def generate_ca_cert(base_year, quiet=False):
if not quiet:
write('Generating ca cert ... ', end='')
public_key = load_public('ca')
private_key = load_private('ca')
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Bad TLS Limited',
'common_name': 'Bad TLS Limited RSA CA',
},
public_key
)
builder.self_signed = True
builder.ca = True
builder.begin_date = datetime(base_year, 1, 1, 0, 0, 0, tzinfo=timezone.utc)
builder.end_date = datetime(base_year + 10, 1, 1, 0, 0, 0, tzinfo=timezone.utc)
certificate = builder.build(private_key)
dump_cert('ca', certificate)
if not quiet:
write('done')
def build_ca():
if not os.path.exists(settings.CA_PATH):
os.makedirs(settings.CA_PATH)
root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
'rsa', bit_size=4096)
with open(settings.CA_KEY, 'wb') as f:
f.write(
asymmetric.dump_private_key(root_ca_private_key,
settings.CA_KEY_PASSWD))
builder = CertificateBuilder(
{
'country_name': 'CR',
'state_or_province_name': 'San Jose',
'locality_name': 'Costa Rica',
'organization_name': 'DFVA Independiente',
'common_name': 'DFVA Root CA 1',
}, root_ca_public_key)
now = timezone.now()
builder.self_signed = True
builder.ca = True
builder.end_date = now + timedelta(settings.CA_CERT_DURATION * 10)
root_ca_certificate = builder.build(root_ca_private_key)
with open(settings.CA_CERT, 'wb') as f:
f.write(pem_armor_certificate(root_ca_certificate))
builder = CertificateListBuilder('http://crl.dfva.info',
root_ca_certificate, 1000)
crl_list = builder.build(root_ca_private_key)
with open(settings.CA_CRL, 'wb') as f:
f.write(crl_list.dump())
def _gen_ca():
public, private = _gen_key()
builder = CertificateBuilder(
{"organization_name": "Fake Certificate Authority"}, public)
builder.self_signed = True
builder.ca = True
return (_dump_cert(builder.build(private)), _dump_private(private))
def test_validity_general_times(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
}, public_key)
builder.self_signed = True
builder.begin_date = datetime(2050, 1, 1, tzinfo=timezone.utc)
builder.end_date = datetime(2052, 1, 1, tzinfo=timezone.utc)
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual(
new_certificate['tbs_certificate']['validity']['not_before'].name,
'general_time')
self.assertEqual(
new_certificate['tbs_certificate']['validity']['not_after'].name,
'general_time')
def generate_cert_and_key(cn, filename, keysize, keytype='rsa'):
ca_key_name = '%s.key' % filename
ca_cert_name = '%s.crt' % filename
curdir = pathlib.Path(__file__).parent
# Generate and save the key and certificate for the root CA
root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
keytype, bit_size=keysize)
with open(curdir.joinpath(ca_key_name), 'wb') as f:
f.write(asymmetric.dump_private_key(root_ca_private_key, None))
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': cn,
}, root_ca_public_key)
builder.self_signed = True
builder.ca = True
root_ca_certificate = builder.build(root_ca_private_key)
with open(curdir.joinpath(ca_cert_name), 'wb') as f:
f.write(pem_armor_certificate(root_ca_certificate))
def generate_ca2_cert(base_year, quiet=False):
if not quiet:
write('Generating ca2 cert ... ', end='')
public_key = load_public('ca2')
private_key = load_private('ca2')
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Good TLS Limited',
'common_name': 'Good TLS Limited RSA CA',
},
public_key
)
builder.self_signed = True
builder.ca = True
builder.begin_date = datetime(base_year, 1, 1, 0, 0, 0, tzinfo=timezone.utc)
builder.end_date = datetime(base_year + 10, 1, 1, 0, 0, 0, tzinfo=timezone.utc)
certificate = builder.build(private_key)
dump_cert('ca2', certificate)
if not quiet:
write('done')
def generate_self_signed(cls, cn, key_usage, private_key=None):
if private_key is None:
private_key = cls.generate_pair()
builder = CertificateBuilder({
u'common_name': six.text_type(cn),
