def generate_keys(self): if os.path.isfile('./private_key.pem') and os.path.isfile('./public_key.pem'): with open('./public_key.pem', 'rb') as f: self.public_key = f.read() with open('./private_key.pem', 'rb') as f: self.private_key = f.read() else: print("KEYS not found, creating new ones") key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) with open('private_key.pem', 'wb') as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey=key)) with open('public_key.pem', 'wb') as f: f.write(crypto.dump_publickey(crypto.FILETYPE_PEM, pkey=key)) self.public_key = crypto.dump_publickey( crypto.FILETYPE_PEM, pkey=key) self.private_key = crypto.dump_privatekey( crypto.FILETYPE_PEM, pkey=key)
def create_self_signed_cert(): k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) cert = crypto.X509() cert.get_subject().C = "PL" cert.get_subject().ST = "Lublin" cert.get_subject().L = "Lublin" cert.get_subject().O = "ProjektPAS" cert.get_subject().OU = "PP" cert.get_subject().CN = "localhost" print(gethostname()) cert.set_serial_number(1) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') open(CERT_FILE, "wt").write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8") ) open(KEY_FILE, "wt").write( crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8") )
def create_self_signed_cert(certFile, keyFile, hostName): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "PT" cert.get_subject().ST = "Portugal" cert.get_subject().L = "Portugal" cert.get_subject().O = "S-Razoes Lda" cert.get_subject().OU = "S-Razoes Lda" cert.get_subject().CN = hostName cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, b'sha512') open(certFile, "wt").write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) open(keyFile, "wt").write( crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf-8'))
def gen_cert(self): key_pair = crypto.PKey() key_pair.generate_key(crypto.TYPE_RSA, 2048) cert = crypto.X509() cert.get_subject().O = 'admin' cert.get_subject().CN = 'krishpranav' cert.get_subject().OU = 'krishpranav' cert.get_subject().C = 'US' cert.get_subject().L = 'Los Santos' cert.get_subject().ST = 'California' cert.set_serial_number(SystemRandom().randint(2048**8, 4096**8)) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(256 * 409600) cert.set_issuer(cert.get_subject()) cert.set_pubkey(key_pair) cert.sign(key_pair, 'sha256') with open(const.CERT_FILE, 'wb') as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) with open(const.KEY_FILE, 'wb') as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key_pair))
def test_should_return_for_pyopenssl_stored_key_with_passphrase(self): self.order_meta.update(self.stored_key_meta) self.order_meta['container_ref'] = ( "https://localhost/containers/" + self.container_with_passphrase.id ) passphrase = "my secret passphrase" pkey = crypto.PKey() pkey.generate_key(crypto.TYPE_RSA, 2048) key_pem = crypto.dump_privatekey( crypto.FILETYPE_PEM, pkey, passphrase=passphrase.encode('utf-8') ) self.private_key_value = base64.b64encode(key_pem) self.public_key_value = "public_key" self.passphrase_value = base64.b64encode(passphrase.encode('utf-8')) self.store_plugin.get_secret.side_effect = self.stored_key_side_effect self._test_should_return_waiting_for_ca( cert_res.issue_certificate_request) self._verify_issue_certificate_plugins_called() self.assertIsNotNone( self.order.order_barbican_meta['generated_csr'])
def _genPkeyCsr(self, name, mode, outp=None): pkey = crypto.PKey() pkey.generate_key(crypto.TYPE_RSA, self.crypto_numbits) xcsr = crypto.X509Req() xcsr.get_subject().CN = name xcsr.set_pubkey(pkey) xcsr.sign(pkey, self.signing_digest) keypath = self._savePkeyTo(pkey, mode, '%s.key' % name) if outp is not None: outp.printf('key saved: %s' % (keypath, )) csrpath = self._getPathJoin(mode, '%s.csr' % name) self._checkDupFile(csrpath) with s_common.genfile(csrpath) as fd: fd.truncate(0) fd.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, xcsr)) if outp is not None: outp.printf('csr saved: %s' % (csrpath, ))
