def _csr_info(self, subject, public_key, sans): """ Create the csr info portion of the certificate request"s ASN.1 structure :param X509Name subject: subject to add to the certificate request :param asymmetric.PublicKey public_key: public key to use when creating the certificate request"s signature :param sans: collection of dns names to insert into a subjAltName extension for the certificate request :type sans: None or list(str) or tuple(str) or set(str) :return: the certificate request info structure :rtype: csr.CertificationRequestInfo """ x509_subject = x509.Name.build(self._subject_as_dict(subject)) extensions = [(u"basic_constraints", x509.BasicConstraints({"ca": False}), False), (u"key_usage", x509.KeyUsage({"digital_signature", "key_encipherment"}), True), (u"extended_key_usage", x509.ExtKeyUsageSyntax([u"client_auth"]), False)] if sans: names = x509.GeneralNames() for san in sans: names.append( x509.GeneralName("dns_name", _bytes_to_unicode(san))) extensions.append((u"subject_alt_name", names, False)) return csr.CertificationRequestInfo({ "version": u"v1", "subject": x509_subject, "subject_pk_info": public_key.asn1, "attributes": [{ "type": u"extension_request", "values": [[self._create_extension(x) for x in extensions]] }] })
def build(self, signing_private_key): """ Validates the certificate information, constructs an X.509 certificate and then signs it :param signing_private_key: An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey object for the private key to sign the request with. This should be the private key that matches the public key. :return: An asn1crypto.csr.CertificationRequest object of the request """ is_oscrypto = isinstance(signing_private_key, asymmetric.PrivateKey) if not isinstance(signing_private_key, keys.PrivateKeyInfo) and not is_oscrypto: raise TypeError( _pretty_message( ''' signing_private_key must be an instance of asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey, not %s ''', _type_name(signing_private_key))) signature_algo = signing_private_key.algorithm if signature_algo == 'ec': signature_algo = 'ecdsa' signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo) def _make_extension(name, value): return { 'extn_id': name, 'critical': self._determine_critical(name), 'extn_value': value } extensions = [] for name in sorted(self._special_extensions): value = getattr(self, '_%s' % name) if value is not None: extensions.append(_make_extension(name, value)) for name in sorted(self._other_extensions.keys()): extensions.append( _make_extension(name, self._other_extensions[name])) attributes = [] if extensions: attributes.append({ 'type': 'extension_request', 'values': [extensions] }) certification_request_info = csr.CertificationRequestInfo({ 'version': 'v1', 'subject': self._subject, 'subject_pk_info': self._subject_public_key, 'attributes': attributes }) if signing_private_key.algorithm == 'rsa': sign_func = asymmetric.rsa_pkcs1v15_sign elif signing_private_key.algorithm == 'dsa': sign_func = asymmetric.dsa_sign elif signing_private_key.algorithm == 'ec': sign_func = asymmetric.ecdsa_sign if not is_oscrypto: signing_private_key = asymmetric.load_private_key( signing_private_key) signature = sign_func(signing_private_key, certification_request_info.dump(), self._hash_algo) return csr.CertificationRequest({ 'certification_request_info': certification_request_info, 'signature_algorithm': { 'algorithm': signature_algorithm_id, }, 'signature': signature })
name="utc_time", value=datetime.datetime(2049, 12, 31))}, "subject": _FAKE_SUBJECT, "subject_public_key_info": get_fake_public_key_asn1()}), "signature_algorithm": algos.SignedDigestAlgorithm({ "algorithm": u"sha256_rsa"}), "signature_value": b"fake"}).dump()).decode('utf8') FAKE_CSR = \ pem.armor( u"CERTIFICATE REQUEST", csr.CertificationRequest({ "certification_request_info": csr.CertificationRequestInfo({ "version": 1, "subject": _FAKE_SUBJECT, "subject_pk_info": get_fake_public_key_asn1()}), "signature_algorithm": _SIGNATURE_ALGORITHM, "signature": b"fake"}).dump()).decode('utf8') class CliTest(unittest.TestCase): def setUp(self): pass def tearDown(self): patch.stopall() @parameterized.expand([([], ), ("-h", ), ("--help", )]) def test_help_command(self, value): with patch("dxlclient._cli.argparse.ArgumentParser.print_help") \
def build(self, signing_key): """ Validates the certificate information, constructs an X.509 certificate and then signs it :param signing_key: An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey object for the private key to sign the request with. This should be the private key that matches the public key. :returns: An asn1crypto.csr.CertificationRequest object of the request """ if not isinstance(signing_key, objects.ECCKey) and \ not isinstance(signing_key, objects.RSAKey): raise TypeError( _pretty_message( ''' signing_private_key must be an instance of optigatrust.pk.EccKey or optigatrust.pk.RsaKey, not %s ''', _type_name(signing_key))) if isinstance(signing_key, objects.ECCKey): signature_algo = 'ecdsa' elif isinstance(signing_key, objects.RSAKey): signature_algo = 'rsa' else: signature_algo = 'undefined' signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo) def _make_extension(_name, _value): return { 'extn_id': _name, 'critical': self._determine_critical(_name), 'extn_value': _value } extensions = [] for name in sorted(self._special_extensions): value = getattr(self, '_%s' % name) if value is not None: extensions.append(_make_extension(name, value)) for name in sorted(self._other_extensions.keys()): extensions.append( _make_extension(name, self._other_extensions[name])) attributes = [] if extensions: attributes.append({ 'type': 'extension_request', 'values': [extensions] }) print(attributes) certification_request_info = csr.CertificationRequestInfo({ 'version': 'v1', 'subject': self._subject, 'subject_pk_info': self._subject_public_key, 'attributes': attributes }) if isinstance(signing_key, objects.ECCKey): sign_func = crypto.ecdsa_sign elif isinstance(signing_key, objects.RSAKey): sign_func = crypto.pkcs1v15_sign else: raise ValueError( 'Algorithm isn\'t supported, use either ecc or rsa') s = sign_func(signing_key, certification_request_info.dump()) return csr.CertificationRequest({ 'certification_request_info': certification_request_info, 'signature_algorithm': { 'algorithm': signature_algorithm_id, }, 'signature': s.signature })