def generate_ca_cert(base_year, quiet=False): if not quiet: write('Generating ca cert ... ', end='') public_key = load_public('ca') private_key = load_private('ca') builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Bad TLS Limited', 'common_name': 'Bad TLS Limited RSA CA', }, public_key ) builder.self_signed = True builder.ca = True builder.begin_date = datetime(base_year, 1, 1, 0, 0, 0, tzinfo=timezone.utc) builder.end_date = datetime(base_year + 10, 1, 1, 0, 0, 0, tzinfo=timezone.utc) certificate = builder.build(private_key) dump_cert('ca', certificate) if not quiet: write('done')
def build_ca(): if not os.path.exists(settings.CA_PATH): os.makedirs(settings.CA_PATH) root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=4096) with open(settings.CA_KEY, 'wb') as f: f.write( asymmetric.dump_private_key(root_ca_private_key, settings.CA_KEY_PASSWD)) builder = CertificateBuilder( { 'country_name': 'CR', 'state_or_province_name': 'San Jose', 'locality_name': 'Costa Rica', 'organization_name': 'DFVA Independiente', 'common_name': 'DFVA Root CA 1', }, root_ca_public_key) now = timezone.now() builder.self_signed = True builder.ca = True builder.end_date = now + timedelta(settings.CA_CERT_DURATION * 10) root_ca_certificate = builder.build(root_ca_private_key) with open(settings.CA_CERT, 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate)) builder = CertificateListBuilder('http://crl.dfva.info', root_ca_certificate, 1000) crl_list = builder.build(root_ca_private_key) with open(settings.CA_CRL, 'wb') as f: f.write(crl_list.dump())
def _gen_ca(): public, private = _gen_key() builder = CertificateBuilder( {"organization_name": "Fake Certificate Authority"}, public) builder.self_signed = True builder.ca = True return (_dump_cert(builder.build(private)), _dump_private(private))
def test_validity_general_times(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key) builder.self_signed = True builder.begin_date = datetime(2050, 1, 1, tzinfo=timezone.utc) builder.end_date = datetime(2052, 1, 1, tzinfo=timezone.utc) certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual( new_certificate['tbs_certificate']['validity']['not_before'].name, 'general_time') self.assertEqual( new_certificate['tbs_certificate']['validity']['not_after'].name, 'general_time')
def generate_cert_and_key(cn, filename, keysize, keytype='rsa'): ca_key_name = '%s.key' % filename ca_cert_name = '%s.crt' % filename curdir = pathlib.Path(__file__).parent # Generate and save the key and certificate for the root CA root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( keytype, bit_size=keysize) with open(curdir.joinpath(ca_key_name), 'wb') as f: f.write(asymmetric.dump_private_key(root_ca_private_key, None)) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': cn, }, root_ca_public_key) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build(root_ca_private_key) with open(curdir.joinpath(ca_cert_name), 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate))
def generate_ca2_cert(base_year, quiet=False): if not quiet: write('Generating ca2 cert ... ', end='') public_key = load_public('ca2') private_key = load_private('ca2') builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Good TLS Limited', 'common_name': 'Good TLS Limited RSA CA', }, public_key ) builder.self_signed = True builder.ca = True builder.begin_date = datetime(base_year, 1, 1, 0, 0, 0, tzinfo=timezone.utc) builder.end_date = datetime(base_year + 10, 1, 1, 0, 0, 0, tzinfo=timezone.utc) certificate = builder.build(private_key) dump_cert('ca2', certificate) if not quiet: write('done')
def generate_self_signed(cls, cn, key_usage, private_key=None): if private_key is None: private_key = cls.generate_pair() builder = CertificateBuilder({ u'common_name': six.text_type(cn), }, private_key.public_key.to_asn1_public_key()) builder.key_usage = key_usage #[u'digital_signature', u'key_encipherment'] builder.self_signed = True certificate = builder.build(private_key.to_asn1_private_key()) return Certificate(certificate=certificate), private_key
def test_build_ca_cert(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.hash_algo = 'sha512' builder.self_signed = True builder.ca = True certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha512', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage', 'basic_constraints']), new_certificate.critical_extensions) self.assertEqual(set(['key_cert_sign', 'crl_sign']), new_certificate.key_usage_value.native) self.assertEqual(None, new_certificate.extended_key_usage_value) self.assertEqual(None, new_certificate.authority_key_identifier) self.assertEqual(True, new_certificate.ca) self.assertEqual(True, new_certificate.self_issued) self.assertEqual('yes', new_certificate.self_signed) self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
