def set_path_len_constraint_neg(tbs, asn): new_bc = x509.basic_constraints(True, asn, -2) extensions = tbs['extensions'] tbs['extensions'] = [ new_bc if ext['extnID'] == x509.oid_map['basicConstraints'] else ext for ext in extensions ]
def make_issuer_non_ca(tbs, asn): new_bc = x509.basic_constraints(False, asn) extensions = tbs['extensions'] tbs['extensions'] = [ new_bc if ext['extnID'] == x509.oid_map['basicConstraints'] else ext for ext in extensions ]
def invalid_tbs(issuer_public_key, subject_public_key, issuer_cn, subject_cn, additional_extensions, asn): pub_info = x509.subject_public_key_info(subject_public_key, asn) sigalg = x509.algorithm_identifier('sha256WithRSAEncryption') issuer_cn = x509.attribute_type_and_value('commonName', issuer_cn) issuer = x509.name([issuer_cn]) subject_cn = x509.attribute_type_and_value('commonName', subject_cn) subject = x509.name([subject_cn]) valid = validity_field('not a time', misc.current_time_offset(365)) skid = x509.subject_key_identifier(subject_public_key, asn) akid = x509.authority_key_identifier(issuer_public_key, asn) usage = x509.key_usage(['digitalSignature', 'keyEncipherment'], asn) bc = x509.basic_constraints(False, asn) extensions = [akid, skid, usage, bc] + additional_extensions tbs = { 'version': 2, 'serialNumber': 2, 'signature': sigalg, 'issuer': issuer, 'validity': valid, 'subject': subject, 'subjectPublicKeyInfo': pub_info, 'extensions': extensions } return tbs
def set_bc_not_critical(tbs, asn): new_bc = x509.basic_constraints(True, asn) new_bc['critical'] = False extensions = tbs['extensions'] tbs['extensions'] = [ new_bc if ext['extnID'] == x509.oid_map['basicConstraints'] else ext for ext in extensions ]
def create_duplicate_bc_extension(asn): return x509.basic_constraints(False, asn)