Пример #1
0
def create_csr_ec(key, dn, network, csrfilename=None, attributes=None):
    """ from jandd pkiutils adjusted for EC
    """
    certreqInfo = rfc2314.CertificationRequestInfo()
    certreqInfo.setComponentByName('version', rfc2314.Version(0))
    certreqInfo.setComponentByName('subject', _build_dn(dn))
    certreqInfo.setComponentByName('subjectPublicKeyInfo',
                                   _build_subject_publickey_info(key))
    attrpos = certreqInfo.componentType.getPositionByName('attributes')
    attrtype = certreqInfo.componentType.getTypeByPosition(attrpos)
    attr_asn1 = _build_attributes(attributes, attrtype)
    certreqInfo.setComponentByName('attributes', attr_asn1)
    certreq = rfc2314.CertificationRequest()
    certreq.setComponentByName('certificationRequestInfo', certreqInfo)
    sigAlgIdentifier = rfc2314.SignatureAlgorithmIdentifier()
    sigAlgIdentifier.setComponentByName('algorithm',
                                        utility.OID_ecdsaWithSHA256)
    certreq.setComponentByName('signatureAlgorithm', sigAlgIdentifier)
    sig = _build_signature(key, certreqInfo, network)
    certreq.setComponentByName('signature', sig)
    output = pkiutils._der_to_pem(encoder.encode(certreq),
                                  'CERTIFICATE REQUEST')

    if csrfilename:
        with open(csrfilename, 'w') as csrfile:
            csrfile.write(output)
    print "generated certification request:\n\n%s" % output
    return output
Пример #2
0
    def sign_csr(self, certification_request_info):
        reqinfo = decoder.decode(certification_request_info,
                                 rfc2314.CertificationRequestInfo())[0]
        csr = rfc2314.CertificationRequest()
        csr.setComponentByName('certificationRequestInfo', reqinfo)

        algorithm = rfc2314.SignatureAlgorithmIdentifier()
        algorithm.setComponentByName(
            'algorithm', univ.ObjectIdentifier(
                '1.2.840.113549.1.1.11'))  # sha256WithRSAEncryption
        csr.setComponentByName('signatureAlgorithm', algorithm)

        signature = self.key().sign(certification_request_info,
                                    padding.PKCS1v15(), hashes.SHA256())
        asn1sig = univ.BitString("'%s'H" % signature.encode('hex'))
        csr.setComponentByName('signature', asn1sig)
        return encoder.encode(csr)
Пример #3
0
def _build_ECDSAwithSHA256_signatureAlgorithm():
    sigAlgIdentifier = rfc2314.SignatureAlgorithmIdentifier()
    sigAlgIdentifier.setComponentByName('algorithm',
                                        utility.OID_ecdsaWithSHA256)
    return sigAlgIdentifier