def MakeCASignedCert(common_name,
private_key,
ca_cert,
ca_private_key,
serial_number=2,
session=None):
"""Make a cert and sign it with the CA's private key."""
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.issuer_name(ca_cert.get_issuer())
subject = x509.Name([
x509.NameAttribute(oid.NameOID.COMMON_NAME, common_name)
])
builder = builder.subject_name(subject)
valid_from = time.time() - 60 * 60 * 24
valid_until = time.time() + 60 * 60 * 24 * 365 * 10
builder = builder.not_valid_before(datetime.datetime.fromtimestamp(
valid_from))
builder = builder.not_valid_after(datetime.datetime.fromtimestamp(
valid_until))
builder = builder.serial_number(serial_number)
builder = builder.public_key(public_key.get_raw_key())
builder = builder.add_extension(
x509.BasicConstraints(
ca=False, path_length=None), critical=True)
certificate = builder.sign(
private_key=ca_private_key.get_raw_key(),
algorithm=hashes.SHA256(),
backend=openssl.backend)
return X509Ceritifcate(session=session).from_raw_key(certificate)
评论列表
文章目录