def create_self_signed_cert(cert_dir: str, cert_file: str = "myapp.crt", key_file: str = "myapp.key") -> Tuple[str, str]: """ If datacard.crt and datacard.key don't exist in cert_dir, create a new self-signed cert and keypair and write them into that directory. """ if not exists(join(cert_dir, cert_file)) or not exists( join(cert_dir, key_file)): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() subject = cert.get_subject() setattr(subject, "C", "US") setattr(subject, "ST", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") setattr(subject, "L", "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB") setattr(subject, "O", "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC") # XD setattr(subject, "OU", "bunny corp") setattr(subject, "CN", "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD") cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, "sha256") with open(join(cert_dir, cert_file), "wb") as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) with open(join(cert_dir, key_file), "wb") as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k)) return cert_file, key_file
def generate_ssl_cert(target_file=None, overwrite=False): if target_file and not overwrite and os.path.exists(target_file): return # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "AU" cert.get_subject().ST = "Some-State" cert.get_subject().L = "Some-Locality" cert.get_subject().O = "LocalStack Org" cert.get_subject().OU = "Testing" cert.get_subject().CN = "LocalStack" cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') cert_file = StringIO() key_file = StringIO() cert_file.write(to_str(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))) key_file.write(to_str(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))) cert_file_content = cert_file.getvalue().strip() key_file_content = key_file.getvalue().strip() file_content = '%s\n%s' % (key_file_content, cert_file_content) if target_file: save_file(target_file, file_content) save_file('%s.key' % target_file, key_file_content) save_file('%s.crt' % target_file, cert_file_content) return file_content return file_content
def get(self, bits=2048, type=crypto.TYPE_RSA, digest='sha1'): """ Get a new self-signed certificate @type bits: int @type digest: str @rtype: Certificate """ self.log.debug('Creating a new self-signed SSL certificate') # Generate the key and ready our cert key = crypto.PKey() key.generate_key(type, bits) cert = crypto.X509() # Fill in some pseudo certificate information with a wildcard common name cert.get_subject().C = 'US' cert.get_subject().ST = 'California' cert.get_subject().L = 'Los Angeles' cert.get_subject().O = 'Wright Anything Agency' cert.get_subject().OU = 'Law firm / talent agency' cert.get_subject().CN = '*.{dn}'.format(dn=self.site.domain.name) # Set the serial number, expiration and issued cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(315360000) cert.set_issuer(cert.get_subject()) # Map the key and sign our certificate cert.set_pubkey(key) cert.sign(key, digest) # Dump the PEM data and return a certificate container _cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) _key = crypto.dump_privatekey(crypto.FILETYPE_PEM, key) return Certificate(_cert, _key, type, bits, digest)
def _genPkeyCsr(self, name, mode, outp=None): pkey = crypto.PKey() pkey.generate_key(crypto.TYPE_RSA, 2048) xcsr = crypto.X509Req() xcsr.get_subject().CN = name xcsr.set_pubkey(pkey) xcsr.sign(pkey, 'sha256') keypath = self._savePkeyTo(pkey, mode, '%s.key' % name) if outp is not None: outp.printf('key saved: %s' % (keypath, )) csrpath = self.getPathJoin(mode, '%s.csr' % name) if os.path.isfile(csrpath): raise s_common.DupFileName(path=csrpath) with s_common.genfile(csrpath) as fd: fd.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, xcsr)) if outp is not None: outp.printf('csr saved: %s' % (csrpath, ))
def generate_ca(self) -> None: """ Generate a CA certificate """ if not os.path.exists(self.cakeypath): print("Cannot find CA locally so generating one") if not os.path.exists(os.path.dirname(self.cakeypath)): print("the directory for storing certificates doesn't exist.") print("Creating one at " + os.path.dirname(self.cakeypath)) os.makedirs(os.path.dirname(self.cakeypath)) ca_key = crypto.PKey() ca_key.generate_key(crypto.TYPE_RSA, 2048) cert = crypto.X509() cert.get_subject().CN = "CA" cert.set_serial_number(0) cert.set_version(2) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(31536000) cert.set_issuer(cert.get_subject()) cert.add_extensions([ crypto.X509Extension(b'basicConstraints', False, b'CA:TRUE'), crypto.X509Extension(b'keyUsage', False, b'keyCertSign, cRLSign') ]) cert.set_pubkey(ca_key) cert.sign(ca_key, "sha256") f = open(self.cakeypath, "wb") f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_key)) f.close() f = open(self.capempath, "wb") f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) f.close() else: print("CA found locally, not generating a new one")