def test_build_end_entity_cert(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.self_signed = True builder.subject_alt_domains = ['example.com'] certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha256', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage']), new_certificate.critical_extensions) self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native) self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native) self.assertEqual(None, new_certificate.authority_key_identifier) self.assertEqual(False, new_certificate.ca) self.assertEqual(True, new_certificate.self_issued) self.assertEqual('yes', new_certificate.self_signed) self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier) self.assertEqual(['example.com'], new_certificate.valid_domains)
def test_build_end_entity_cert(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.self_signed = True builder.subject_alt_domains = ['example.com'] certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha256', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage']), new_certificate.critical_extensions) self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native) self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native) self.assertEqual(None, new_certificate.authority_key_identifier) self.assertEqual(False, new_certificate.ca) self.assertEqual(True, new_certificate.self_issued) self.assertEqual('yes', new_certificate.self_signed) self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier) self.assertEqual(['example.com'], new_certificate.valid_domains)
def test_build_ca_cert(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.hash_algo = 'sha512' builder.self_signed = True builder.ca = True certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha512', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage', 'basic_constraints']), new_certificate.critical_extensions) self.assertEqual(set(['key_cert_sign', 'crl_sign']), new_certificate.key_usage_value.native) self.assertEqual(None, new_certificate.extended_key_usage_value) self.assertEqual(None, new_certificate.authority_key_identifier) self.assertEqual(True, new_certificate.ca) self.assertEqual(True, new_certificate.self_issued) self.assertEqual('yes', new_certificate.self_signed) self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
def create_certificate(): root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open('root_ca.key', 'wb') as f: f.write(asymmetric.dump_private_key(root_ca_private_key, u'p')) with open('root_ca_public.key', 'wb') as f: f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem')) builder = CertificateBuilder( { u'country_name': u'US', u'state_or_province_name': u'Massachusetts', u'locality_name': u'Amherst', u'organization_name': u'Name Certifying service', u'common_name': u'NCS Root CA', }, root_ca_public_key) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build(root_ca_private_key) with open('root_ca.crt', 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate)) # Generate an end-entity key and certificate, signed by the root end_entity_public_key, end_entity_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open('ramteja_tadishetti_private.key', 'wb') as f: f.write(asymmetric.dump_private_key(end_entity_private_key, u'p')) with open('ramteja_tadishetti_public.key', 'wb') as f: f.write(asymmetric.dump_public_key(end_entity_public_key, 'pem')) builder = CertificateBuilder( { u'country_name': u'US', u'state_or_province_name': u'Massachusetts', u'locality_name': u'Amherst', u'organization_name': u'Ramteja Tadishetti Corp', u'common_name': u'ramtejatadishetti', }, end_entity_public_key) builder.issuer = root_ca_certificate #builder.set_extension( u'1.2.840.113549.1.1.1', 'ramteja', allow_deprecated=False) end_entity_certificate = builder.build(root_ca_private_key) with open('ramteja_tadishetti.crt', 'wb') as f: f.write(pem_armor_certificate(end_entity_certificate))
