def create_signed_data(key_path, signed_data_pem_path, cert_path): # Use some random data as the message. data_to_sign = os.urandom(256) sha1_signature = sign_data(key_path, data_to_sign, 'sha1') sha256_signature = sign_data(key_path, data_to_sign, 'sha256') # Write a final PEM file which incorporates the message, and signatures. signed_data_pem_data = """ These signatures were generated using the device certificate key from: %s The data being signed is a bunch of random data. -----BEGIN MESSAGE----- %s -----END MESSAGE----- Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA1 -----BEGIN SIGNATURE SHA1----- %s -----END SIGNATURE SHA1----- Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA256 -----BEGIN SIGNATURE SHA256----- %s -----END SIGNATURE SHA256----- """ % (cert_path, base64.b64encode(data_to_sign), base64.b64encode(sha1_signature), base64.b64encode(sha256_signature)) common.write_string_to_file(signed_data_pem_data, signed_data_pem_path)
def sign_data(key_path, data_to_sign, digest): """Returns the signature of |data_to_sign| using the key at |key_path| and the digest algorithm |digest|. The |digest| parameter should be either "sha256" or "sha1""" data_to_sign_path = 'out/tmp_data_to_sign' signed_data_path = 'out/tmp_signed_data' common.write_string_to_file(data_to_sign, data_to_sign_path) subprocess.check_call(['openssl', 'dgst', '-' + digest, '-sign', key_path, '-out', signed_data_path, data_to_sign_path ]) signature = common.read_file_to_string(signed_data_path) # Delete the temporary files. os.remove(data_to_sign_path) os.remove(signed_data_path) return signature
def write_cert_to_file(cert, filename): common.write_string_to_file( "Generated by %s.\n" "Refer to generator script docstring for details.\n%s" % ( sys.argv[0], cert.get_cert_pem()), filename)
import common common.set_default_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2021_UTC) # Generate the keys -- the same key is used for all intermediates and end entity # certificates. root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root')) i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i')) target_key = common.get_or_generate_rsa_key(2048, common.create_key_path('target')) # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') root.set_key(root_key) common.write_string_to_file(root.get_cert_pem(), 'root.pem') # Intermediate certificates. All have the same subject and key. i_base = common.create_intermediate_certificate('I', root) i_base.set_key(i_key) common.write_string_to_file(i_base.get_cert_pem(), 'i.pem') i2 = common.create_intermediate_certificate('I', root) i2.set_key(i_key) common.write_string_to_file(i2.get_cert_pem(), 'i2.pem') i3 = common.create_intermediate_certificate('I', root) i3.set_key(i_key) common.write_string_to_file(i3.get_cert_pem(), 'i3.pem') # More Intermediate certificates, which are just to generate the proper config
import os import sys sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')] import common # Self-signed root certificate. Not saved to a .pem since the test doesn't need # it. root = common.create_self_signed_root_certificate('Root') # Intermediate certificates. All have the same subject and key. i_base = common.create_intermediate_certificate('I', root) common.write_string_to_file(i_base.get_cert_pem(), 'i.pem') i2 = common.create_intermediate_certificate('I', root) i2.set_key_path(i_base.get_key_path()) common.write_string_to_file(i2.get_cert_pem(), 'i2.pem') i3 = common.create_intermediate_certificate('I', root) i3.set_key_path(i_base.get_key_path()) common.write_string_to_file(i3.get_cert_pem(), 'i3.pem') # More Intermediate certificates, which are just to generate the proper config # files so the target certs will have the desired Authority Information Access # values. These ones aren't saved to files. i_no_aia = common.create_intermediate_certificate('I', root) i_no_aia.set_key_path(i_base.get_key_path())