Example #1
0
def generate_request(dn=None, request=None, path=None,
                     keySize=2048, key=None, extensions=None):
    """This funciton is for certificate request generation.

    :param request: either a PEM :class:`str` a DER :class:`str`
    :param path: the path to the certificate request file
    :param key: if sepecified this will be wrapped in
       a :class:`~gsindl.key.Key`
    :param keySize: The size of the key to be generated (default 2048)
    :param dn: the DN string of M2Crypto X509_Name
    :param extensions: a :class:`list` of :class:`dict` objects
       containing extensions

    """

    # Create public key object
    if key and not request:
        _key = key
    else:
        _key = generate_key(keySize=keySize)

    # Create certificate._request
    if request:
        _request = request
        if isinstance(request, str):
            if request.startswith("-----BEGIN CERTIFICATE REQUEST-----"):
                bio = BIO.MemoryBuffer(request)
                cptr = m2.x509_req_read_pem(bio._ptr())
                if cptr is None:
                    raise X509.X509Error(Err.get_error())
                _request = X509.Request(cptr, _pyfree=1)
            elif ord(request[0]) == 48:
                bio = BIO.MemoryBuffer(request)
                cptr = m2.d2i_x509_req(bio._ptr())
                if cptr is None:
                    raise X509.X509Error(Err.get_error())
                _request = X509.Request(cptr, _pyfree=1)
            elif path.exists(request):
                reqfile = open(request)
                bio = BIO.File(reqfile)
                _request = X509.load_request_bio(bio)
            else:
                raise ValueError('WFT')
    else:
        _request = X509.Request()
        _request.set_pubkey(_key)
        _request.set_version(0)

    if dn:
        if isinstance(dn, X509.X509_Name):
            _request.set_subject_name(dn)
        elif isinstance(dn, str):
            _request.set_subject_name(_build_name_from_string(dn))
        else:
            raise ValueError("the DN passes in isn't either a "
                             "X509_Name or string")

    if extensions:
        extstack = X509.X509_Extension_Stack()

        sslower = lambda s: s.lower().replace(' ', '')

        for e in extensions:
            name = e['name']
            key = sslower(name)
            critical = e['critical']
            if key in multi_attrs:
                e['value'] = ', '.join([multi_attrs[key][sslower(v)]
                               for v in e['value'].split(',')])
            extstack.push(X509.new_extension(Att_map[key],
                                             e['value'],
                                             critical=int(critical)))
        _request.add_extensions(extstack)

    return _request, _key
Example #2
0
def generate_certificate(dn=None, certificate=None,
                         key=None, version=2,
                         lifetime=43200,
                         extensions=None,
                         issuer=None,
                         callback=no_passphrase_callback):
    _key = None
    if key:
        _key = key

    if isinstance(certificate, str):
        if certificate.startswith("-----BEGIN CERTIFICATE-----"):
            _certificate = X509.load_cert_string(str(certificate),
                                                 X509.FORMAT_PEM)
        elif path.exists(certificate):
            certfile = open(certificate)
            bio = BIO.File(certfile)
            _certificate = X509.load_cert_bio(bio)
        else:
            raise ValueError("WTF")
    else:
        _certificate = X509.X509()
        if not key:
            key = generate_key()
        _key = key
        _certificate.set_pubkey(_key)

    if dn:
        if isinstance(dn, X509.X509_Name):
            _certificate.set_subject_name(dn)
        elif isinstance(dn, str):
            _certificate.set_subject_name(_build_name_from_string(dn))
        else:
            raise ValueError('invalid dn')

    # set version
    _certificate.set_version(version)

    # set times
    not_before = ASN1.ASN1_UTCTIME()
    not_after = ASN1.ASN1_UTCTIME()
    not_before.set_time(int(time.time()) - 300)
    not_after.set_time(int(time.time()) + lifetime)
    _certificate.set_not_before(not_before)
    _certificate.set_not_after(not_after)

    # set issuer
    if issuer:
        if isinstance(issuer, X509.X509_Name):
            _certificate.set_issuer_name(issuer)
        elif isinstance(issuer, str):
            _certificate.set_issuer_name(_build_name_from_string(issuer))
        else:
            raise ValueError('invalid issuer')

    if extensions:
        for e in extensions:
            sslower = lambda s: s.lower().replace(' ', '')
            name = e['name']
            key = sslower(name)
            critical = e['critical']
            if key in multi_attrs:
                e['value'] = ', '.join([multi_attrs[key][sslower(v)]
                                        for v in e['value'].split(',')])
            _certificate.add_ext(X509.new_extension(Att_map[key],
                                                    e['value'],
                                                    critical=int(critical)))

    return _certificate, _key