Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 384264f4b99bf9411cc95f05ceccddf621834c2a / . / examples / mk_simple_certs.py
blob: f0416cd1145d664f5c8e2c5ce4e65d14ff97ebf6 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1"""
2Create certificates and private keys for the 'simple' example.
3"""
4
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]5from __future__ import print_function
6
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]7from OpenSSL import crypto
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]8from certgen import (
9 createKeyPair,
10 createCertRequest,
11 createCertificate,
12)
13
14cakey = createKeyPair(crypto.TYPE_RSA, 2048)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]15careq = createCertRequest(cakey, CN='Certificate Authority')
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]16# CA certificate is valid for five years.
17cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5))
Jim Shaver05298862015-04-29 01:09:13 -0400[diff] [blame]18
Jim Shaver6b5d3812015-04-25 17:45:53 -0400[diff] [blame]19print('Creating Certificate Authority private key in "simple/CA.pkey"')
Jim Shaveraab9ddd2015-04-29 23:11:48 -0400[diff] [blame]20with open('simple/CA.pkey', 'w') as capkey:
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]21 capkey.write(
22 crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8')
23 )
24
Jim Shaver6b5d3812015-04-25 17:45:53 -0400[diff] [blame]25print('Creating Certificate Authority certificate in "simple/CA.cert"')
Jim Shaveraab9ddd2015-04-29 23:11:48 -0400[diff] [blame]26with open('simple/CA.cert', 'w') as ca:
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]27 ca.write(
28 crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8')
29 )
Jim Shaver05298862015-04-29 01:09:13 -0400[diff] [blame]30
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]31for (fname, cname) in [('client', 'Simple Client'),
32 ('server', 'Simple Server')]:
33 pkey = createKeyPair(crypto.TYPE_RSA, 2048)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]34 req = createCertRequest(pkey, CN=cname)
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]35 # Certificates are valid for five years.
36 cert = createCertificate(req, (cacert, cakey), 1, (0, 60*60*24*365*5))
Jim Shaveraab9ddd2015-04-29 23:11:48 -0400[diff] [blame]37
Hynek Schlawack8b7e4552016-03-13 07:51:09 +0100[diff] [blame]38 print('Creating Certificate %s private key in "simple/%s.pkey"'
39 % (fname, fname))
40 with open('simple/%s.pkey' % (fname,), 'w') as leafpkey:
41 leafpkey.write(
42 crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8')
43 )
44
45 print('Creating Certificate %s certificate in "simple/%s.cert"'
46 % (fname, fname))
47 with open('simple/%s.cert' % (fname,), 'w') as leafcert:
48 leafcert.write(
49 crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')
50 )