def request_issuance(self, csr):
csr = csr.csr
# TODO: Only in Cryptography 1.3
# assert csr.is_signature_valid
cert = (
x509.CertificateBuilder()
.subject_name(csr.subject)
.issuer_name(self._ca_name)
.not_valid_before(self._now() - timedelta(seconds=3600))
.not_valid_after(self._now() + timedelta(days=90))
.serial_number(int(uuid4()))
.public_key(csr.public_key())
.add_extension(
csr.extensions.get_extension_for_oid(
ExtensionOID.SUBJECT_ALTERNATIVE_NAME).value,
critical=False)
.add_extension(
x509.SubjectKeyIdentifier.from_public_key(csr.public_key()),
critical=False)
.add_extension(self._ca_aki, critical=False)
.sign(
private_key=self._ca_key,
algorithm=hashes.SHA256(),
backend=default_backend()))
cert_res = messages.CertificateResource(
body=cert.public_bytes(encoding=serialization.Encoding.DER))
return self._controller.issue().addCallback(lambda _: cert_res)
评论列表
文章目录
