コード例 #1
0
def make_ca_cert(commonName, years=20, **kwargs):
    ca_key = crypto.PKey()
    ca_key.generate_key(crypto.TYPE_RSA, 2048)

    ca_csr = create_unsigned_cert(commonName, years=years, **kwargs)
    ca = CertificateAuthority(commonName=commonName)
    cert = Certificate(commonName=commonName)
    cert.save()

    ca_csr.set_serial_number(cert.id)
    ca_csr.set_issuer(ca_csr.get_subject())
    ca_csr.set_pubkey(ca_key)

    extensions = [
        crypto.X509Extension("basicConstraints", True, "CA:TRUE"),
        crypto.X509Extension("keyUsage", True, "keyCertSign, cRLSign"),
        crypto.X509Extension("subjectKeyIdentifier",
                             False,
                             "hash",
                             subject=ca_csr),
        #                  crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca_csr),
    ]

    ca_csr.add_extensions(extensions)
    ca_csr.sign(ca_key, 'sha1')

    cert.certificate_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, ca_csr)
    cert.active = True
    cert.save()

    ca.certificate = cert
    ca.private_key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_key)
    ca.save()
    return ca
コード例 #2
0
ファイル: lib.py プロジェクト: skruger/uCA
def make_ca_cert(commonName, years=20, **kwargs):
    ca_key = crypto.PKey()
    ca_key.generate_key(crypto.TYPE_RSA, 2048)

    ca_csr = create_unsigned_cert(commonName, years=years, **kwargs)
    ca = CertificateAuthority(commonName=commonName)
    cert = Certificate(commonName=commonName)
    cert.save()
    
    ca_csr.set_serial_number(cert.id)
    ca_csr.set_issuer(ca_csr.get_subject())
    ca_csr.set_pubkey(ca_key)
    
    extensions = [crypto.X509Extension("basicConstraints", True, "CA:TRUE"),
                  crypto.X509Extension("keyUsage", True, "keyCertSign, cRLSign"),
                  crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca_csr),
#                  crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca_csr),
                  ]
    
    ca_csr.add_extensions(extensions)
    ca_csr.sign(ca_key, 'sha1')
    
    cert.certificate_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, ca_csr)
    cert.active = True
    cert.save()

    ca.certificate = cert
    ca.private_key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_key)
    ca.save()
    return ca
コード例 #3
0
def make_signed_cert(commonName,
                     pub_key,
                     ca_key,
                     ca_cert=False,
                     years=1,
                     C=False,
                     ST=False,
                     L=False,
                     O=False,
                     extensions=False):
    cert_object = Certificate(commonName=commonName)
    cert_object.save()

    cert = create_unsigned_cert(commonName, years=years, C=C, ST=ST, L=L, O=O)

    cert.set_serial_number(cert_object.id)

    if not ca_cert:
        ca_cert = cert

    extensions = [
        crypto.X509Extension("authorityKeyIdentifier",
                             False,
                             "keyid:always",
                             issuer=ca_cert)
    ]

    cert.add_extensions(extensions)

    cert.set_issuer(ca_cert.get_subject())
    cert.set_pubkey(pub_key)
    cert.sign(ca_key, 'sha1')
    cert_object.certificate_pem = crypto.dump_certificate(
        crypto.FILETYPE_PEM, cert)
    cert_object.active = True
    cert_object.save()
    return cert_object
コード例 #4
0
ファイル: lib.py プロジェクト: skruger/uCA
def make_signed_cert(commonName, pub_key, ca_key, ca_cert=False, years=1, C=False, ST=False, L=False, O=False, extensions=False):
    cert_object = Certificate(commonName=commonName)
    cert_object.save()

    cert = create_unsigned_cert(commonName, years=years, C=C, ST=ST, L=L, O=O)

    cert.set_serial_number(cert_object.id)

    if not ca_cert:
        ca_cert = cert

    extensions = [crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca_cert)]

    cert.add_extensions(extensions)

    
    cert.set_issuer(ca_cert.get_subject())
    cert.set_pubkey(pub_key)
    cert.sign(ca_key, 'sha1')
    cert_object.certificate_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
    cert_object.active = True
    cert_object.save()
    return cert_object