}, private_key.public_key.to_asn1_public_key())
builder.key_usage = key_usage #[u'digital_signature', u'key_encipherment']
builder.self_signed = True
certificate = builder.build(private_key.to_asn1_private_key())
return Certificate(certificate=certificate), private_key
def test_build_ca_cert(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.hash_algo = 'sha512'
builder.self_signed = True
builder.ca = True
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual('sha512', new_certificate.hash_algo)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.issuer.native
)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.subject.native
)
self.assertEqual('ecdsa', new_certificate.signature_algo)
self.assertEqual(set(['key_usage', 'basic_constraints']), new_certificate.critical_extensions)
self.assertEqual(set(['key_cert_sign', 'crl_sign']), new_certificate.key_usage_value.native)
self.assertEqual(None, new_certificate.extended_key_usage_value)
self.assertEqual(None, new_certificate.authority_key_identifier)
self.assertEqual(True, new_certificate.ca)
self.assertEqual(True, new_certificate.self_issued)
self.assertEqual('yes', new_certificate.self_signed)
self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
def test_build_end_entity_cert(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.self_signed = True
builder.subject_alt_domains = ['example.com']
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual('sha256', new_certificate.hash_algo)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.issuer.native
)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.subject.native
)
self.assertEqual('ecdsa', new_certificate.signature_algo)
self.assertEqual(set(['key_usage']), new_certificate.critical_extensions)
self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native)
self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native)
self.assertEqual(None, new_certificate.authority_key_identifier)
self.assertEqual(False, new_certificate.ca)
self.assertEqual(True, new_certificate.self_issued)
self.assertEqual('yes', new_certificate.self_signed)
self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
self.assertEqual(['example.com'], new_certificate.valid_domains)
def test_build_end_entity_cert(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.self_signed = True
builder.subject_alt_domains = ['example.com']
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual('sha256', new_certificate.hash_algo)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.issuer.native
)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.subject.native
)
self.assertEqual('ecdsa', new_certificate.signature_algo)
self.assertEqual(set(['key_usage']), new_certificate.critical_extensions)
self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native)
self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native)
self.assertEqual(None, new_certificate.authority_key_identifier)
self.assertEqual(False, new_certificate.ca)
self.assertEqual(True, new_certificate.self_issued)
self.assertEqual('yes', new_certificate.self_signed)
self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
self.assertEqual(['example.com'], new_certificate.valid_domains)
def test_build_ca_cert(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.hash_algo = 'sha512'
builder.self_signed = True
builder.ca = True
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual('sha512', new_certificate.hash_algo)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.issuer.native
)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.subject.native
)
self.assertEqual('ecdsa', new_certificate.signature_algo)
self.assertEqual(set(['key_usage', 'basic_constraints']), new_certificate.critical_extensions)
self.assertEqual(set(['key_cert_sign', 'crl_sign']), new_certificate.key_usage_value.native)
