def __init__(self):
# CA key
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# CA cert
cert = crypto.X509()
cert.set_serial_number(self.__next_serial)
cert.set_version(2)
cert.set_pubkey(key)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cacert_subject = cert.get_subject()
cacert_subject.O = 'kOVHernetes'
cacert_subject.OU = 'kOVHernetes Certificate Authority'
cacert_subject.CN = 'kOVHernetes Root CA'
cert.set_issuer(cacert_subject)
cert.add_extensions((crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert),))
cacert_ext = []
cacert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', True, b'keyid:always,issuer', issuer=cert))
cacert_ext.append(crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE'))
cacert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, cRLSign, keyCertSign'))
cert.add_extensions(cacert_ext)
# sign CA cert with CA key
cert.sign(key, 'sha256')
type(self).__next_serial += 1
self.cert = cert
self.key = key
评论列表
文章目录
