def __init__(self, subject, key_pair, sans=None):
"""
Constructor parameters:
:param X509Name subject: subject to add to the certificate request
:param _KeyPair key_pair: key pair containing the public key to use
when creating the signature for the certificate request
:param sans: collection of dns names to insert into a subjAltName
extension for the certificate request
:type sans: list(str) or tuple(str) or set(str)
"""
csr_info = self._csr_info(subject, key_pair.public_key, sans)
csr_signature = asymmetric.rsa_pkcs1v15_sign(key_pair.private_key,
csr_info.dump(),
_CRYPTO_SIGN_DIGEST)
self._req = csr.CertificationRequest({
"certification_request_info": csr_info,
"signature_algorithm": {
"algorithm": u"{}_rsa".format(_CRYPTO_SIGN_DIGEST)
},
"signature": csr_signature
})
def build(self, signing_private_key):
"""
Validates the certificate information, constructs an X.509 certificate
and then signs it
:param signing_private_key:
An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey
object for the private key to sign the request with. This should be
the private key that matches the public key.
:return:
An asn1crypto.csr.CertificationRequest object of the request
"""
is_oscrypto = isinstance(signing_private_key, asymmetric.PrivateKey)
if not isinstance(signing_private_key,
keys.PrivateKeyInfo) and not is_oscrypto:
raise TypeError(
_pretty_message(
'''
signing_private_key must be an instance of
asn1crypto.keys.PrivateKeyInfo or
oscrypto.asymmetric.PrivateKey, not %s
''', _type_name(signing_private_key)))
signature_algo = signing_private_key.algorithm
if signature_algo == 'ec':
signature_algo = 'ecdsa'
signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo)
def _make_extension(name, value):
return {
'extn_id': name,
'critical': self._determine_critical(name),
'extn_value': value
}
extensions = []
for name in sorted(self._special_extensions):
value = getattr(self, '_%s' % name)
if value is not None:
extensions.append(_make_extension(name, value))
for name in sorted(self._other_extensions.keys()):
extensions.append(
_make_extension(name, self._other_extensions[name]))
attributes = []
if extensions:
attributes.append({
'type': 'extension_request',
'values': [extensions]
})
certification_request_info = csr.CertificationRequestInfo({
'version':
'v1',
'subject':
self._subject,
'subject_pk_info':
self._subject_public_key,
'attributes':
attributes
})
if signing_private_key.algorithm == 'rsa':
sign_func = asymmetric.rsa_pkcs1v15_sign
elif signing_private_key.algorithm == 'dsa':
sign_func = asymmetric.dsa_sign
elif signing_private_key.algorithm == 'ec':
sign_func = asymmetric.ecdsa_sign
if not is_oscrypto:
signing_private_key = asymmetric.load_private_key(
signing_private_key)
signature = sign_func(signing_private_key,
certification_request_info.dump(),
self._hash_algo)
return csr.CertificationRequest({
'certification_request_info': certification_request_info,
'signature_algorithm': {
'algorithm': signature_algorithm_id,
},
'signature': signature
})
name="utc_time",
value=datetime.datetime(2049, 12, 31))},
"subject": _FAKE_SUBJECT,
"subject_public_key_info":
get_fake_public_key_asn1()}),
"signature_algorithm": algos.SignedDigestAlgorithm({
"algorithm": u"sha256_rsa"}),
"signature_value": b"fake"}).dump()).decode('utf8')
FAKE_CSR = \
pem.armor(
u"CERTIFICATE REQUEST",
csr.CertificationRequest({
"certification_request_info":
csr.CertificationRequestInfo({
"version": 1,
"subject": _FAKE_SUBJECT,
"subject_pk_info": get_fake_public_key_asn1()}),
"signature_algorithm": _SIGNATURE_ALGORITHM,
"signature": b"fake"}).dump()).decode('utf8')
class CliTest(unittest.TestCase):
def setUp(self):
pass
def tearDown(self):
patch.stopall()
@parameterized.expand([([], ), ("-h", ), ("--help", )])
def test_help_command(self, value):
with patch("dxlclient._cli.argparse.ArgumentParser.print_help") \
def build(self, signing_key):
"""
Validates the certificate information, constructs an X.509 certificate and then signs it
:param signing_key: An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey object for the private
key to sign the request with. This should be the private key that matches the public key.
:returns:
An asn1crypto.csr.CertificationRequest object of the request
"""
if not isinstance(signing_key, objects.ECCKey) and \
not isinstance(signing_key, objects.RSAKey):
raise TypeError(
_pretty_message(
'''
signing_private_key must be an instance of
optigatrust.pk.EccKey or optigatrust.pk.RsaKey, not %s
''', _type_name(signing_key)))
if isinstance(signing_key, objects.ECCKey):
signature_algo = 'ecdsa'
elif isinstance(signing_key, objects.RSAKey):
signature_algo = 'rsa'
else:
signature_algo = 'undefined'
signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo)
def _make_extension(_name, _value):
return {
'extn_id': _name,
'critical': self._determine_critical(_name),
'extn_value': _value
}
extensions = []
for name in sorted(self._special_extensions):
value = getattr(self, '_%s' % name)
if value is not None:
extensions.append(_make_extension(name, value))
for name in sorted(self._other_extensions.keys()):
extensions.append(
_make_extension(name, self._other_extensions[name]))
attributes = []
if extensions:
attributes.append({
'type': 'extension_request',
'values': [extensions]
})
print(attributes)
certification_request_info = csr.CertificationRequestInfo({
'version':
'v1',
'subject':
self._subject,
'subject_pk_info':
self._subject_public_key,
'attributes':
attributes
})
if isinstance(signing_key, objects.ECCKey):
sign_func = crypto.ecdsa_sign
elif isinstance(signing_key, objects.RSAKey):
sign_func = crypto.pkcs1v15_sign
else:
raise ValueError(
'Algorithm isn\'t supported, use either ecc or rsa')
s = sign_func(signing_key, certification_request_info.dump())
return csr.CertificationRequest({
'certification_request_info': certification_request_info,
'signature_algorithm': {
'algorithm': signature_algorithm_id,
},
'signature': s.signature
})
