def make_root_ca(
subject=None,
not_before=None,
not_after=None,
serial_number=None,
basic_constraints=None,
digestmod=None,
):
if subject is None:
subject = "OU=test, CN=Trusted CA"
if not_before is None:
not_before = dt.datetime.utcnow()
if not_after is None:
not_after = not_before + dt.timedelta(days=90)
if serial_number is None:
serial_number = 0x123456
if basic_constraints is None:
basic_constraints = BasicConstraints(True, -1)
if digestmod is None:
digestmod = hashlib.sha256
key = RSA()
key.generate()
crt = CRT.selfsign(
csr=CSR.new(key, subject, digestmod()),
issuer_key=key,
not_before=not_before,
not_after=not_after,
serial_number=serial_number,
basic_constraints=basic_constraints,
)
return crt, key
def ca0_crt(self, ca0_key, digestmod, now):
ca0_csr = CSR.new(ca0_key, "CN=Trusted CA", digestmod())
return CRT.selfsign(ca0_csr,
ca0_key,
not_before=now,
not_after=now + dt.timedelta(days=90),
serial_number=0x123456,
basic_constraints=BasicConstraints(True, -1))
def trust_store(self, ca0_crt, version):
store = TrustStore()
store.add(CRT.from_DER(ca0_crt.to_DER()))
return store