def _generate_cert(server_name, not_valid_before, not_valid_after, key=RSA_KEY_512_RAW): """ Generate a self-signed certificate for test purposes. :param str server_name: The SAN the certificate should have. :param ~datetime.datetime not_valid_before: Valid from this moment. :param ~datetime.datetime not_valid_after: Expiry time. :param key: The private key. :rtype: `str` :return: The certificate in PEM format. """ common_name = (u'san.too.long.invalid' if len(server_name) > 64 else server_name) name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, common_name)]) cert = (x509.CertificateBuilder().subject_name(name).issuer_name( name).not_valid_before( not_valid_before).not_valid_after(not_valid_after).serial_number( int(uuid.uuid4())).public_key(key.public_key()).add_extension( x509.SubjectAlternativeName([x509.DNSName(server_name)]), critical=False).sign(private_key=key, algorithm=hashes.SHA256(), backend=default_backend())) return [ Certificate(cert.public_bytes(serialization.Encoding.PEM)), RSAPrivateKey( key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption())), ]
def got_cert(certr): objects.append( Certificate( x509.load_der_x509_certificate( certr.body, default_backend()) .public_bytes(serialization.Encoding.PEM))) return certr
def pem_objects(draw): """ Strategy for generating ``pem`` objects. """ key = RSAPrivateKey((b'-----BEGIN RSA PRIVATE KEY-----\n' + encodebytes(draw(s.binary(min_size=1))) + b'-----END RSA PRIVATE KEY-----\n')) return [key] + [ Certificate((b'-----BEGIN CERTIFICATE-----\n' + encodebytes(cert) + b'-----END CERTIFICATE-----\n')) for cert in draw(s.lists(s.binary(min_size=1), min_size=1)) ]