def __init__(self, subject, key_pair, sans=None): """ Constructor parameters: :param X509Name subject: subject to add to the certificate request :param _KeyPair key_pair: key pair containing the public key to use when creating the signature for the certificate request :param sans: collection of dns names to insert into a subjAltName extension for the certificate request :type sans: list(str) or tuple(str) or set(str) """ csr_info = self._csr_info(subject, key_pair.public_key, sans) csr_signature = asymmetric.rsa_pkcs1v15_sign(key_pair.private_key, csr_info.dump(), _CRYPTO_SIGN_DIGEST) self._req = csr.CertificationRequest({ "certification_request_info": csr_info, "signature_algorithm": { "algorithm": u"{}_rsa".format(_CRYPTO_SIGN_DIGEST) }, "signature": csr_signature })
def build(self, signing_private_key): """ Validates the certificate information, constructs an X.509 certificate and then signs it :param signing_private_key: An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey object for the private key to sign the request with. This should be the private key that matches the public key. :return: An asn1crypto.csr.CertificationRequest object of the request """ is_oscrypto = isinstance(signing_private_key, asymmetric.PrivateKey) if not isinstance(signing_private_key, keys.PrivateKeyInfo) and not is_oscrypto: raise TypeError( _pretty_message( ''' signing_private_key must be an instance of asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey, not %s ''', _type_name(signing_private_key))) signature_algo = signing_private_key.algorithm if signature_algo == 'ec': signature_algo = 'ecdsa' signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo) def _make_extension(name, value): return { 'extn_id': name, 'critical': self._determine_critical(name), 'extn_value': value } extensions = [] for name in sorted(self._special_extensions): value = getattr(self, '_%s' % name) if value is not None: extensions.append(_make_extension(name, value)) for name in sorted(self._other_extensions.keys()): extensions.append( _make_extension(name, self._other_extensions[name])) attributes = [] if extensions: attributes.append({ 'type': 'extension_request', 'values': [extensions] }) certification_request_info = csr.CertificationRequestInfo({ 'version': 'v1', 'subject': self._subject, 'subject_pk_info': self._subject_public_key, 'attributes': attributes }) if signing_private_key.algorithm == 'rsa': sign_func = asymmetric.rsa_pkcs1v15_sign elif signing_private_key.algorithm == 'dsa': sign_func = asymmetric.dsa_sign elif signing_private_key.algorithm == 'ec': sign_func = asymmetric.ecdsa_sign if not is_oscrypto: signing_private_key = asymmetric.load_private_key( signing_private_key) signature = sign_func(signing_private_key, certification_request_info.dump(), self._hash_algo) return csr.CertificationRequest({ 'certification_request_info': certification_request_info, 'signature_algorithm': { 'algorithm': signature_algorithm_id, }, 'signature': signature })
name="utc_time", value=datetime.datetime(2049, 12, 31))}, "subject": _FAKE_SUBJECT, "subject_public_key_info": get_fake_public_key_asn1()}), "signature_algorithm": algos.SignedDigestAlgorithm({ "algorithm": u"sha256_rsa"}), "signature_value": b"fake"}).dump()).decode('utf8') FAKE_CSR = \ pem.armor( u"CERTIFICATE REQUEST", csr.CertificationRequest({ "certification_request_info": csr.CertificationRequestInfo({ "version": 1, "subject": _FAKE_SUBJECT, "subject_pk_info": get_fake_public_key_asn1()}), "signature_algorithm": _SIGNATURE_ALGORITHM, "signature": b"fake"}).dump()).decode('utf8') class CliTest(unittest.TestCase): def setUp(self): pass def tearDown(self): patch.stopall() @parameterized.expand([([], ), ("-h", ), ("--help", )]) def test_help_command(self, value): with patch("dxlclient._cli.argparse.ArgumentParser.print_help") \
def build(self, signing_key): """ Validates the certificate information, constructs an X.509 certificate and then signs it :param signing_key: An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey object for the private key to sign the request with. This should be the private key that matches the public key. :returns: An asn1crypto.csr.CertificationRequest object of the request """ if not isinstance(signing_key, objects.ECCKey) and \ not isinstance(signing_key, objects.RSAKey): raise TypeError( _pretty_message( ''' signing_private_key must be an instance of optigatrust.pk.EccKey or optigatrust.pk.RsaKey, not %s ''', _type_name(signing_key))) if isinstance(signing_key, objects.ECCKey): signature_algo = 'ecdsa' elif isinstance(signing_key, objects.RSAKey): signature_algo = 'rsa' else: signature_algo = 'undefined' signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo) def _make_extension(_name, _value): return { 'extn_id': _name, 'critical': self._determine_critical(_name), 'extn_value': _value } extensions = [] for name in sorted(self._special_extensions): value = getattr(self, '_%s' % name) if value is not None: extensions.append(_make_extension(name, value)) for name in sorted(self._other_extensions.keys()): extensions.append( _make_extension(name, self._other_extensions[name])) attributes = [] if extensions: attributes.append({ 'type': 'extension_request', 'values': [extensions] }) print(attributes) certification_request_info = csr.CertificationRequestInfo({ 'version': 'v1', 'subject': self._subject, 'subject_pk_info': self._subject_public_key, 'attributes': attributes }) if isinstance(signing_key, objects.ECCKey): sign_func = crypto.ecdsa_sign elif isinstance(signing_key, objects.RSAKey): sign_func = crypto.pkcs1v15_sign else: raise ValueError( 'Algorithm isn\'t supported, use either ecc or rsa') s = sign_func(signing_key, certification_request_info.dump()) return csr.CertificationRequest({ 'certification_request_info': certification_request_info, 'signature_algorithm': { 'algorithm': signature_algorithm_id, }, 'signature': s.signature })