Exemple #1
0
 def generate_csr(self, private_key, subject_name, extensions=None):
     common_name = subject_name.get_attributes_for_oid(
         NameOID.COMMON_NAME)[0].value
     info = CertificationRequestInfo({
         'version':
         0,
         'subject':
         Name.build({
             'country_name': 'US',
             'state_or_province_name': 'North Carolina',
             'organization_name': 'Hyperledger',
             'organizational_unit_name': 'Fabric',
             'common_name': common_name
         }),
         'subject_pk_info':
         PublicKeyInfo.load(encode_ec_public_key(private_key.public_key)),
         'attributes':
         CRIAttributes([])
     })
     hash = hashlib.sha256(info.dump()).digest()
     signature = private_key.private_key.sign(hash,
                                              mechanism=Mechanism.ECDSA)
     csr = CertificationRequest({
         'certification_request_info':
         info,
         'signature_algorithm': {
             'algorithm': 'sha256_ecdsa',
             'parameters': None
         },
         'signature':
         encode_ecdsa_signature(signature)
     })
     der = csr.dump()
     result = x509.load_der_x509_csr(der, default_backend())
     return result
Exemple #2
0
    def test_sign_csr(self):
        # Warning: proof of concept code only!
        pub, priv = self.session.generate_keypair(KeyType.RSA, 1024)

        info = CertificationRequestInfo({
            'version': 0,
            'subject': Name.build({
                'common_name': 'Test Certificate',
            }),
            'subject_pk_info': {
                'algorithm': {
                    'algorithm': 'rsa',
                    'parameters': None,
                },
                'public_key': RSAPublicKey.load(encode_rsa_public_key(pub)),
            },
        })

        # Sign the CSR Info
        value = priv.sign(info.dump(),
                          mechanism=Mechanism.SHA1_RSA_PKCS)

        csr = CertificationRequest({
            'certification_request_info': info,
            'signature_algorithm': {
                'algorithm': 'sha1_rsa',
                'parameters': None,
            },
            'signature': value,
        })

        # Pipe our CSR to OpenSSL to verify it
        with subprocess.Popen((OPENSSL, 'req',
                               '-inform', 'der',
                               '-noout',
                               '-verify'),
                              stdin=subprocess.PIPE,
                              stdout=subprocess.DEVNULL) as proc:

            proc.stdin.write(csr.dump())
            proc.stdin.close()

            self.assertEqual(proc.wait(), 0)
Exemple #3
0
            'public_key': RSAPublicKey.load(encode_rsa_public_key(pub)),
        },
    })

    # Sign the CSR Info
    value = priv.sign(info.dump(), mechanism=Mechanism.SHA1_RSA_PKCS)

    csr = CertificationRequest({
        'certification_request_info': info,
        'signature_algorithm': {
            'algorithm': 'sha1_rsa',
            'parameters': None,
        },
        'signature': value,
    })
    certpem = pem.armor('CERTIFICATE REQUEST', csr.dump()).decode()
    # Pipe our CSR to OpenSSL to verify it
    with subprocess.Popen(
        ('/bin/openssl', 'req', '-inform', 'der', '-noout', '-verify'),
            stdin=subprocess.PIPE,
            stdout=subprocess.DEVNULL) as proc:

        proc.stdin.write(csr.dump())
        proc.stdin.close()

    user = environ.get('TPPUSER')
    password = environ.get('TPPPASSWORD')
    url = environ.get('TPPURL')
    zone = environ.get("ZONE")
    conn = Connection(url=url,
                      user=user,