def create_csr_ec(key, dn, network, csrfilename=None, attributes=None):
""" from jandd pkiutils adjusted for EC
"""
certreqInfo = rfc2314.CertificationRequestInfo()
certreqInfo.setComponentByName('version', rfc2314.Version(0))
certreqInfo.setComponentByName('subject', _build_dn(dn))
certreqInfo.setComponentByName('subjectPublicKeyInfo',
_build_subject_publickey_info(key))
attrpos = certreqInfo.componentType.getPositionByName('attributes')
attrtype = certreqInfo.componentType.getTypeByPosition(attrpos)
attr_asn1 = _build_attributes(attributes, attrtype)
certreqInfo.setComponentByName('attributes', attr_asn1)
certreq = rfc2314.CertificationRequest()
certreq.setComponentByName('certificationRequestInfo', certreqInfo)
sigAlgIdentifier = rfc2314.SignatureAlgorithmIdentifier()
sigAlgIdentifier.setComponentByName('algorithm',
utility.OID_ecdsaWithSHA256)
certreq.setComponentByName('signatureAlgorithm', sigAlgIdentifier)
sig = _build_signature(key, certreqInfo, network)
certreq.setComponentByName('signature', sig)
output = pkiutils._der_to_pem(encoder.encode(certreq),
'CERTIFICATE REQUEST')
if csrfilename:
with open(csrfilename, 'w') as csrfile:
csrfile.write(output)
print "generated certification request:\n\n%s" % output
return output
def sign_csr(self, certification_request_info):
reqinfo = decoder.decode(certification_request_info,
rfc2314.CertificationRequestInfo())[0]
csr = rfc2314.CertificationRequest()
csr.setComponentByName('certificationRequestInfo', reqinfo)
algorithm = rfc2314.SignatureAlgorithmIdentifier()
algorithm.setComponentByName(
'algorithm', univ.ObjectIdentifier(
'1.2.840.113549.1.1.11')) # sha256WithRSAEncryption
csr.setComponentByName('signatureAlgorithm', algorithm)
signature = self.key().sign(certification_request_info,
padding.PKCS1v15(), hashes.SHA256())
asn1sig = univ.BitString("'%s'H" % signature.encode('hex'))
csr.setComponentByName('signature', asn1sig)
return encoder.encode(csr)
def _create_csr(cert, private_key):
"""Creates a CSR with the RENEWAL_CERTIFICATE extension"""
subject_public_key_info = decoder.decode(
private_key.public_key().public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo),
asn1Spec=rfc2314.SubjectPublicKeyInfo())[0]
subject = cert[0]['tbsCertificate']['subject']
# Microsoft OID: szOID_RENEWAL_CERTIFICATE
renewal_certificate_type = rfc2314.AttributeType(
(1, 3, 6, 1, 4, 1, 311, 13, 1))
renewal_certificate_value = rfc2314.univ.SetOf().setComponents(cert[0])
renewal_certificate = rfc2314.Attribute()
renewal_certificate.setComponentByName('type', renewal_certificate_type)
renewal_certificate.setComponentByName('vals', renewal_certificate_value)
attributes = rfc2314.Attributes().subtype(implicitTag=rfc2314.tag.Tag(
rfc2314.tag.tagClassContext, rfc2314.tag.tagFormatConstructed, 0))
attributes.setComponents(renewal_certificate)
certification_request_info = rfc2314.CertificationRequestInfo()
certification_request_info.setComponentByName('version', 0)
certification_request_info.setComponentByName('subject', subject)
certification_request_info.setComponentByName('subjectPublicKeyInfo',
subject_public_key_info)
certification_request_info.setComponentByName('attributes', attributes)
raw_signature, signature_algorithm = _sign(
private_key, encoder.encode(certification_request_info))
signature = rfc2314.univ.BitString(
hexValue=binascii.hexlify(raw_signature).decode('ascii'))
certification_request = rfc2314.CertificationRequest()
certification_request.setComponentByName('certificationRequestInfo',
certification_request_info)
certification_request.setComponentByName('signatureAlgorithm',
signature_algorithm)
certification_request.setComponentByName('signature', signature)
return encoder.encode(certification_request)