Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 384264f4b99bf9411cc95f05ceccddf621834c2a / . / examples / certgen.py
blob: 7b70e98b8086e772e9ebb09629d3348f9e4b0d6b [file] [log] [blame]
Jean-Paul Calderone3de9f622008-03-12 14:12:19 -0400[diff] [blame]1# -*- coding: latin-1 -*-
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]2#
Jean-Paul Calderonede0a71e2011-03-02 19:55:11 -0500[diff] [blame]3# Copyright (C) AB Strakt
4# Copyright (C) Jean-Paul Calderone
5# See LICENSE for details.
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]6
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]7"""
8Certificate generation module.
9"""
10
11from OpenSSL import crypto
12
13TYPE_RSA = crypto.TYPE_RSA
14TYPE_DSA = crypto.TYPE_DSA
15
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]16
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]17def createKeyPair(type, bits):
18 """
19 Create a public/private key pair.
20
21 Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
22 bits - Number of bits to use in the key
23 Returns: The public/private key pair in a PKey object
24 """
25 pkey = crypto.PKey()
26 pkey.generate_key(type, bits)
27 return pkey
28
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]29
Jim Shaver0d4ec3e2015-04-28 23:56:19 -0400[diff] [blame]30def createCertRequest(pkey, digest="sha256", **name):
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]31 """
32 Create a certificate request.
33
34 Arguments: pkey - The key to associate with the request
Jim Shavera6d16be2015-04-29 01:35:50 -0400[diff] [blame]35 digest - Digestion method to use for signing, default is sha256
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]36 **name - The name of the subject of the request, possible
37 arguments are:
38 C - Country name
39 ST - State or province name
40 L - Locality name
41 O - Organization name
42 OU - Organizational unit name
43 CN - Common name
44 emailAddress - E-mail address
45 Returns: The certificate request in an X509Req object
46 """
47 req = crypto.X509Req()
48 subj = req.get_subject()
49
Jim Shaver90a31172015-04-30 08:32:49 -0400[diff] [blame]50 for key, value in name.items():
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]51 setattr(subj, key, value)
52
53 req.set_pubkey(pkey)
54 req.sign(pkey, digest)
55 return req
56
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]57
58def createCertificate(req, issuerCertKey, serial, validityPeriod,
59 digest="sha256"):
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]60 """
61 Generate a certificate given a certificate request.
62
kjav27473e52015-09-04 11:38:49 +0100[diff] [blame]63 Arguments: req - Certificate request to use
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]64 issuerCert - The certificate of the issuer
65 issuerKey - The private key of the issuer
66 serial - Serial number for the certificate
67 notBefore - Timestamp (relative to now) when the certificate
68 starts being valid
69 notAfter - Timestamp (relative to now) when the certificate
70 stops being valid
Jim Shavera6d16be2015-04-29 01:35:50 -0400[diff] [blame]71 digest - Digest method to use for signing, default is sha256
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]72 Returns: The signed certificate in an X509 object
73 """
Jim Shaver473fe6a2015-04-29 09:42:39 -0400[diff] [blame]74 issuerCert, issuerKey = issuerCertKey
75 notBefore, notAfter = validityPeriod
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]76 cert = crypto.X509()
77 cert.set_serial_number(serial)
78 cert.gmtime_adj_notBefore(notBefore)
79 cert.gmtime_adj_notAfter(notAfter)
80 cert.set_issuer(issuerCert.get_subject())
81 cert.set_subject(req.get_subject())
82 cert.set_pubkey(req.get_pubkey())
83 cert.sign(issuerKey, digest)
84 return cert