def commande_signer_csr_noeud_prive(self): clecert = EnveloppeCleCert() clecert.generer_private_key(keysize=2048) public_key = clecert.private_key.public_key() builder = x509.CertificateSigningRequestBuilder() name = x509.Name([ # x509.NameAttribute(x509.name.NameOID.ORGANIZATION_NAME, '3aeGLdmMbA1BrmRYwpPgNAZKH2WGWmSedBjKSxw'), x509.NameAttribute(x509.name.NameOID.ORGANIZATIONAL_UNIT_NAME, 'intermediaire'), x509.NameAttribute(x509.name.NameOID.COMMON_NAME, str(uuid4())) ]) builder = builder.subject_name(name) request = builder.sign( clecert.private_key, hashes.SHA256(), default_backend() ) request_pem = request.public_bytes(primitives.serialization.Encoding.PEM) commande = { 'liste_csr': [request_pem.decode('utf-8')], 'role': 'prive' } enveloppe_requete = self.generateur.transmettre_commande( commande, 'commande.MaitreDesCles.%s' % ConstantesMaitreDesCles.COMMANDE_SIGNER_CSR, correlation_id='abcd-1234', reply_to=self.queue_name ) print("Envoi requete: %s" % enveloppe_requete) return enveloppe_requete
def __generer_private_key(self, generer_password=False, keysize=2048, public_exponent=65537): info_cle = dict() clecert = EnveloppeCleCert() clecert.generer_private_key(generer_password=generer_password) if generer_password: # info_cle['password'] = b64encode(secrets.token_bytes(16)) info_cle['password'] = clecert.password # info_cle['cle'] = asymmetric.rsa.generate_private_key( # public_exponent=public_exponent, # key_size=keysize, # backend=default_backend() # ) info_cle['pem'] = clecert.private_key_bytes info_cle['clecert'] = clecert info_cle['cle'] = clecert.private_key return info_cle
def generer_cert_navigateur(self): nouvelle_cle = EnveloppeCleCert() nouvelle_cle.generer_private_key() private_key = nouvelle_cle.private_key public_key = private_key.public_key() public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) public_key_str = public_key.decode('utf-8') print('Public key:\n%s' % public_key_str) certificat = envcert.renouvelleur.signer_navigateur( public_key_str, 'testNavigateur') cert_output = certificat.cert_bytes.decode('utf-8') print("Certificat:") print(cert_output) with open('/home/mathieu/mgdev/output/generer_cert_navigateur.pem', 'wb') as f: f.write(certificat.cert_bytes)