def load(self): cert = crypto.load_certificate(crypto.FILETYPE_PEM, read(self.pem)) key = crypto.load_privatekey(crypto.FILETYPE_PEM, read(self.key), b(self.parent.password)) subject = cert.get_subject() self.dn = DistinguishedName(subject.commonName, subject.organizationalUnitName, subject.organizationName, subject.localityName, subject.stateOrProvinceName, subject.countryName, subject.emailAddress) return self.init(key, cert)
def load(self): cert = crypto.load_certificate(crypto.FILETYPE_PEM, read(self.pem)) key = crypto.load_privatekey(crypto.FILETYPE_PEM, read(self.key), b(self.parent.password)) subject = cert.get_subject() self.dn = DistinguishedName(subject.commonName, subject.organizationalUnitName, subject.organizationName, subject.localityName, subject.stateOrProvinceName, subject.countryName, subject.emailAddress) return self.init(key, cert)
def __init__(self, *args, **kargs): CertificateFactory.__init__(self, *args, **kargs) # Transform key/signature algorithm to suitable values for keytool if not self.parent: self.keyalg = self.keyalg.upper() self.sigalg = self.sigalg.upper() + "with" + self.keyalg; # Create the CA self-signed certificate if not self.cacert.exists(): cacert = self.cacert subAltName = cacert.getAlternativeName() issuerAltName = self.parent.cacert.getAlternativeName() if self.parent else None ext = "-ext bc:c" + \ ((" -ext san=" + subAltName) if subAltName else "") + \ ((" -ext ian=" + issuerAltName) if issuerAltName else "") if not self.parent: cacert.keyTool("genkeypair", ext, validity=self.validity, sigalg=self.sigalg) else: self.cacert = self.parent.cacert cacert.keyTool("genkeypair") pem = cacert.keyTool("gencert", ext, validity = self.validity, stdin=cacert.keyTool("certreq")) chain = "" parent = self.parent while parent: chain += d(read(parent.cacert.pem)) parent = parent.parent cacert.keyTool("importcert", stdin=chain + d(pem)) self.cacert = cacert self.cacert.generatePEM()
def _generateChild(self, cert, serial, validity): subAltName = cert.getAlternativeName() issuerAltName = self.cacert.getAlternativeName() # Generate a certificate/key pair cert.keyTool("genkeypair") # Create a certificate signing request req = cert.keyTool("certreq") ext = "-ext ku:c=dig,keyEnc" + \ ((" -ext san=" + subAltName) if subAltName else "") + \ ((" -ext ian=" + issuerAltName) if issuerAltName else "") # Sign the certificate with the CA if validity is None or validity > 0: pem = cert.keyTool("gencert", ext, validity = (validity or self.validity), stdin=req) else: pem = cert.keyTool("gencert", ext, startdate = "{validity}d".format(validity=validity), validity=-validity, stdin=req) # Concatenate the CA and signed certificate and re-import it into the keystore chain = [] parent = self while parent: chain.append(d(read(parent.cacert.pem))) parent = parent.parent cert.keyTool("importcert", stdin="".join(chain) + d(pem)) return cert
def savePKCS12(self, path, password=None, chain=True, root=False, addkey=None): if addkey is None: addkey = self != self.parent.cacert chainfile = None if chain: # Save the certificate chain to PKCS12 certs = "" parent = self.parent while parent if root else parent.parent: certs += d(read(parent.cacert.pem)) parent = parent.parent if len(certs) > 0: (f, chainfile) = tempfile.mkstemp() os.write(f, b(certs)) os.close(f) key = "-inkey={0}".format(self.key) if addkey else "-nokeys" try: self.openSSL("pkcs12", out=path, inkey=self.key, certfile=chainfile, password=password or "password") finally: if chainfile: os.remove(chainfile) return self
def __init__(self, *args, **kargs): CertificateFactory.__init__(self, *args, **kargs) # Transform key/signature algorithm to suitable values for keytool if not self.parent: self.keyalg = self.keyalg.upper() self.sigalg = self.sigalg.upper() + "with" + self.keyalg; # Create the CA self-signed certificate if not self.cacert.exists(): cacert = self.cacert subAltName = cacert.getAlternativeName() issuerAltName = self.parent.cacert.getAlternativeName() if self.parent else None ext = "-ext bc:c" + \ ((" -ext san=" + subAltName) if subAltName else "") + \ ((" -ext ian=" + issuerAltName) if issuerAltName else "")\ ((" -ext eku=" + self.extendedKeyUsage) if self.extendedKeyUsage else "") if not self.parent: cacert.keyTool("genkeypair", ext, validity=self.validity, sigalg=self.sigalg) else: self.cacert = self.parent.cacert cacert.keyTool("genkeypair") pem = cacert.keyTool("gencert", ext, validity = self.validity, stdin=cacert.keyTool("certreq")) chain = "" parent = self.parent while parent: chain += d(read(parent.cacert.pem)) parent = parent.parent cacert.keyTool("importcert", stdin=chain + d(pem)) self.cacert = cacert self.cacert.generatePEM()
def _generateChild(self, cert, serial, validity): subAltName = cert.getAlternativeName() issuerAltName = self.cacert.getAlternativeName() extendedKeyUsage = cert.getExtendedKeyUsage() # Generate a certificate/key pair cert.keyTool("genkeypair") # Create a certificate signing request req = cert.keyTool("certreq") ext = "-ext ku:c=dig,keyEnc" + \ ((" -ext san=" + subAltName) if subAltName else "") + \ ((" -ext ian=" + issuerAltName) if issuerAltName else "") + \ ((" -ext eku=" + extendedKeyUsage) if extendedKeyUsage else "") # Sign the certificate with the CA if validity is None or validity > 0: pem = cert.keyTool("gencert", ext, validity = (validity or self.validity), stdin=req) else: pem = cert.keyTool("gencert", ext, startdate = "{validity}d".format(validity=validity), validity=-validity, stdin=req) # Concatenate the CA and signed certificate and re-import it into the keystore chain = [] parent = self while parent: chain.append(d(read(parent.cacert.pem))) parent = parent.parent cert.keyTool("importcert", stdin="".join(chain) + d(pem)) return cert
def savePKCS12(self, path, password=None, chain=True, root=False, addkey=None): if addkey is None: addkey = self != self.parent.cacert chainfile = None if chain: # Save the certificate chain to PKCS12 certs = "" parent = self.parent while parent if root else parent.parent: certs += d(read(parent.cacert.pem)) parent = parent.parent if len(certs) > 0: (f, chainfile) = tempfile.mkstemp() os.write(f, b(certs)) os.close(f) key = "-inkey={0}".format(self.key) if addkey else "-nokeys" try: self.openSSL("pkcs12", out=path, inkey=self.key, certfile=chainfile, password=password or "password") finally: if chainfile: os.remove(chainfile) return self