def create_self_signed_cert(certfile, keyfile, certargs, cert_dir="."): if not os.path.isdir(cert_dir): os.mkdir(cert_dir) c_f = os.path.join(cert_dir, certfile) k_f = os.path.join(cert_dir, keyfile) if not os.path.exists(c_f) or not os.path.exists(k_f): k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) cert = crypto.X509() cert.get_subject().C = certargs["Country"] cert.get_subject().ST = certargs["State"] cert.get_subject().L = certargs["City"] cert.get_subject().O = certargs["Organization"] cert.get_subject().OU = certargs["Org. Unit"] cert.get_subject().CN = HOSTNAME cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(315360000) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') open(c_f, "wb").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(k_f, "wb").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
def init_crypto(csr_file=CSR_FILE, key_file=KEY_FILE): ''' Generate private key and CSR for secure communication ''' key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) req = crypto.X509Req() subj = req.get_subject() subj.C = "PL" subj.ST = "Dolnyslask" subj.L = "Wroclaw" subj.O = "MonitOwl Agents" subj.OU = "Agents" subj.CN = gethostname() req.set_pubkey(key) req.sign(key, 'sha1') with open(csr_file, "wt", 0o400) as fileh: fileh.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)) with open(key_file, "wt", 0o400) as fileh: fileh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) LOG.info("Crypto files Key and CSR created")
def create_self_signed_cert(cert_dir, cert_file, key_file, hostname): # from https://gist.github.com/ril3y/1165038 cert_path = realpath(join(cert_dir, cert_file)) key_path = realpath(join(cert_dir, key_file)) if not exists(cert_path) or not exists(key_path): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().CN = hostname cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10*365*24*60*60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') with open(cert_path, "wt") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) with open(key_path, "wt") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf-8'))
def generate_test_cert(hostname="somehostname", san_list=None, expires=1000000): """ Generates a test SSL certificate and returns the certificate data and private key data. """ # Based on: http://blog.richardknop.com/2012/08/create-a-self-signed-x509-certificate-in-python/ # Create a key pair. k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # Create a self-signed cert. cert = crypto.X509() cert.get_subject().CN = hostname # Add the subjectAltNames (if necessary). if san_list is not None: cert.add_extensions([ crypto.X509Extension(b"subjectAltName", False, b", ".join(san_list)) ]) cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(expires) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, "sha1") # Dump the certificate and private key in PEM format. cert_data = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) key_data = crypto.dump_privatekey(crypto.FILETYPE_PEM, k) return (cert_data, key_data)
def create_self_signed_cert(): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "CA" cert.get_subject().ST = "BC" cert.get_subject().L = "Vancouver" cert.get_subject().O = "Self Signed Madness" cert.get_subject().OU = "Self Signyness" cert.get_subject().CN = gethostname() cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') open(CERT_FILE, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(KEY_FILE, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