self.assertEqual(None, new_certificate.extended_key_usage_value)
self.assertEqual(None, new_certificate.authority_key_identifier)
self.assertEqual(True, new_certificate.ca)
self.assertEqual(True, new_certificate.self_issued)
self.assertEqual('yes', new_certificate.self_signed)
self.assertEqual(certificate.public_key.sha1, new_certificate.key_identifier)
def create_certificate():
root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
'rsa', bit_size=2048)
with open('root_ca.key', 'wb') as f:
f.write(asymmetric.dump_private_key(root_ca_private_key, u'p'))
with open('root_ca_public.key', 'wb') as f:
f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem'))
builder = CertificateBuilder(
{
u'country_name': u'US',
u'state_or_province_name': u'Massachusetts',
u'locality_name': u'Amherst',
u'organization_name': u'Name Certifying service',
u'common_name': u'NCS Root CA',
}, root_ca_public_key)
builder.self_signed = True
builder.ca = True
root_ca_certificate = builder.build(root_ca_private_key)
with open('root_ca.crt', 'wb') as f:
f.write(pem_armor_certificate(root_ca_certificate))
# Generate an end-entity key and certificate, signed by the root
end_entity_public_key, end_entity_private_key = asymmetric.generate_pair(
'rsa', bit_size=2048)
with open('ramteja_tadishetti_private.key', 'wb') as f:
f.write(asymmetric.dump_private_key(end_entity_private_key, u'p'))
with open('ramteja_tadishetti_public.key', 'wb') as f:
f.write(asymmetric.dump_public_key(end_entity_public_key, 'pem'))
builder = CertificateBuilder(
{
u'country_name': u'US',
u'state_or_province_name': u'Massachusetts',
u'locality_name': u'Amherst',
u'organization_name': u'Ramteja Tadishetti Corp',
u'common_name': u'ramtejatadishetti',
}, end_entity_public_key)
builder.issuer = root_ca_certificate
#builder.set_extension( u'1.2.840.113549.1.1.1', 'ramteja', allow_deprecated=False)
end_entity_certificate = builder.build(root_ca_private_key)
with open('ramteja_tadishetti.crt', 'wb') as f:
f.write(pem_armor_certificate(end_entity_certificate))
def test_subject_alt_name_shortcuts(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'common_name': 'Test'
}, public_key)
builder.self_signed = True
self.assertEqual(builder.subject_alt_domains, [])
builder.subject_alt_domains = ['example.com', 'example.org']
builder.subject_alt_emails = ['*****@*****.**', '*****@*****.**']
builder.subject_alt_ips = ['127.0.0.1']
builder.subject_alt_uris = ['http://example.com', 'https://bücher.ch']
self.assertEqual(builder.subject_alt_domains,
['example.com', 'example.org'])
self.assertEqual(builder.subject_alt_emails,
['*****@*****.**', '*****@*****.**'])
self.assertEqual(builder.subject_alt_ips, ['127.0.0.1'])
self.assertEqual(builder.subject_alt_uris,
['http://example.com', 'https://bücher.ch'])
builder.subject_alt_domains = []
self.assertEqual(builder.subject_alt_domains, [])
builder.subject_alt_emails = []
self.assertEqual(builder.subject_alt_emails, [])
builder.subject_alt_ips = []
self.assertEqual(builder.subject_alt_ips, [])
builder.subject_alt_uris = []
self.assertEqual(builder.subject_alt_uris, [])
builder.subject_alt_uris = ['https://bücher.ch']
certificate = builder.build(private_key)
self.assertEqual(b'\x86\x18https://xn--bcher-kva.ch',
certificate.subject_alt_name_value[0].contents)
def test_tsa_certificate_extended_key_usage(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.self_signed = True
builder.extended_key_usage = set(('time_stamping',))
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual(set(['key_usage', 'extended_key_usage']), new_certificate.critical_extensions)
def issue_cert(self, csr: CsrBuilder) -> (PrivateKey, Cert):
public_key, private_key = asymmetric.generate_pair('rsa',
bit_size=4096)
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
}, public_key)
builder.self_signed = True
cert = builder.build(private_key)
