def generate(self, passphrase: str = None, common_name=None, days=DEFAULT_CERT_VALIDITY, is_server=False):
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, self.key_length)
cert = crypto.X509()
# cert.get_subject().CN = common_name
cert.get_subject().commonName = common_name
cert.set_serial_number(random.randint(990000, 999999999999999999999999999))
cert.gmtime_adj_notBefore(-600)
cert.gmtime_adj_notAfter(int(datetime.timedelta(days=days).total_seconds()))
cert.set_issuer(self.ca_cert.get_subject())
cert.set_pubkey(k)
cert = self._add_extensions(cert, is_server)
cert.sign(self.ca_key, self.digest)
self.certificate = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
if passphrase:
self.private_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k, cipher="DES-EDE3-CBC", passphrase=passphrase.encode())
else:
self.private_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
return self
评论列表
文章目录
