def _create_test_cert(cert_file, key_file, subject, valid_days, serial_number):
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2046)
# create a self-signed cert with some basic constraints
cert = crypto.X509()
cert.get_subject().CN = subject
cert.gmtime_adj_notBefore(-1 * 24 * 60 * 60)
cert.gmtime_adj_notAfter(valid_days * 24 * 60 * 60)
cert.set_version(2)
cert.set_serial_number(serial_number)
cert.add_extensions([
crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:1"),
crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash",
subject=cert),
])
cert.add_extensions([
crypto.X509Extension(b"authorityKeyIdentifier", False, b"keyid:always",
issuer=cert)
])
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha256')
cert_str = crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('ascii')
key_str = crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('ascii')
open(cert_file, 'w').write(cert_str)
open(key_file, 'w').write(key_str)
评论列表
文章目录
