def issuer(self, value):
"""
An asn1crypto.x509.Certificate object of the issuer. Used to populate
both the issuer field, but also the authority key identifier extension.
If the (CRL) issuer is not the issuer of the certificates (in which
case the CRL is known as an indirect CRL), the .certificate_issuer
attribute must be set to Certificate that issued the certificates.
"""
is_oscrypto = isinstance(value, asymmetric.Certificate)
if not is_oscrypto and not isinstance(value, x509.Certificate):
raise TypeError(
_pretty_message(
'''
issuer must be an instance of asn1crypto.x509.Certificate or
oscrypto.asymmetric.Certificate, not %s
''', _type_name(value)))
if is_oscrypto:
value = value.asn1
if value.key_identifier is None:
raise ValueError(
_pretty_message('''
issuer certificate must have a key identifier extension to be
used for signing CRLs
'''))
self._issuer = value
self._authority_key_identifier = x509.AuthorityKeyIdentifier(
{'key_identifier': value.key_identifier})
def format_tbs_crl(self, crl_number: int, this_update: datetime,
revoked_certs, next_update: datetime,
distpoint: x509.DistributionPoint = None) \
-> crl.TbsCertList:
extensions = [
crl.TBSCertListExtension({
'extn_id': 'crl_number', 'extn_value': core.Integer(crl_number)
}),
crl.TBSCertListExtension({
'extn_id': 'authority_key_identifier',
'extn_value': x509.AuthorityKeyIdentifier({
'key_identifier': self.authority_key_identifier
})
}),
]
extensions.extend(self.extra_crl_extensions)
if distpoint is not None:
extn_value = crl.IssuingDistributionPoint(distpoint)
extensions.append(
crl.TBSCertListExtension({
'extn_id': 'issuing_distribution_point',
'critical': True,
'extn_value': core.ParsableOctetString(extn_value.dump())
})
)
revoked = crl.RevokedCertificates(revoked_certs)
return crl.TbsCertList({
'version': 'v2',
'signature': self.signature_algo,
'issuer': self.issuer_name,
'this_update': x509.Time({'general_time': this_update}),
'next_update': x509.Time({'general_time': next_update}),
'revoked_certificates': revoked,
'crl_extensions': crl.TBSCertListExtensions(extensions)
})
def issuer(self, value):
"""
An asn1crypto.x509.Certificate object of the issuer. Used to populate
both the issuer field, but also the authority key identifier extension.
"""
is_oscrypto = isinstance(value, asymmetric.Certificate)
if not isinstance(value, x509.Certificate) and not is_oscrypto:
raise TypeError(_pretty_message(
'''
issuer must be an instance of asn1crypto.x509.Certificate or
oscrypto.asymmetric.Certificate, not %s
''',
_type_name(value)
))
if is_oscrypto:
value = value.asn1
self._issuer = value.subject
self._key_identifier = self._subject_public_key.sha1
self._authority_key_identifier = x509.AuthorityKeyIdentifier({
'key_identifier': value.public_key.sha1
})