def test_subject_alt_name_shortcuts(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'common_name': 'Test' }, public_key) builder.self_signed = True self.assertEqual(builder.subject_alt_domains, []) builder.subject_alt_domains = ['example.com', 'example.org'] builder.subject_alt_emails = ['*****@*****.**', '*****@*****.**'] builder.subject_alt_ips = ['127.0.0.1'] builder.subject_alt_uris = ['http://example.com', 'https://bücher.ch'] self.assertEqual(builder.subject_alt_domains, ['example.com', 'example.org']) self.assertEqual(builder.subject_alt_emails, ['*****@*****.**', '*****@*****.**']) self.assertEqual(builder.subject_alt_ips, ['127.0.0.1']) self.assertEqual(builder.subject_alt_uris, ['http://example.com', 'https://bücher.ch']) builder.subject_alt_domains = [] self.assertEqual(builder.subject_alt_domains, []) builder.subject_alt_emails = [] self.assertEqual(builder.subject_alt_emails, []) builder.subject_alt_ips = [] self.assertEqual(builder.subject_alt_ips, []) builder.subject_alt_uris = [] self.assertEqual(builder.subject_alt_uris, []) builder.subject_alt_uris = ['https://bücher.ch'] certificate = builder.build(private_key) self.assertEqual(b'\x86\x18https://xn--bcher-kva.ch', certificate.subject_alt_name_value[0].contents)
def test_tsa_certificate_extended_key_usage(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.self_signed = True builder.extended_key_usage = set(('time_stamping',)) certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual(set(['key_usage', 'extended_key_usage']), new_certificate.critical_extensions)
def issue_cert(self, csr: CsrBuilder) -> (PrivateKey, Cert): public_key, private_key = asymmetric.generate_pair('rsa', bit_size=4096) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key) builder.self_signed = True cert = builder.build(private_key) serial = SerialNumber.from_int(cert.serial_number).as_hex() keypath = self._cert_dir / (serial + '.key') with keypath.open('wb') as f: f.write(asymmetric.dump_private_key(private_key, 'password')) certpath = self._cert_dir / (serial + '.pem') with certpath.open('wb') as f: f.write(pem_armor_certificate(cert))
def test_subject_alt_name_shortcuts(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( {'country_name': 'US', 'common_name': 'Test'}, public_key ) builder.self_signed = True self.assertEqual(builder.subject_alt_domains, []) builder.subject_alt_domains = ['example.com', 'example.org'] builder.subject_alt_emails = ['*****@*****.**', '*****@*****.**'] builder.subject_alt_ips = ['127.0.0.1'] builder.subject_alt_uris = ['http://example.com', 'https://bücher.ch'] self.assertEqual(builder.subject_alt_domains, ['example.com', 'example.org']) self.assertEqual(builder.subject_alt_emails, ['*****@*****.**', '*****@*****.**']) self.assertEqual(builder.subject_alt_ips, ['127.0.0.1']) self.assertEqual(builder.subject_alt_uris, ['http://example.com', 'https://bücher.ch']) builder.subject_alt_domains = [] self.assertEqual(builder.subject_alt_domains, []) builder.subject_alt_emails = [] self.assertEqual(builder.subject_alt_emails, []) builder.subject_alt_ips = [] self.assertEqual(builder.subject_alt_ips, []) builder.subject_alt_uris = [] self.assertEqual(builder.subject_alt_uris, []) builder.subject_alt_uris = ['https://bücher.ch'] certificate = builder.build(private_key) self.assertEqual(b'\x86\x18https://xn--bcher-kva.ch', certificate.subject_alt_name_value[0].contents)
def test_validity_general_times(self): public_key, private_key = self.ec_secp256r1 builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key ) builder.self_signed = True builder.begin_date = datetime(2050, 1, 1, tzinfo=timezone.utc) builder.end_date = datetime(2052, 1, 1, tzinfo=timezone.utc) certificate = builder.build(private_key) der_bytes = certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual(new_certificate['tbs_certificate']['validity']['not_before'].name, 'general_time') self.assertEqual(new_certificate['tbs_certificate']['validity']['not_after'].name, 'general_time')
def create_certificate(): root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open('root_ca.key', 'wb') as f: f.write(asymmetric.dump_private_key(root_ca_private_key, u'p')) with open('root_ca_public.key', 'wb') as f: f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem')) builder = CertificateBuilder( { u'country_name': u'US', u'state_or_province_name': u'Massachusetts', u'locality_name': u'Amherst', u'organization_name': u'Name Certifying service', u'common_name': u'NCS Root CA', }, root_ca_public_key) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build(root_ca_private_key) with open('root_ca.crt', 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate))
