forked from Girundi/face-recognition
-
Notifications
You must be signed in to change notification settings - Fork 0
/
self_sign_cert.py
92 lines (77 loc) · 3.21 KB
/
self_sign_cert.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import socket
def _gen_openssl():
import random
from OpenSSL import crypto
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
x509 = crypto.X509()
subject = x509.get_subject()
subject.commonName = socket.gethostname()
x509.set_issuer(subject)
x509.gmtime_adj_notBefore(0)
x509.gmtime_adj_notAfter(5*365*24*60*60)
x509.set_pubkey(pkey)
x509.set_serial_number(random.randrange(100000))
x509.set_version(2)
x509.add_extensions([
crypto.X509Extension(b'subjectAltName', False,
','.join([
'DNS:%s' % socket.gethostname(),
'DNS:*.%s' % socket.gethostname(),
'DNS:localhost',
'DNS:*.localhost']).encode()),
crypto.X509Extension(b"basicConstraints", True, b"CA:false")])
x509.sign(pkey, 'SHA256')
return (crypto.dump_certificate(crypto.FILETYPE_PEM, x509).decode(),
crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode())
def _gen_cryptography():
import datetime
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.x509.oid import NameOID
one_day = datetime.timedelta(1, 0, 0)
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, socket.gethostname())]))
builder = builder.issuer_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, socket.gethostname())]))
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
builder = builder.not_valid_after(datetime.datetime.today() + (one_day*365*5))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(public_key)
builder = builder.add_extension(
x509.SubjectAlternativeName([
x509.DNSName(socket.gethostname()),
x509.DNSName('*.%s' % socket.gethostname()),
x509.DNSName('localhost'),
x509.DNSName('*.localhost'),
]),
critical=False)
builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)
certificate = builder.sign(
private_key=private_key, algorithm=hashes.SHA256(),
backend=default_backend())
return (certificate.public_bytes(serialization.Encoding.PEM),
private_key.private_bytes(serialization.Encoding.PEM,
serialization.PrivateFormat.PKCS8,
serialization.NoEncryption()))
def gen_self_signed_cert():
'''
Returns (cert, key) as ASCII PEM strings
'''
try:
return _gen_openssl()
except:
try:
return _gen_cryptography()
except:
return (None, None)
return (None, None)
if __name__ == '__main__':
print(gen_self_signed_cert())