예제 #1
0
def create_certificate(urn,
                       issuer_key=None,
                       issuer_cert=None,
                       is_ca=False,
                       public_key=None,
                       life_days=1825,
                       email=None,
                       uuidarg=None,
                       serial_number=0):
    """Creates a certificate.
    {issuer_key} private key of the issuer. can either be a string in pem format or None.
    {issuer_cert} can either be a string in pem format or None.
    If either {issuer_cert} or {issuer_key} is None, the cert becomes self-signed
    {public_key} contains the pub key which will be embedded in the certificate. If None a new key is created, otherwise it must be a string)
    {uuidarg} can be a uuid.UUID or a string.

    Returns tuple in the following order:
      x509 certificate in PEM format
      public key of the keypair related to the new certificate in PEM format
      public key of the keypair related to the new certificate in PEM format or None if the the {public_key} was given.

    IMPORTANT
    Do not add an email when creating sa/ma/cm. This may lead to unverificable certs later.
    """
    # create temporary files for some params, because gcf's create_cert works with files and I did not want to duplicate the code
    pub_key_param = None
    if public_key:
        fh, pub_key_param = tempfile.mkstemp()
        os.write(fh, public_key)
        os.close(fh)
    issuer_key_param, issuer_cert_param = None, None
    if issuer_key and issuer_cert:
        fh, issuer_key_param = tempfile.mkstemp()
        os.write(fh, issuer_key)
        os.close(fh)
        fh, issuer_cert_param = tempfile.mkstemp()
        os.write(fh, issuer_cert)
        os.close(fh)

    cert_gid, cert_keys = gcf_cert_util.create_cert(urn, issuer_key_param,
                                                    issuer_cert_param, is_ca,
                                                    pub_key_param, life_days,
                                                    email, uuidarg,
                                                    serial_number)
    if pub_key_param:
        os.remove(pub_key_param)
    if issuer_key_param:
        os.remove(issuer_key_param)
    if issuer_cert_param:
        os.remove(issuer_cert_param)

    priv_key_result = None
    if not public_key:
        priv_key_result = cert_keys.as_pem()
    return cert_gid.save_to_string(), cert_keys.get_m2_pkey().get_rsa().as_pem(
    ), priv_key_result
예제 #2
0
def create_certificate(urn, issuer_key=None, issuer_cert=None, is_ca=False,
                       public_key=None, life_days=1825, email=None, uuidarg=None, serial_number=0):
    """Creates a certificate.
    {issuer_key} private key of the issuer. can either be a string in pem format or None.
    {issuer_cert} can either be a string in pem format or None.
    If either {issuer_cert} or {issuer_key} is None, the cert becomes self-signed
    {public_key} contains the pub key which will be embedded in the certificate. If None a new key is created, otherwise it must be a string)
    {uuidarg} can be a uuid.UUID or a string.

    Returns tuple in the following order:
      x509 certificate in PEM format
      public key of the keypair related to the new certificate in PEM format
      public key of the keypair related to the new certificate in PEM format or None if the the {public_key} was given.

    IMPORTANT
    Do not add an email when creating sa/ma/cm. This may lead to unverificable certs later.
    """
    # create temporary files for some params, because gcf's create_cert works with files and I did not want to duplicate the code
    pub_key_param = None
    if public_key:
        fh, pub_key_param = tempfile.mkstemp(); os.write(fh, public_key); os.close(fh)
    issuer_key_param, issuer_cert_param = None, None
    if issuer_key and issuer_cert:
        fh, issuer_key_param = tempfile.mkstemp(); os.write(fh, issuer_key); os.close(fh)
        fh, issuer_cert_param = tempfile.mkstemp(); os.write(fh, issuer_cert); os.close(fh)

    cert_gid, cert_keys = gcf_cert_util.create_cert(urn, issuer_key_param, issuer_cert_param, is_ca, pub_key_param,
                                                    life_days, email, uuidarg, serial_number)
    if pub_key_param:
        os.remove(pub_key_param)
    if issuer_key_param:
        os.remove(issuer_key_param)
    if issuer_cert_param:
        os.remove(issuer_cert_param)

    priv_key_result = None
    if not public_key:
        priv_key_result = cert_keys.as_pem()
    return cert_gid.save_to_string(), cert_keys.get_m2_pkey().get_rsa().as_pem(), priv_key_result