def create_cert(urn,
issuer_key=None,
issuer_cert=None,
ca=False,
public_key=None,
lifeDays=1825,
email=None):
'''Create a new certificate and return it and the associated keys.
If issuer cert and key are given, they sign the certificate. Otherwise
it is a self-signed certificate.
If ca then mark this as a CA certificate (can sign other certs).
lifeDays is the lifetime of the supplied cert - default is 1825 (5 years).
Certificate URN must be supplied.
CN of the cert will be dotted notation authority.type.name from the URN.
'''
# Note the below throws a ValueError if it wasnt a valid URN
c_urn = URN(urn=urn)
dotted = '%s.%s.%s' % (c_urn.getAuthority(), c_urn.getType(),
c_urn.getName())
subject = dict()
subject['CN'] = dotted[:64]
if email:
subject['emailAddress'] = email
newgid = GID(create=True, subject=subject, urn=urn, lifeDays=lifeDays)
if public_key is None:
# create a new key pair
keys = Keypair(create=True)
else:
# use the specified public key file
keys = Keypair()
keys.load_pubkey_from_file(public_key)
newgid.set_pubkey(keys)
newgid.set_is_ca(ca)
if issuer_key and issuer_cert:
# the given issuer will issue this cert
if isinstance(issuer_key, str):
issuer_key = Keypair(filename=issuer_key)
if isinstance(issuer_cert, str):
issuer_cert = GID(filename=issuer_cert)
newgid.set_issuer(issuer_key, cert=issuer_cert)
newgid.set_parent(issuer_cert)
else:
# create a self-signed cert
newgid.set_issuer(keys, subject=dotted)
newgid.encode()
newgid.sign()
return newgid, keys
def create_cert(urn, issuer_key=None, issuer_cert=None, ca=False,
public_key=None, lifeDays=1825, email=None):
'''Create a new certificate and return it and the associated keys.
If issuer cert and key are given, they sign the certificate. Otherwise
it is a self-signed certificate.
If ca then mark this as a CA certificate (can sign other certs).
lifeDays is the lifetime of the supplied cert - default is 1825 (5 years).
Certificate URN must be supplied.
CN of the cert will be dotted notation authority.type.name from the URN.
'''
# Note the below throws a ValueError if it wasnt a valid URN
c_urn = URN(urn=urn)
dotted = '%s.%s.%s' % (c_urn.getAuthority(), c_urn.getType(), c_urn.getName())
subject = dict()
subject['CN'] = dotted[:64]
if email:
subject['emailAddress'] = email
newgid = GID(create=True, subject=subject, urn=urn, lifeDays=lifeDays)
if public_key is None:
# create a new key pair
keys = Keypair(create=True)
else:
# use the specified public key file
keys = Keypair()
keys.load_pubkey_from_file(public_key)
newgid.set_pubkey(keys)
newgid.set_is_ca(ca)
if issuer_key and issuer_cert:
# the given issuer will issue this cert
if isinstance(issuer_key,str):
issuer_key = Keypair(filename=issuer_key)
if isinstance(issuer_cert,str):
issuer_cert = GID(filename=issuer_cert)
newgid.set_issuer(issuer_key, cert=issuer_cert)
newgid.set_parent(issuer_cert)
else:
# create a self-signed cert
newgid.set_issuer(keys, subject=dotted)
newgid.encode()
newgid.sign()
return newgid, keys