def create_self_signed_cert(cert_dir, key_dir, domain_name): SYSTEM_CERT_DIR = '/usr/local/share/ca-certificates' DOMAIN_SYS_DIR = os.path.join(SYSTEM_CERT_DIR, domain_name) CERT_FILE = domain_name + '.crt' KEY_FILE = domain_name + '.key' k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "US" cert.get_subject().ST = "New York" cert.get_subject().L = "Stony Brook" cert.get_subject().O = "Computer Science" cert.get_subject().OU = "NetSys" cert.get_subject().CN = domain_name cert.set_serial_number(int(random.randint(0, 1000000000))) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') #print(cert_dir, CERT_FILE, crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(os.path.join(cert_dir, CERT_FILE), "wb").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(os.path.join(key_dir, KEY_FILE), "wb").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k)) clear_folder(DOMAIN_SYS_DIR) system_cert_domain = os.path.join(DOMAIN_SYS_DIR, CERT_FILE) shutil.copy2(os.path.join(cert_dir, CERT_FILE), system_cert_domain) #print(' '.join(['certutil', '-d', 'sql:/home/jnejati/.pki/nssdb','-A','-t', '"C,,"', '-n', domain_name, '-i', system_cert_domain])) #subprocess.call(['certutil', '-d', 'sql:/home/jnejati/.pki/nssdb','-D','-t', '"C,,"', '-n', domain_name, '-i', system_cert_domain]) #subprocess.call(['certutil', '-d', 'sql:/home/jnejati/.pki/nssdb','-A','-t', '"C,,"', '-n', domain_name, '-i', system_cert_domain]) os.system('certutil -d sql:/home/jnejati/.pki/nssdb -D -t "C,," -n ' + domain_name + ' -i ' + system_cert_domain) os.system('certutil -d sql:/home/jnejati/.pki/nssdb -A -t "C,," -n ' + domain_name + ' -i ' + system_cert_domain)
def gen_cert(cert_path, key_path): """ Generate certificate and key for scratch-link """ os.makedirs(localdir, exist_ok=True) if os.path.isfile(cert_path) and os.path.isfile(key_path): if is_cert_valid(cert_path): logger.debug( f"Alreadfy {cert_path} and {key_path} are genereated.") return else: logger.info(f"Certificate {cert_path} expired. Regenerate it.") key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) cert = crypto.X509() cert.get_subject().CN = SCRATCH_CERT_NICKNAME cert.gmtime_adj_notBefore(9) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) # ten years cert.set_pubkey(key) cert.set_issuer(cert.get_subject()) cert.add_extensions([ crypto.X509Extension(b"subjectAltName", False, b"DNS:device-manager.scratch.mit.edu") ]) cert.sign(key, 'sha256') with open(cert_path, "wb") as cf: cf.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) with open(key_path, "wb") as kf: kf.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) logger.info(f"Generated certificate: {cert_path}") logger.info(f"Generated key: {key_path}")
def gencert(): # https://www.linux.org/threads/creating-a-self-signed-certificate-with-python.9038/ # https://markusholtermann.eu/2016/09/ssl-all-the-things-in-python/ from OpenSSL import crypto, SSL from pprint import pprint from time import gmtime, mktime from os.path import exists, join from random import choice, randint from string import letters CN = "SSLS" CERT_FILE = "%s.crt" % CN PEM_FILE = "%s.pem" % CN PUBKEY_FILE = "%s.pub" % CN cert_dir = "." C_F = join(cert_dir, CERT_FILE) K_F = join(cert_dir, PEM_FILE) P_F = join(cert_dir, PUBKEY_FILE) k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 4096) cert = crypto.X509() cert.get_subject().C = "".join([choice(letters[:26]) for i in range(2)]) cert.get_subject().ST = "".join([choice(letters[:26]) for i in range(2)]) cert.get_subject().L = "".join([choice(letters[:26]) for i in xrange(0, randint(2,32))]) cert.get_subject().O = "".join([choice(letters[:26]) for i in xrange(0, randint(2,32))]) cert.get_subject().OU = "".join([choice(letters[:26]) for i in xrange(0, randint(2,32))]) cert.get_subject().CN = CN cert.set_serial_number(randint(1000,9999)) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(604800) # 7 days... cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha256') open(C_F, 'wt').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(K_F, 'wt').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey=k)) open(P_F, 'wt').write(crypto.dump_publickey(crypto.FILETYPE_PEM, pkey=k)) return C_F, K_F, P_F
