'DNS:foobar.example.com')
    ext = X509.new_extension('subjectAltName', 'URI:%s, otherName:%s;UTF8:%s' %(webid, ID_ON_XMPPADDR_OID, id_xmpp))
#    ext = X509.new_extension('subjectAltName', 'URI:%s' %webid)
    ext.set_critical(0)
    cert.add_ext(ext)

    # sign the x509 certificate with private? key generated in the request
    cert.sign(capk, 'sha1')

    # verify
    print "Client certificate verfication with CA certificate public key"
    print m2.x509_verify(cert.x509, m2.x509_get_pubkey(cacert.x509))

    # Print the new certificate as a PEM-encoded string
    print "Generated new client certificate signed with CA"
    if DEBUG: print cert.as_pem()
    return cert
Ejemplo n.º 2
0
 def get_pubkey(self):
     # type: () -> EVP.PKey
     assert m2.x509_type_check(self.x509), "'x509' type error"
     return EVP.PKey(m2.x509_get_pubkey(self.x509), _pyfree=1)
Ejemplo n.º 3
0
def verify_CA_cert(cert, cacert):
    # verify
    print "Client certificate verfication with CA certificate key"
    print m2.x509_verify(cert.x509, m2.x509_get_pubkey(cacert.x509))
Ejemplo n.º 4
0
 def get_pubkey(self):
     # type: () -> EVP.PKey
     assert m2.x509_type_check(self.x509), "'x509' type error"
     return EVP.PKey(m2.x509_get_pubkey(self.x509), _pyfree=1)
Ejemplo n.º 5
0
def verify_CA_cert(cert, cacert):
    # verify
    print "Client certificate verfication with CA certificate key"
    print m2.x509_verify(cert.x509, m2.x509_get_pubkey(cacert.x509))