def create_certificate(urn,
issuer_key=None,
issuer_cert=None,
is_ca=False,
public_key=None,
life_days=1825,
email=None,
uuidarg=None,
serial_number=0):
"""Creates a certificate.
{issuer_key} private key of the issuer. can either be a string in pem format or None.
{issuer_cert} can either be a string in pem format or None.
If either {issuer_cert} or {issuer_key} is None, the cert becomes self-signed
{public_key} contains the pub key which will be embedded in the certificate. If None a new key is created, otherwise it must be a string)
{uuidarg} can be a uuid.UUID or a string.
Returns tuple in the following order:
x509 certificate in PEM format
public key of the keypair related to the new certificate in PEM format
public key of the keypair related to the new certificate in PEM format or None if the the {public_key} was given.
IMPORTANT
Do not add an email when creating sa/ma/cm. This may lead to unverificable certs later.
"""
# create temporary files for some params, because gcf's create_cert works with files and I did not want to duplicate the code
pub_key_param = None
if public_key:
fh, pub_key_param = tempfile.mkstemp()
os.write(fh, public_key)
os.close(fh)
issuer_key_param, issuer_cert_param = None, None
if issuer_key and issuer_cert:
fh, issuer_key_param = tempfile.mkstemp()
os.write(fh, issuer_key)
os.close(fh)
fh, issuer_cert_param = tempfile.mkstemp()
os.write(fh, issuer_cert)
os.close(fh)
cert_gid, cert_keys = gcf_cert_util.create_cert(urn, issuer_key_param,
issuer_cert_param, is_ca,
pub_key_param, life_days,
email, uuidarg,
serial_number)
if pub_key_param:
os.remove(pub_key_param)
if issuer_key_param:
os.remove(issuer_key_param)
if issuer_cert_param:
os.remove(issuer_cert_param)
priv_key_result = None
if not public_key:
priv_key_result = cert_keys.as_pem()
return cert_gid.save_to_string(), cert_keys.get_m2_pkey().get_rsa().as_pem(
), priv_key_result
def create_certificate(urn, issuer_key=None, issuer_cert=None, is_ca=False,
public_key=None, life_days=1825, email=None, uuidarg=None, serial_number=0):
"""Creates a certificate.
{issuer_key} private key of the issuer. can either be a string in pem format or None.
{issuer_cert} can either be a string in pem format or None.
If either {issuer_cert} or {issuer_key} is None, the cert becomes self-signed
{public_key} contains the pub key which will be embedded in the certificate. If None a new key is created, otherwise it must be a string)
{uuidarg} can be a uuid.UUID or a string.
Returns tuple in the following order:
x509 certificate in PEM format
public key of the keypair related to the new certificate in PEM format
public key of the keypair related to the new certificate in PEM format or None if the the {public_key} was given.
IMPORTANT
Do not add an email when creating sa/ma/cm. This may lead to unverificable certs later.
"""
# create temporary files for some params, because gcf's create_cert works with files and I did not want to duplicate the code
pub_key_param = None
if public_key:
fh, pub_key_param = tempfile.mkstemp(); os.write(fh, public_key); os.close(fh)
issuer_key_param, issuer_cert_param = None, None
if issuer_key and issuer_cert:
fh, issuer_key_param = tempfile.mkstemp(); os.write(fh, issuer_key); os.close(fh)
fh, issuer_cert_param = tempfile.mkstemp(); os.write(fh, issuer_cert); os.close(fh)
cert_gid, cert_keys = gcf_cert_util.create_cert(urn, issuer_key_param, issuer_cert_param, is_ca, pub_key_param,
life_days, email, uuidarg, serial_number)
if pub_key_param:
os.remove(pub_key_param)
if issuer_key_param:
os.remove(issuer_key_param)
if issuer_cert_param:
os.remove(issuer_cert_param)
priv_key_result = None
if not public_key:
priv_key_result = cert_keys.as_pem()
return cert_gid.save_to_string(), cert_keys.get_m2_pkey().get_rsa().as_pem(), priv_key_result