def _make_root_certificate( subject_name: Name, days_valid: int, private_key: RSAPrivateKeyWithSerialization, ) -> Certificate: return (_make_cert_builder( subject_name, days_valid, private_key.public_key(), ).issuer_name(subject_name).add_extension( SubjectKeyIdentifier.from_public_key(private_key.public_key()), critical=False, ).add_extension( BasicConstraints( ca=True, path_length=0, ), critical=True, ).add_extension( KeyUsage( digital_signature=False, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False, ), critical=True, ).sign( private_key, SHA256(), ))
def public_key(private_key: RSAPrivateKeyWithSerialization) -> str: _public_key = private_key.public_key() public_key_pem = _public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) return public_key_pem.decode()
def _create_key(pkey: RSAPrivateKeyWithSerialization) -> Key: privpem = pkey.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), ).decode("utf-8") pub = pkey.public_key() # type: RSAPublicKeyWithSerialization pubpem = pub.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8") return Key(public_key=pubpem, private_key=privpem, key=pkey)
def _prepare_ssl_certificate( self, private_key: rsa.RSAPrivateKeyWithSerialization, dns_list, expiry_days, **ssl_cert_configs): """ This function generates a self-signed certificate. :param private_key: Private_key :param dns_list: List of unicode dns names eg. [u"*.seagate.com", u"localhost"] :param expiry_days: Period in days for which certificate will be valid, default: 10 yrs :kwargs ssl_cert_configs: ssl certificate general configs as below country: Country Name state: State Name locality: Locality Name organization: Organization Name CN: Common Name :return: Self signed certificate """ x509_dns_name_list = [] for dns_name in dns_list: x509_dns_name_list.append(x509.DNSName(dns_name)) subject = issuer = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, ssl_cert_configs.get("country", "IN")), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, ssl_cert_configs.get("state", "MH")), x509.NameAttribute(NameOID.LOCALITY_NAME, ssl_cert_configs.get("locality", "Pune")), x509.NameAttribute( NameOID.ORGANIZATION_NAME, ssl_cert_configs.get("organization", "Seagate Technology")), x509.NameAttribute(NameOID.COMMON_NAME, ssl_cert_configs.get("CN", "seagate.com")) ]) builder = x509.CertificateBuilder() builder = builder.subject_name(subject) builder = builder.issuer_name(issuer) builder = builder.not_valid_before(datetime.datetime.utcnow()) builder = builder.not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=expiry_days)) builder = builder.serial_number(x509.random_serial_number()) builder = builder.public_key(private_key.public_key()) builder = builder.add_extension( x509.SubjectAlternativeName(x509_dns_name_list), critical=False) builder = builder.add_extension(x509.BasicConstraints( ca=False, path_length=None), critical=True) certificate = builder.sign(private_key=private_key, algorithm=hashes.SHA256(), backend=default_backend()) return certificate
def ssh_public_key(keypair: rsa.RSAPrivateKeyWithSerialization) -> str: """ converts an rsa keypair to openssh format public key :param keypair: keypair. :type keypair: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization :return: string of public key """ eb = utils.int_to_bytes(keypair.public_key().public_numbers().e) nb = utils.int_to_bytes(keypair.public_key().public_numbers().n) if eb[0] & 0x80: eb = bytes([0x00]) + eb if nb[0] & 0x80: nb = bytes([0x00]) + nb keyparts = [b'ssh-rsa', eb, nb] keystring = b''.join([struct.pack(">I", len(kp)) + kp for kp in keyparts]) return str(b'ssh-rsa ' + b64encode(keystring), encoding='utf-8')