serial = SerialNumber.from_int(cert.serial_number).as_hex()
keypath = self._cert_dir / (serial + '.key')
with keypath.open('wb') as f:
f.write(asymmetric.dump_private_key(private_key, 'password'))
certpath = self._cert_dir / (serial + '.pem')
with certpath.open('wb') as f:
f.write(pem_armor_certificate(cert))
def test_subject_alt_name_shortcuts(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{'country_name': 'US', 'common_name': 'Test'},
public_key
)
builder.self_signed = True
self.assertEqual(builder.subject_alt_domains, [])
builder.subject_alt_domains = ['example.com', 'example.org']
builder.subject_alt_emails = ['*****@*****.**', '*****@*****.**']
builder.subject_alt_ips = ['127.0.0.1']
builder.subject_alt_uris = ['http://example.com', 'https://bücher.ch']
self.assertEqual(builder.subject_alt_domains, ['example.com', 'example.org'])
self.assertEqual(builder.subject_alt_emails, ['*****@*****.**', '*****@*****.**'])
self.assertEqual(builder.subject_alt_ips, ['127.0.0.1'])
self.assertEqual(builder.subject_alt_uris, ['http://example.com', 'https://bücher.ch'])
builder.subject_alt_domains = []
self.assertEqual(builder.subject_alt_domains, [])
builder.subject_alt_emails = []
self.assertEqual(builder.subject_alt_emails, [])
builder.subject_alt_ips = []
self.assertEqual(builder.subject_alt_ips, [])
builder.subject_alt_uris = []
self.assertEqual(builder.subject_alt_uris, [])
builder.subject_alt_uris = ['https://bücher.ch']
certificate = builder.build(private_key)
self.assertEqual(b'\x86\x18https://xn--bcher-kva.ch', certificate.subject_alt_name_value[0].contents)
def test_validity_general_times(self):
public_key, private_key = self.ec_secp256r1
builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
builder.self_signed = True
builder.begin_date = datetime(2050, 1, 1, tzinfo=timezone.utc)
builder.end_date = datetime(2052, 1, 1, tzinfo=timezone.utc)
certificate = builder.build(private_key)
der_bytes = certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual(new_certificate['tbs_certificate']['validity']['not_before'].name, 'general_time')
self.assertEqual(new_certificate['tbs_certificate']['validity']['not_after'].name, 'general_time')
def create_certificate():
root_ca_public_key, root_ca_private_key = asymmetric.generate_pair(
'rsa', bit_size=2048)
with open('root_ca.key', 'wb') as f:
f.write(asymmetric.dump_private_key(root_ca_private_key, u'p'))
with open('root_ca_public.key', 'wb') as f:
f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem'))
builder = CertificateBuilder(
{
u'country_name': u'US',
u'state_or_province_name': u'Massachusetts',
u'locality_name': u'Amherst',
u'organization_name': u'Name Certifying service',
u'common_name': u'NCS Root CA',
}, root_ca_public_key)
builder.self_signed = True
builder.ca = True
root_ca_certificate = builder.build(root_ca_private_key)
with open('root_ca.crt', 'wb') as f:
f.write(pem_armor_certificate(root_ca_certificate))
import json
import sys
f = open("orqIp.txt", "r")
orq_ip = f.read()
f.close()
keyId = sys.argv[1]
r = requests.get("http://" + orq_ip + ":5000/getKey/" + keyId)
response = dict(json.loads(r.text))
pub_key = response["pubKey"]
asn1PublicKey = core.Asn1Value.load(unhexlify(pub_key))
publicKey = keys.PublicKeyInfo.wrap(asn1PublicKey, u'rsa')
builder = CertificateBuilder(
{
u'country_name': u'SP',
u'state_or_province_name': u'Malaga',
u'locality_name': u'Malaga',
u'organization_name': u'NICS Lab',
u'common_name': u'Certificacion Raiz'
}, publicKey)
builder.self_signed = True
builder.ca = True
root_ca_certificate = builder.build_mpc(int(keyId), orq_ip, "5000")
with open('certificado_raiz.crt', 'wb') as f:
f.write(pem_armor_certificate(root_ca_certificate))
def test_build_chain_of_certs(self):
ca_public_key, ca_private_key = self.ec_secp521r1
ee_public_key, _ = self.ec_secp256r1
