def test_sign_csr(tmpdir): from jans.pycloudlib.pki import generate_private_key from jans.pycloudlib.pki import generate_public_key from jans.pycloudlib.pki import generate_csr from jans.pycloudlib.pki import sign_csr ca_key_fn = tmpdir.join("ca_priv.key") ca_key = generate_private_key(str(ca_key_fn)) ca_cert_fn = tmpdir.join("ca_pub.crt") ca_cert = generate_public_key( str(ca_cert_fn), ca_key, is_ca=True, email="*****@*****.**", hostname="CA", org_name="Organization", country_code="US", state="TX", city="Austin", ) key_fn = tmpdir.join("priv.key") priv_key = generate_private_key(str(key_fn)) csr_fn = tmpdir.join("pub.csr") csr = generate_csr( str(csr_fn), priv_key, add_san=True, add_key_usage=True, email="*****@*****.**", hostname="example.com", org_name="Organization", country_code="US", state="TX", city="Austin", extra_dns=["localhost"], extra_ips=["127.0.0.1"], ) cert_fn = tmpdir.join("pub.crt") sign_csr( str(cert_fn), csr, ca_key, ca_cert, ) assert cert_fn.read().startswith("-----BEGIN CERTIFICATE-----")
def generate_ssl_ca_certkey(suffix, email, hostname, org_name, country_code, state, city, base_dir="/etc/certs"): key_fn = f"{base_dir}/{suffix}.key" priv_key = generate_private_key(key_fn) cert_fn = f"{base_dir}/{suffix}.crt" generate_public_key( cert_fn, priv_key, is_ca=True, hostname=hostname, country_code=country_code, state=state, city=city, email=email, org_name=org_name, ) return cert_fn, key_fn
def generate_ssl_certkey(suffix, email, hostname, org_name, country_code, state, city, base_dir="/etc/certs", extra_dns=None, extra_ips=None): key_fn = f"{base_dir}/{suffix}.key" priv_key = generate_private_key(key_fn) cert_fn = f"{base_dir}/{suffix}.crt" generate_public_key( cert_fn, priv_key, add_san=True, add_key_usage=True, hostname=hostname, country_code=country_code, state=state, city=city, email=email, org_name=org_name, extra_dns=extra_dns, extra_ips=extra_ips, ) return cert_fn, key_fn
def generate_signed_ssl_certkey(suffix, ca_key_fn, ca_cert_fn, email, hostname, org_name, country_code, state, city, base_dir="/etc/certs", extra_dns=None, extra_ips=None): key_fn = f"{base_dir}/{suffix}.key" priv_key = generate_private_key(key_fn) csr_fn = f"{base_dir}/{suffix}.csr" csr = generate_csr( csr_fn, priv_key, add_san=True, add_key_usage=True, hostname=hostname, country_code=country_code, state=state, city=city, email=email, org_name=org_name, extra_dns=extra_dns, extra_ips=extra_ips, ) cert_fn = f"{base_dir}/{suffix}.crt" with open(ca_key_fn, "rb") as f: ca_key = serialization.load_pem_private_key( f.read(), None, default_backend(), ) with open(ca_cert_fn, "rb") as f: ca_cert = x509.load_pem_x509_certificate(f.read()) sign_csr(cert_fn, csr, ca_key, ca_cert) return cert_fn, key_fn
def test_generate_csr(tmpdir): from jans.pycloudlib.pki import generate_private_key from jans.pycloudlib.pki import generate_csr key_fn = tmpdir.join("priv.key") priv_key = generate_private_key(str(key_fn)) csr_fn = tmpdir.join("pub.csr") generate_csr( str(csr_fn), priv_key, add_san=True, add_key_usage=True, email="*****@*****.**", hostname="example.com", org_name="Organization", country_code="US", state="TX", city="Austin", extra_dns=["localhost"], extra_ips=["127.0.0.1"], ) assert csr_fn.read().startswith("-----BEGIN CERTIFICATE REQUEST-----")
def test_generate_private_key(tmpdir): from jans.pycloudlib.pki import generate_private_key key_fn = tmpdir.join("priv.key") generate_private_key(str(key_fn)) assert key_fn.read().startswith("-----BEGIN RSA PRIVATE KEY-----")