Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / fde45c99bd76f8889497f61a2bfaf6160dc26b47 / . / examples / certgen.py
blob: da0624f74599290b5911c66cf62e62b20039dc61 [file] [log] [blame]
Jean-Paul Calderone3de9f622008-03-12 14:12:19 -0400[diff] [blame]1# -*- coding: latin-1 -*-
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]2#
Jean-Paul Calderonede0a71e2011-03-02 19:55:11 -0500[diff] [blame]3# Copyright (C) AB Strakt
4# Copyright (C) Jean-Paul Calderone
5# See LICENSE for details.
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]6
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]7"""
8Certificate generation module.
9"""
10
11from OpenSSL import crypto
12
13TYPE_RSA = crypto.TYPE_RSA
14TYPE_DSA = crypto.TYPE_DSA
15
16def createKeyPair(type, bits):
17 """
18 Create a public/private key pair.
19
20 Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
21 bits - Number of bits to use in the key
22 Returns: The public/private key pair in a PKey object
23 """
24 pkey = crypto.PKey()
25 pkey.generate_key(type, bits)
26 return pkey
27
Jim Shaver0d4ec3e2015-04-28 23:56:19 -0400[diff] [blame]28def createCertRequest(pkey, digest="sha256", **name):
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]29 """
30 Create a certificate request.
31
32 Arguments: pkey - The key to associate with the request
Jim Shavera6d16be2015-04-29 01:35:50 -0400[diff] [blame]33 digest - Digestion method to use for signing, default is sha256
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]34 **name - The name of the subject of the request, possible
35 arguments are:
36 C - Country name
37 ST - State or province name
38 L - Locality name
39 O - Organization name
40 OU - Organizational unit name
41 CN - Common name
42 emailAddress - E-mail address
43 Returns: The certificate request in an X509Req object
44 """
45 req = crypto.X509Req()
46 subj = req.get_subject()
47
Jim Shaver90a31172015-04-30 08:32:49 -0400[diff] [blame]48 for key, value in name.items():
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]49 setattr(subj, key, value)
50
51 req.set_pubkey(pkey)
52 req.sign(pkey, digest)
53 return req
54
Jim Shaver0d4ec3e2015-04-28 23:56:19 -0400[diff] [blame]55def createCertificate(req, issuerCertKey, serial, validityPeriod, digest="sha256"):
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]56 """
57 Generate a certificate given a certificate request.
58
kjav27473e52015-09-04 11:38:49 +0100[diff] [blame]59 Arguments: req - Certificate request to use
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]60 issuerCert - The certificate of the issuer
61 issuerKey - The private key of the issuer
62 serial - Serial number for the certificate
63 notBefore - Timestamp (relative to now) when the certificate
64 starts being valid
65 notAfter - Timestamp (relative to now) when the certificate
66 stops being valid
Jim Shavera6d16be2015-04-29 01:35:50 -0400[diff] [blame]67 digest - Digest method to use for signing, default is sha256
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]68 Returns: The signed certificate in an X509 object
69 """
Jim Shaver473fe6a2015-04-29 09:42:39 -0400[diff] [blame]70 issuerCert, issuerKey = issuerCertKey
71 notBefore, notAfter = validityPeriod
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]72 cert = crypto.X509()
73 cert.set_serial_number(serial)
74 cert.gmtime_adj_notBefore(notBefore)
75 cert.gmtime_adj_notAfter(notAfter)
76 cert.set_issuer(issuerCert.get_subject())
77 cert.set_subject(req.get_subject())
78 cert.set_pubkey(req.get_pubkey())
79 cert.sign(issuerKey, digest)
80 return cert
81