ca_builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Codex Non Sufficit LC - Primary CA',
},
ca_public_key
)
ca_builder.hash_algo = 'sha512'
ca_builder.self_signed = True
ca_builder.ca = True
ca_certificate = ca_builder.build(ca_private_key)
ee_builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
ee_public_key
)
ee_builder.issuer = ca_certificate
ee_builder.serial_number = 1
ee_certificate = ee_builder.build(ca_private_key)
der_bytes = ee_certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual('sha256', new_certificate.hash_algo)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Codex Non Sufficit LC - Primary CA',
},
new_certificate.issuer.native
)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
new_certificate.subject.native
)
self.assertEqual('ecdsa', new_certificate.signature_algo)
self.assertEqual(set(['key_usage']), new_certificate.critical_extensions)
self.assertEqual(set(['digital_signature', 'key_encipherment']), new_certificate.key_usage_value.native)
self.assertEqual(['server_auth', 'client_auth'], new_certificate.extended_key_usage_value.native)
self.assertEqual(ca_certificate.key_identifier, new_certificate.authority_key_identifier)
self.assertEqual(False, new_certificate.ca)
self.assertEqual(False, new_certificate.self_issued)
self.assertEqual('no', new_certificate.self_signed)
def test_build_chain_of_certs(self):
ca_public_key, ca_private_key = self.ec_secp521r1
ee_public_key, _ = self.ec_secp256r1
ca_builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Codex Non Sufficit LC - Primary CA',
}, ca_public_key)
ca_builder.hash_algo = 'sha512'
ca_builder.self_signed = True
ca_builder.ca = True
ca_certificate = ca_builder.build(ca_private_key)
ee_builder = CertificateBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
}, ee_public_key)
ee_builder.issuer = ca_certificate
ee_builder.serial_number = 1
ee_certificate = ee_builder.build(ca_private_key)
der_bytes = ee_certificate.dump()
new_certificate = asn1crypto.x509.Certificate.load(der_bytes)
self.assertEqual('sha256', new_certificate.hash_algo)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Codex Non Sufficit LC - Primary CA',
}, new_certificate.issuer.native)
self.assertEqual(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
}, new_certificate.subject.native)
self.assertEqual('ecdsa', new_certificate.signature_algo)
self.assertEqual(set(['key_usage']),
new_certificate.critical_extensions)
self.assertEqual(set(['digital_signature', 'key_encipherment']),
new_certificate.key_usage_value.native)
self.assertEqual(['server_auth', 'client_auth'],
new_certificate.extended_key_usage_value.native)
self.assertEqual(ca_certificate.key_identifier,
new_certificate.authority_key_identifier)
self.assertEqual(False, new_certificate.ca)
self.assertEqual(False, new_certificate.self_issued)
self.assertEqual('no', new_certificate.self_signed)
root_ca_public_key, root_ca_private_key = asymmetric.generate_pair("rsa", bit_size=2048)
with open(os.path.join(fixtures_dir, "root.key"), "wb") as f:
f.write(asymmetric.dump_private_key(root_ca_private_key, "password123", target_ms=20))
builder = CertificateBuilder(
{
"country_name": "US",
"state_or_province_name": "Massachusetts",
"locality_name": "Newbury",
"organization_name": "Codex Non Sufficit LC",
"common_name": "CodexNS Root CA 1",
},
root_ca_public_key,
)
builder.self_signed = True
builder.end_entity = False
root_ca_certificate = builder.build(root_ca_private_key)
with open(os.path.join(fixtures_dir, "root.crt"), "wb") as f:
f.write(asymmetric.dump_certificate(root_ca_certificate))
root_crl_public_key, root_crl_private_key = asymmetric.generate_pair("rsa", bit_size=2048)
with open(os.path.join(fixtures_dir, "crl_issuer.key"), "wb") as f:
f.write(asymmetric.dump_private_key(root_crl_private_key, "password123", target_ms=20))
builder = CertificateBuilder(
{
"country_name": "US",