import json import sys f = open("orqIp.txt", "r") orq_ip = f.read() f.close() keyId = sys.argv[1] r = requests.get("http://" + orq_ip + ":5000/getKey/" + keyId) response = dict(json.loads(r.text)) pub_key = response["pubKey"] asn1PublicKey = core.Asn1Value.load(unhexlify(pub_key)) publicKey = keys.PublicKeyInfo.wrap(asn1PublicKey, u'rsa') builder = CertificateBuilder( { u'country_name': u'SP', u'state_or_province_name': u'Malaga', u'locality_name': u'Malaga', u'organization_name': u'NICS Lab', u'common_name': u'Certificacion Raiz' }, publicKey) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build_mpc(int(keyId), orq_ip, "5000") with open('certificado_raiz.crt', 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate))
def test_build_chain_of_certs(self): ca_public_key, ca_private_key = self.ec_secp521r1 ee_public_key, _ = self.ec_secp256r1 ca_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, ca_public_key ) ca_builder.hash_algo = 'sha512' ca_builder.self_signed = True ca_builder.ca = True ca_certificate = ca_builder.build(ca_private_key) ee_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, ee_public_key ) ee_builder.issuer = ca_certificate ee_builder.serial_number = 1 ee_certificate = ee_builder.build(ca_private_key) der_bytes = ee_certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha256', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, new_certificate.issuer.native ) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native ) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage']), new_certificate.critical_extensions) self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native) self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native) self.assertEqual(ca_certificate.key_identifier, new_certificate.authority_key_identifier) self.assertEqual(False, new_certificate.ca) self.assertEqual(False, new_certificate.self_issued) self.assertEqual('no', new_certificate.self_signed)
def test_build_chain_of_certs(self): ca_public_key, ca_private_key = self.ec_secp521r1 ee_public_key, _ = self.ec_secp256r1 ca_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, ca_public_key) ca_builder.hash_algo = 'sha512' ca_builder.self_signed = True ca_builder.ca = True ca_certificate = ca_builder.build(ca_private_key) ee_builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, ee_public_key) ee_builder.issuer = ca_certificate ee_builder.serial_number = 1 ee_certificate = ee_builder.build(ca_private_key) der_bytes = ee_certificate.dump() new_certificate = asn1crypto.x509.Certificate.load(der_bytes) self.assertEqual('sha256', new_certificate.hash_algo) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Codex Non Sufficit LC - Primary CA', }, new_certificate.issuer.native) self.assertEqual( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, new_certificate.subject.native) self.assertEqual('ecdsa', new_certificate.signature_algo) self.assertEqual(set(['key_usage']), new_certificate.critical_extensions) self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native) self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native) self.assertEqual(ca_certificate.key_identifier, new_certificate.authority_key_identifier) self.assertEqual(False, new_certificate.ca) self.assertEqual(False, new_certificate.self_issued) self.assertEqual('no', new_certificate.self_signed)
root_ca_public_key, root_ca_private_key = asymmetric.generate_pair("rsa", bit_size=2048) with open(os.path.join(fixtures_dir, "root.key"), "wb") as f: f.write(asymmetric.dump_private_key(root_ca_private_key, "password123", target_ms=20)) builder = CertificateBuilder( { "country_name": "US", "state_or_province_name": "Massachusetts", "locality_name": "Newbury", "organization_name": "Codex Non Sufficit LC", "common_name": "CodexNS Root CA 1", }, root_ca_public_key, ) builder.self_signed = True builder.end_entity = False root_ca_certificate = builder.build(root_ca_private_key) with open(os.path.join(fixtures_dir, "root.crt"), "wb") as f: f.write(asymmetric.dump_certificate(root_ca_certificate)) root_crl_public_key, root_crl_private_key = asymmetric.generate_pair("rsa", bit_size=2048) with open(os.path.join(fixtures_dir, "crl_issuer.key"), "wb") as f: f.write(asymmetric.dump_private_key(root_crl_private_key, "password123", target_ms=20)) builder = CertificateBuilder( { "country_name": "US",