Python BasicConstraints Examples

Example #1

File: __init__.py Project: sodre/certbuilder

    def ca(self, value):
        self._basic_constraints = x509.BasicConstraints({'ca': bool(value)})

        if value:
            self._key_usage = x509.KeyUsage(set(['key_cert_sign', 'crl_sign']))
            self._extended_key_usage = None
        else:
            self._key_usage = x509.KeyUsage(set(['digital_signature', 'key_encipherment']))
            self._extended_key_usage = x509.ExtKeyUsageSyntax(['server_auth', 'client_auth'])

Example #2

File: csr.py Project: ayushev/python-optiga-trust

    def ca(self, value):
        if value is None:
            self._basic_constraints = None
            return

        self._basic_constraints = asn1_x509.BasicConstraints(
            {'ca': bool(value)})

        if value:
            self._key_usage = asn1_x509.KeyUsage({'key_cert_sign', 'crl_sign'})
            self._extended_key_usage = asn1_x509.ExtKeyUsageSyntax(
                ['ocsp_signing'])
        else:
            self._key_usage = asn1_x509.KeyUsage(
                {'digital_signature', 'key_encipherment'})
            self._extended_key_usage = asn1_x509.ExtKeyUsageSyntax(
                ['server_auth', 'client_auth'])

Example #3

    def _csr_info(self, subject, public_key, sans):
        """
        Create the csr info portion of the certificate request"s ASN.1
        structure

        :param X509Name subject: subject to add to the certificate request
        :param asymmetric.PublicKey public_key: public key to use when creating
            the certificate request"s signature
        :param sans: collection of dns names to insert into a subjAltName
            extension for the certificate request
        :type sans: None or list(str) or tuple(str) or set(str)
        :return: the certificate request info structure
        :rtype: csr.CertificationRequestInfo
        """
        x509_subject = x509.Name.build(self._subject_as_dict(subject))
        extensions = [(u"basic_constraints",
                       x509.BasicConstraints({"ca": False}), False),
                      (u"key_usage",
                       x509.KeyUsage({"digital_signature",
                                      "key_encipherment"}), True),
                      (u"extended_key_usage",
                       x509.ExtKeyUsageSyntax([u"client_auth"]), False)]
        if sans:
            names = x509.GeneralNames()
            for san in sans:
                names.append(
                    x509.GeneralName("dns_name", _bytes_to_unicode(san)))
            extensions.append((u"subject_alt_name", names, False))

        return csr.CertificationRequestInfo({
            "version":
            u"v1",
            "subject":
            x509_subject,
            "subject_pk_info":
            public_key.asn1,
            "attributes": [{
                "type":
                u"extension_request",
                "values": [[self._create_extension(x) for x in extensions]]
            }]
        })