def issuer(self, value): """ An asn1crypto.x509.Certificate object of the issuer. Used to populate both the issuer field, but also the authority key identifier extension. If the (CRL) issuer is not the issuer of the certificates (in which case the CRL is known as an indirect CRL), the .certificate_issuer attribute must be set to Certificate that issued the certificates. """ is_oscrypto = isinstance(value, asymmetric.Certificate) if not is_oscrypto and not isinstance(value, x509.Certificate): raise TypeError( _pretty_message( ''' issuer must be an instance of asn1crypto.x509.Certificate or oscrypto.asymmetric.Certificate, not %s ''', _type_name(value))) if is_oscrypto: value = value.asn1 if value.key_identifier is None: raise ValueError( _pretty_message(''' issuer certificate must have a key identifier extension to be used for signing CRLs ''')) self._issuer = value self._authority_key_identifier = x509.AuthorityKeyIdentifier( {'key_identifier': value.key_identifier})
def format_tbs_crl(self, crl_number: int, this_update: datetime, revoked_certs, next_update: datetime, distpoint: x509.DistributionPoint = None) \ -> crl.TbsCertList: extensions = [ crl.TBSCertListExtension({ 'extn_id': 'crl_number', 'extn_value': core.Integer(crl_number) }), crl.TBSCertListExtension({ 'extn_id': 'authority_key_identifier', 'extn_value': x509.AuthorityKeyIdentifier({ 'key_identifier': self.authority_key_identifier }) }), ] extensions.extend(self.extra_crl_extensions) if distpoint is not None: extn_value = crl.IssuingDistributionPoint(distpoint) extensions.append( crl.TBSCertListExtension({ 'extn_id': 'issuing_distribution_point', 'critical': True, 'extn_value': core.ParsableOctetString(extn_value.dump()) }) ) revoked = crl.RevokedCertificates(revoked_certs) return crl.TbsCertList({ 'version': 'v2', 'signature': self.signature_algo, 'issuer': self.issuer_name, 'this_update': x509.Time({'general_time': this_update}), 'next_update': x509.Time({'general_time': next_update}), 'revoked_certificates': revoked, 'crl_extensions': crl.TBSCertListExtensions(extensions) })
def issuer(self, value): """ An asn1crypto.x509.Certificate object of the issuer. Used to populate both the issuer field, but also the authority key identifier extension. """ is_oscrypto = isinstance(value, asymmetric.Certificate) if not isinstance(value, x509.Certificate) and not is_oscrypto: raise TypeError(_pretty_message( ''' issuer must be an instance of asn1crypto.x509.Certificate or oscrypto.asymmetric.Certificate, not %s ''', _type_name(value) )) if is_oscrypto: value = value.asn1 self._issuer = value.subject self._key_identifier = self._subject_public_key.sha1 self._authority_key_identifier = x509.AuthorityKeyIdentifier({ 'key_identifier': value.public_key.sha1 })