def _create_x509_certificate( key_der, subject_name ): #type(Union[EllipticCurvePrivateKey,RSAPrivateKey], str) -> Certificate signing_key = serialization.load_der_private_key( key_der, password=None, backend=default_backend()) builder = CertificateBuilder() builder = builder.subject_name( x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, subject_name), ])) builder = builder.issuer_name( x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, subject_name), ])) one_day = datetime.timedelta(1, 0, 0) builder = builder.not_valid_before(datetime.datetime.today() - one_day) builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 30)) builder = builder.serial_number(x509.random_serial_number()) builder = builder.public_key(signing_key.public_key()) builder = builder.add_extension(SubjectAlternativeName( [x509.DNSName(subject_name)]), critical=False) builder = builder.add_extension(BasicConstraints(ca=False, path_length=None), critical=True) return builder.sign(private_key=signing_key, algorithm=hashes.SHA256(), backend=default_backend()).public_bytes( serialization.Encoding.DER)
def create_x509_certificate(key_pem, subject_name): # type: (str, str) -> str """ Given an RSA or ECDS private key, create a self-signed X.509 certificate with the specified subject name signed with that key. """ signing_key = serialization.load_pem_private_key(key_pem.encode("ascii"), password=None, backend=default_backend()) builder = CertificateBuilder() builder = builder.subject_name( x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, subject_name), ])) builder = builder.issuer_name( x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, subject_name), ])) one_day = datetime.timedelta(1, 0, 0) builder = builder.not_valid_before(datetime.datetime.today() - one_day) builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 30)) builder = builder.serial_number(x509.random_serial_number()) builder = builder.public_key(signing_key.public_key()) builder = builder.add_extension(SubjectAlternativeName( [x509.DNSName(subject_name)]), critical=False) builder = builder.add_extension(BasicConstraints(ca=False, path_length=None), critical=True) return (builder.sign( private_key=signing_key, algorithm=hashes.SHA256(), backend=default_backend(), ).public_bytes(serialization.Encoding.PEM).decode("ascii"))