def certificate(privkey, expiry_timestamp, price_limit, issuer=None,
issued_at=None, keyid=None):
if issuer is None:
issuer = crypto.KEYSTORE.kid
if issued_at is None:
issued_at = time.time()
if keyid is None:
keyid = "appstore.mozilla.com-%s" % \
time.strftime('%F', time.gmtime(issued_at))
# The certification is a JWT containing a JWK:
pubKey = privkey.pub()
certificate = {
"typ": "certified-key",
"jwk": [{"alg": "RSA",
"kid": keyid,
"mod": jwt.base64url_encode(pubKey[1][4:]),
"exp": jwt.base64url_encode(pubKey[0][4:])}],
"nbf": long(issued_at),
"exp": long(expiry_timestamp),
"iat": long(issued_at),
"price_limit": price_limit,
"iss": issuer
}
return json.dumps(certificate)
def generate_root(bits, expires, keyid):
"""For generating test root ceritifcates"""
print "\nWARNING: generate_root should only be used for testing!\n"
rsaObj = M2Crypto.RSA.gen_key(bits, 0x10001, NoOp)
# Create the JWK from the pubkey
juke = dict(jwk=[dict(alg="RSA", use='sig', kid=keyid,
exp=jwt.base64url_encode(rsaObj.pub()[0][4:]),
mod=jwt.base64url_encode(rsaObj.pub()[1][4:]))])
return (rsaObj.as_pem(None), json.dumps(juke))
def jwkify(pub, keyid):
if isinstance(pub, M2Crypto.RSA.RSA) \
or isinstance(pub, M2Crypto.RSA.RSA_pub):
pub = pub.pub()
elif type(pub) != tuple:
raise ValueError("jwkify expects an RSA object or a tuple")
return dict(jwk=[{
"alg": "RSA",
"kid": keyid,
"exp": jwt.base64url_encode(pub[0][4:]),
"mod": jwt.base64url_encode(pub[1][4:])
}])
def jwkify(pub, keyid):
if isinstance(pub, M2Crypto.RSA.RSA) or isinstance(pub, M2Crypto.RSA.RSA_pub):
pub = pub.pub()
elif type(pub) != tuple:
raise ValueError("jwkify expects an RSA object or a tuple")
return dict(
jwk=[
{
"alg": "RSA",
"kid": keyid,
"exp": jwt.base64url_encode(pub[0][4:]),
"mod": jwt.base64url_encode(pub[1][4:]),
}
]
)
def generate_root(bits, expires, keyid):
"""For generating test root ceritifcates"""
print "\nWARNING: generate_root should only be used for testing!\n"
rsaObj = M2Crypto.RSA.gen_key(bits, 0x10001, NoOp)
# Create the JWK from the pubkey
juke = dict(jwk=[
dict(alg="RSA",
use='sig',
kid=keyid,
exp=jwt.base64url_encode(rsaObj.pub()[0][4:]),
mod=jwt.base64url_encode(rsaObj.pub()[1][4:]))
])
return (rsaObj.as_pem(None), json.dumps(juke))
def certificate(privkey,
expiry_timestamp,
price_limit,
issuer=None,
issued_at=None,
keyid=None):
if issuer is None:
issuer = crypto.KEYSTORE.kid
if issued_at is None:
issued_at = time.time()
if keyid is None:
keyid = "appstore.mozilla.com-%s" % \
time.strftime('%F', time.gmtime(issued_at))
# The certification is a JWT containing a JWK:
pubKey = privkey.pub()
certificate = {
"typ":
"certified-key",
"jwk": [{
"alg": "RSA",
"kid": keyid,
"mod": jwt.base64url_encode(pubKey[1][4:]),
"exp": jwt.base64url_encode(pubKey[0][4:])
}],
"nbf":
long(issued_at),
"exp":
long(expiry_timestamp),
"iat":
long(issued_at),
"price_limit":
price_limit,
"iss":
issuer
}
return json.dumps(certificate)
