def create_x509_certificate(ca_cert, ca_privkey,
cert_passphrase_callback, ca_passphrase_callback, serial=0, notbefore=now(),
notafter=plus_twentyyears(now()), **name):
"""Create and return a new x509 certificate using a Certificate Authority
@param ca_cert: The Certificate Authority to use to create
the new X509 certificate
@type ca_cert: M2Crypto.X509.X509 instance
@param ca_privkey: The Certificate Authority private key, its the
private key which was used for sign the CA
@type ca_privkey: M2Crypto.RSA.RSA instance
@param cert_passphrase_callback: A Python callable object that is invoked
during key generation; its usual purpose is to provide visual
feedback.
@type cert_passphrase_callback: Callback
@param ca_passphrase_callback: A Python callable object that is invoked
during the new certificate signature; its usual purpose is to provide visual
feedback.
@param serial: Serial number for the certificate, default is 0
@type serial: Integer
@param notbefore: datetime.datetime instance when the certificate
starts being valid, default is 0
@type notbefore: datetime.datetime instance
@param notafter: datetime.datetime instance when the certificate
stops being valid, default is 20 years
@type notafter: datetime.datetime instance
@param: **name - The name of the subject of the request, possible
arguments are:
C - Country name
ST - State or province name
L - Locality name
O - Organization name
OU - Organizational unit name
CN - Common name
emailAddress - E-mail address
"""
pubkey, privkey = create_rsa_keyring(
passphrase_callback=cert_passphrase_callback)
priv_evp = as_evp_pkey(privkey)
pub_evp = as_evp_pkey(pubkey)
ca_privkey_evp = as_evp_pkey(ca_privkey)
cert_req = create_cert_request(pub_evp, priv_evp, **name)
cert = create_certificate(
cert_req,
(ca_cert, ca_privkey_evp),
serial,
(notbefore, notafter)
)
return cert, pubkey, privkey
def create_x509_cert(ca_cert, cacert_privkey, serial):
mynow = now()
cert, pub, priv = pki.create_x509_certificate(ca_cert, cacert_privkey,
cert_passphrase_callback=passphrase_callback,
ca_passphrase_callback=ca_passphrase_callback,
notbefore=mynow, notafter=plus_twentyyears(mynow),
serial=serial,
O=my_org, L=my_location,
CN=my_certname)
return cert, pub, priv
def create_certificate_authority(passphrase_callback, serial=0,
notbefore=now(), notafter=plus_twentyyears(now()), digest="md5", **name):
"""Function to create a certificate authority.
@param passphrase_callback: a callback that will be called without
argument and that must return the passphrase you want to use
on your CA key
@type passphrase_callback: callable
@param serial: Serial number for the certificate, default is 0
@type serial: Integer
@param notbefore: datetime.datetime instance when
the certificate starts being valid, default is now
@type notbefore: datetime.datetime instance
@param notafter: datetime.datetime instance when the certificate
stops being valid, default is 20 years more than now
@type notafter: datetime.datetime instance
@param: **name - The name of the subject of the request, possible
arguments are:
C - Country name
ST - State or province name
L - Locality name
O - Organization name
OU - Organizational unit name
CN - Common name
emailAddress - E-mail address
"""
assert isinstance(notbefore, datetime.datetime)
assert isinstance(notafter, datetime.datetime)
pubkey, privkey = create_rsa_keyring(
passphrase_callback=passphrase_callback)
ca_priv_evp = as_evp_pkey(privkey)
ca_pub_evp = as_evp_pkey(pubkey)
ca_cert_req = create_cert_request(ca_pub_evp, ca_priv_evp, digest, **name)
ca_cert = create_certificate(
ca_cert_req,
(ca_cert_req, ca_priv_evp),
serial,
(notbefore, notafter)
)
return ca_cert, pubkey, privkey
