class TBSCertificate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', rfc2459.Version('v1', tagSet=rfc2459.Version.tagSet.tagExplicitly(tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))), namedtype.NamedType('serialNumber', rfc2459.CertificateSerialNumber()), namedtype.NamedType('signature', AlgorithmIdentifier()), namedtype.NamedType('issuer', rfc2459.Name()), namedtype.NamedType('validity', rfc2459.Validity()), namedtype.NamedType('subject', rfc2459.Name()), namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), namedtype.OptionalNamedType('issuerUniqueID', rfc2459.UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('subjectUniqueID', rfc2459.UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('extensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) )
def _build_tbs(csr, days, network): cri = csr.getComponentByName('certificationRequestInfo') subject = cri.getComponentByName('subject') subjectPublicKeyInfo = cri.getComponentByName('subjectPublicKeyInfo') dt_now = datetime.datetime.utcnow() later = datetime.timedelta(days=days) dt_now_str = dt_now.strftime("%y%m%d%H%M%S") + "Z" later_str = (dt_now + later).strftime("%y%m%d%H%M%S") + "Z" notbefore = useful.UTCTime(dt_now_str) notafter = useful.UTCTime(later_str) validity = rfc2459.Validity() validity.setComponentByName('notBefore', notbefore) validity.setComponentByName('notAfter', notafter) tbs = rfc2459.TBSCertificate() tbs.setComponentByName( 'version', rfc2459.Version('v3').subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) rndfile = Random.new() serial = encoding.to_long(256, encoding.byte_to_int, rndfile.read(32))[0] tbs.setComponentByName( 'serialNumber', rfc2459.CertificateSerialNumber(univ.Integer(serial))) tbs.setComponentByName('signature', csr.getComponentByName('signatureAlgorithm')) tbs.setComponentByName('issuer', subject) tbs.setComponentByName('validity', validity) tbs.setComponentByName('subject', subject) tbs.setComponentByName('subjectPublicKeyInfo', subjectPublicKeyInfo) extensionstoadd = "" attributes = cri.getComponentByName('attributes') for attribute in attributes: if (attribute.getComponentByName('type') == utility.OID_PKCShash9ExtensionRequest): value = attribute[1] ## careful with decoder, it returns an implicit type in a tuple extensionstoadd = decoder.decode(value[0])[0] spk = subjectPublicKeyInfo.getComponentByName('subjectPublicKey') ## self siiiigned extensions = _build_extensionsForTbs(extensionstoadd, akipubkeybitstring=spk, skipubkeybitstring=spk) if extensions: tbs.setComponentByName('extensions', extensions) return tbs
def getVersion(self): return rfc2459.Version(self.versionValue).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))