def make_ca_cert(commonName, years=20, **kwargs):
ca_key = crypto.PKey()
ca_key.generate_key(crypto.TYPE_RSA, 2048)
ca_csr = create_unsigned_cert(commonName, years=years, **kwargs)
ca = CertificateAuthority(commonName=commonName)
cert = Certificate(commonName=commonName)
cert.save()
ca_csr.set_serial_number(cert.id)
ca_csr.set_issuer(ca_csr.get_subject())
ca_csr.set_pubkey(ca_key)
extensions = [
crypto.X509Extension("basicConstraints", True, "CA:TRUE"),
crypto.X509Extension("keyUsage", True, "keyCertSign, cRLSign"),
crypto.X509Extension("subjectKeyIdentifier",
False,
"hash",
subject=ca_csr),
# crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca_csr),
]
ca_csr.add_extensions(extensions)
ca_csr.sign(ca_key, 'sha1')
cert.certificate_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, ca_csr)
cert.active = True
cert.save()
ca.certificate = cert
ca.private_key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_key)
ca.save()
return ca
def make_ca_cert(commonName, years=20, **kwargs):
ca_key = crypto.PKey()
ca_key.generate_key(crypto.TYPE_RSA, 2048)
ca_csr = create_unsigned_cert(commonName, years=years, **kwargs)
ca = CertificateAuthority(commonName=commonName)
cert = Certificate(commonName=commonName)
cert.save()
ca_csr.set_serial_number(cert.id)
ca_csr.set_issuer(ca_csr.get_subject())
ca_csr.set_pubkey(ca_key)
extensions = [crypto.X509Extension("basicConstraints", True, "CA:TRUE"),
crypto.X509Extension("keyUsage", True, "keyCertSign, cRLSign"),
crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca_csr),
# crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca_csr),
]
ca_csr.add_extensions(extensions)
ca_csr.sign(ca_key, 'sha1')
cert.certificate_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, ca_csr)
cert.active = True
cert.save()
ca.certificate = cert
ca.private_key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_key)
ca.save()
return ca
def make_signed_cert(commonName,
pub_key,
ca_key,
ca_cert=False,
years=1,
C=False,
ST=False,
L=False,
O=False,
extensions=False):
cert_object = Certificate(commonName=commonName)
cert_object.save()
cert = create_unsigned_cert(commonName, years=years, C=C, ST=ST, L=L, O=O)
cert.set_serial_number(cert_object.id)
if not ca_cert:
ca_cert = cert
extensions = [
crypto.X509Extension("authorityKeyIdentifier",
False,
"keyid:always",
issuer=ca_cert)
]
cert.add_extensions(extensions)
cert.set_issuer(ca_cert.get_subject())
cert.set_pubkey(pub_key)
cert.sign(ca_key, 'sha1')
cert_object.certificate_pem = crypto.dump_certificate(
crypto.FILETYPE_PEM, cert)
cert_object.active = True
cert_object.save()
return cert_object
def make_signed_cert(commonName, pub_key, ca_key, ca_cert=False, years=1, C=False, ST=False, L=False, O=False, extensions=False):
cert_object = Certificate(commonName=commonName)
cert_object.save()
cert = create_unsigned_cert(commonName, years=years, C=C, ST=ST, L=L, O=O)
cert.set_serial_number(cert_object.id)
if not ca_cert:
ca_cert = cert
extensions = [crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always", issuer=ca_cert)]
cert.add_extensions(extensions)
cert.set_issuer(ca_cert.get_subject())
cert.set_pubkey(pub_key)
cert.sign(ca_key, 'sha1')
cert_object.certificate_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
cert_object.active = True
cert_object.save()
return cert_object