def make_crt( issuer_crt, issuer_key, subject=None, not_before=None, not_after=None, serial_number=None, basic_constraints=None, digestmod=None, ): if subject is None: subject = "OU=test, CN=hostname" if not_before is None: not_before = issuer_crt.not_before if not_after is None: not_after = issuer_crt.not_after if serial_number is None: serial_number = 0x123456 if basic_constraints is None: basic_constraints = BasicConstraints() if digestmod is None: # TODO: issuer_crt.digestmod should work but doesn't. digestmod = hashlib.sha256 key = RSA() key.generate() crt = issuer_crt.sign( csr=CSR.new(key, subject, digestmod()), issuer_key=issuer_key, not_before=not_before, not_after=not_after, serial_number=serial_number, basic_constraints=basic_constraints, ) return crt, key
def make_root_ca( subject=None, not_before=None, not_after=None, serial_number=None, basic_constraints=None, digestmod=None, ): if subject is None: subject = "OU=test, CN=Trusted CA" if not_before is None: not_before = dt.datetime.utcnow() if not_after is None: not_after = not_before + dt.timedelta(days=90) if serial_number is None: serial_number = 0x123456 if basic_constraints is None: basic_constraints = BasicConstraints(True, -1) if digestmod is None: digestmod = hashlib.sha256 key = RSA() key.generate() crt = CRT.selfsign( csr=CSR.new(key, subject, digestmod()), issuer_key=key, not_before=not_before, not_after=not_after, serial_number=serial_number, basic_constraints=basic_constraints, ) return crt, key
def ca0_crt(self, ca0_key, digestmod, now): ca0_csr = CSR.new(ca0_key, "CN=Trusted CA", digestmod()) return CRT.selfsign(ca0_csr, ca0_key, not_before=now, not_after=now + dt.timedelta(days=90), serial_number=0x123456, basic_constraints=BasicConstraints(True, -1))
def ca1_crt(self, ca1_key, ca0_crt, ca0_key, digestmod, now): ca1_csr = CSR.new(ca1_key, "CN=Intermediate CA", digestmod()) return ca0_crt.sign(ca1_csr, ca0_key, now, now + dt.timedelta(days=90), 0x234567, basic_constraints=BasicConstraints(True, -1))