def _generate_cert(server_name, not_valid_before, not_valid_after,
key=RSA_KEY_512_RAW):
"""
Generate a self-signed certificate for test purposes.
:param str server_name: The SAN the certificate should have.
:param ~datetime.datetime not_valid_before: Valid from this moment.
:param ~datetime.datetime not_valid_after: Expiry time.
:param key: The private key.
:rtype: `str`
:return: The certificate in PEM format.
"""
common_name = (
u'san.too.long.invalid' if len(server_name) > 64 else server_name)
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, common_name)])
cert = (
x509.CertificateBuilder()
.subject_name(name)
.issuer_name(name)
.not_valid_before(not_valid_before)
.not_valid_after(not_valid_after)
.serial_number(int(uuid.uuid4()))
.public_key(key.public_key())
.add_extension(
x509.SubjectAlternativeName([x509.DNSName(server_name)]),
critical=False)
.sign(
private_key=key,
algorithm=hashes.SHA256(),
backend=default_backend())
)
return [
Certificate(
cert.public_bytes(serialization.Encoding.PEM)),
RSAPrivateKey(
key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())),
]
评论列表
文章目录
