def create_payload(cert: crypto.X509,
filename: str,
pkcs12: bool,
ca_cert: crypto.X509 = None):
if ca_cert:
ca_key = crypto.PKey()
ca_key.generate_key(crypto.TYPE_RSA, 1024)
ca_cert.set_pubkey(ca_key)
ca_cert.sign(ca_key, 'sha1')
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(key)
cert.sign(key if not ca_cert else ca_key, 'sha1')
if not pkcs12:
with open(filename + '.crt', 'wb') as f:
print('Writing certificate...')
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(filename + '.key', 'wb') as f:
print('Writing key... Password is ""')
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
if ca_cert:
print('Writing ca_certififcate...')
with open(filename + '_ca.crt', 'wb') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca_cert))
else:
store = crypto.PKCS12()
if ca_cert:
store.set_ca_certificates([ca_cert])
store.set_certificate(cert)
store.set_privatekey(key)
with open(filename + '.pfx', 'wb') as f:
print('Writing PKCS12... No export password')
f.write(store.export())