def create_self_signed_certificate(): global SN, certificate, key # generate key k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 2048) # define certificate attributes cert = crypto.X509() cert.get_subject().C = "IT" cert.get_subject().ST = "Italy" cert.get_subject().L = "Rome" cert.get_subject().O = "." cert.get_subject().OU = "." cert.get_subject().CN = CN cert.set_serial_number(0) SN += 1 cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(315360000) cert.set_issuer(cert.get_subject( )) #self signing the certificate (the issuer is the same of the subject) cert.set_pubkey(k) cert.sign(k, "sha256") # assign to global variables certificate = cert key = k # write to disk certificate and key open(CF, "wt").write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8")) open(KF, "wt").write( crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8"))
def generateCSR(cn, c, st, l, o, ou, email, sans): # TODO: support different kind/size keys??? key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) csr = crypto.X509Req() csr.get_subject().CN = cn csr.get_subject().countryName = c csr.get_subject().stateOrProvinceName = st csr.get_subject().localityName = l csr.get_subject().organizationName = o csr.get_subject().organizationalUnitName = ou csr.get_subject().emailAddress = email # csr.get_subject().subjectAltName = 'test.example.com' x509_extensions = ([]) # TODO: support "IP:" in addition to "DNS:" below sans_list = [] for san in sans: sans_list.append("DNS: {0}".format(san)) sans_list = ", ".join(sans_list) if sans_list: x509_extensions.append(crypto.X509Extension("subjectAltName", False, sans_list)) csr.add_extensions(x509_extensions) csr.set_pubkey(key) csr.sign(key, "sha256") csr_out = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr) key_out = crypto.dump_privatekey(crypto.FILETYPE_PEM, key) return key_out,csr_out
def create_self_signed_cert(): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 2048) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "DE" cert.get_subject().ST = "NRW" cert.get_subject().L = "Dortmund" cert.get_subject().O = "Dummy Company Ltd" cert.get_subject().OU = "Dummy Company Ltd" cert.get_subject().CN = "PowerDNS-Admin" cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha256') open(CERT_FILE, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(KEY_FILE, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
def gen_cert(self, domain, key=None, bits=2048): """Generate tls-alpn-01 certificate. :param unicode domain: Domain verified by the challenge. :param OpenSSL.crypto.PKey key: Optional private key used in certificate generation. If not provided (``None``), then fresh key will be generated. :param int bits: Number of bits for newly generated key. :rtype: `tuple` of `OpenSSL.crypto.X509` and `OpenSSL.crypto.PKey` """ if key is None: key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, bits) der_value = b"DER:" + codecs.encode(self.h, 'hex') acme_extension = crypto.X509Extension(self.ID_PE_ACME_IDENTIFIER_V1, critical=True, value=der_value) return crypto_util.gen_ss_cert(key, [domain], force_san=True, extensions=[acme_extension]), key
def create_server_pair(self, o, cn, san=[]): """Issue a X.509 server key/certificate pair""" # key key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) # cert cert = crypto.X509() cert.set_serial_number(self.__next_serial) cert.set_version(2) cert.set_pubkey(key) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(365*24*60*60) cert_subject = cert.get_subject() cert_subject.O = o cert_subject.OU = 'kOVHernetes' cert_subject.CN = cn cert.set_issuer(self.cert.get_issuer()) cert_ext = [] cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert)) cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer:always', issuer=self.cert)) cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE')) cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyEncipherment')) cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth')) if san: cert_ext.append(crypto.X509Extension(b'subjectAltName', False, ','.join(san).encode())) cert.add_extensions(cert_ext) # sign cert with CA key cert.sign(self.key, 'sha256') type(self).__next_serial += 1 return key, cert
def create_self_signed_cert(cert_dir, cert_file_name, key_file_name, IP_address, tenant_id): """ If datacard.crt and datacard.key don't exist in cert_dir, create a new self-signed cert and keypair and write them into that directory. """ CERT_FILE = cert_file_name KEY_FILE = key_file_name if not exists(join(cert_dir, CERT_FILE)) \ or not exists(join(cert_dir, KEY_FILE)): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "US" cert.get_subject().ST = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" cert.get_subject().L = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" cert.get_subject().O = "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" cert.get_subject().OU = tenant_id cert.get_subject().CN = IP_address cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') open(join(cert_dir, CERT_FILE), "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(join(cert_dir, KEY_FILE), "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
