class Equipment:
def __init__(self, name):
self.__name = name
print("{} created".format(name))
self.__key = KeyPairRSA()
self.__cert = Certificate(name=name,
key_pair_rsa=self.__key,
validity_date=10)
def name(self):
return self.__name
def pubkey(self):
return self.__key.pubkey()
def byte_pubkey(self):
return self.__key.byte_pubkey()
def cert(self):
return self.__cert.cert()
def byte_cert(self):
return self.__cert.byte_cert()
def generate_certificate(self, issuer_name, issuer_pubkey, validity_date):
now = datetime.datetime.utcnow()
# Creation d'un certificat
subject = x509.Name(
[x509.NameAttribute(NameOID.COMMON_NAME, self.__name)])
issuer = x509.Name(
[x509.NameAttribute(NameOID.COMMON_NAME, issuer_name)])
cert = x509.CertificateBuilder() \
.subject_name(subject) \
.issuer_name(issuer) \
.public_key(key=issuer_pubkey) \
.serial_number(number=x509.random_serial_number()) \
.not_valid_before(now) \
.not_valid_after(now + datetime.timedelta(days=validity_date)) \
.add_extension(extension=x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),
critical=False) \
.sign(private_key=self.__key.privkey(),
algorithm=hashes.SHA256(),
backend=default_backend())
print(
'certificate generate by Equipment {} on Equipment {}\'s public key'
.format(subject, issuer))
return cert
def verify_certif(self, cert_to_check, public_key):
public_key.verify(signature=cert_to_check.signature,
data=cert_to_check.tbs_certificate_bytes,
padding=padding.PKCS1v15(),
algorithm=cert_to_check.signature_hash_algorithm)
# print('Certificate verified')
return True