def genCertificate(self, KEY_FILE="certificate/private.pem", CERT_FILE="certificate/cacert.pem"): k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 4096) cert = crypto.X509() cert.get_subject().C = "UK" cert.get_subject().ST = "London" cert.get_subject().L = "London" cert.get_subject().O = "Development" cert.get_subject().CN = "www.google.com" cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(31557600) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha512') with open(CERT_FILE, "wt") as f: f.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8")) with open(KEY_FILE, "wt") as f: f.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8"))
def __init__(self, filename=None, text=None, passphrase=None, filetype="pem", bits=2048, _key=None): self.__passphrase = passphrase # can also be a callable if _key is not None: key = _key else: ftype = _FILETYPES[filetype] if filename is not None: ftype, text = get_type_and_text(filename) if text is not None: if passphrase is not None: key = crypto.load_privatekey(ftype, text, passphrase) else: key = crypto.load_privatekey(ftype, text) else: key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, bits) key.check() self._key = key
def create_self_signed_cert(cert_dir, keyfile, certfile): """ Create a self-signed `keyfile` and `certfile` in `cert_dir` Abort if one of the keyfile of certfile exist. """ if exists(join(cert_dir, certfile)) or exists(join(cert_dir, keyfile)): raise FileExistsError('{} or {} already exist in {}. Aborting.'.format(keyfile, certfile, cert_dir)) else: # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "US" cert.get_subject().ST = "Jupyter notebook self-signed certificate" cert.get_subject().L = "Jupyter notebook self-signed certificate" cert.get_subject().O = "Jupyter notebook self-signed certificate" cert.get_subject().OU = "my organization" cert.get_subject().CN = "Jupyter notebook self-signed certificate" cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(365*24*60*60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha256') with io.open(join(cert_dir, certfile), "wt") as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf8')) os.chmod(join(cert_dir, certfile), 0o600) with io.open(join(cert_dir, keyfile), "wt") as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf8')) os.chmod(join(cert_dir, keyfile), 0o600)
def make_ssl_cert(name): '''Create and return an SslCertificate in dictionary format. ''' key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 2048) cert = crypto.X509() cert.get_subject().C = "US" cert.get_subject().ST = "New York" cert.get_subject().L = "New York City" cert.get_subject().O = "Google" cert.get_subject().OU = "Spinnaker" cert.get_subject().CN = "localhost" cert.set_serial_number(4096) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(key) cert.sign(key, 'sha1') return { 'name': name, 'privateKey': crypto.dump_privatekey(crypto.FILETYPE_PEM, key), 'certificate': crypto.dump_certificate(crypto.FILETYPE_PEM, cert) }
def create_cert(): """Create self signed certificate for HTTP server""" if not os.path.exists(CERT_FILE) or not os.path.exists(KEY_FILE): try: k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "IE" cert.get_subject().ST = "Galway" cert.get_subject().L = "Galway" cert.get_subject().O = "NUIG" cert.get_subject().OU = "Computer Science & IT" cert.get_subject().CN = socket.gethostname() cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') open(CERT_FILE, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) open(KEY_FILE, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k)) except crypto.Error as err: logging.warning("OpenSSL error occurred: %s" % err) return except Exception as e: logging.warning( "Error occurred when creating self signed cert: %s" % e) return else: logging.info("Signed cert already exists.")