def get_certificate_authority_certificate(self):
if self.keypairs["ca"]["certificate"]:
return self.keypairs["ca"]["certificate"]
else:
if self.path:
with open(os.path.join(self.path, "ca.pem"), "rb") as fp:
certificate = x509.load_pem_x509_certificate(fp.read(), default_backend())
else:
ca_key = self.get_certificate_authority_key()
builder = x509.CertificateBuilder()
builder = builder.serial_number(int(uuid.uuid4()))
builder = builder.not_valid_before(datetime.datetime.today() - datetime.timedelta(1, 0, 0))
builder = builder.not_valid_after(datetime.datetime(2018, 8, 2))
builder = builder.public_key(ca_key.public_key())
builder = builder.subject_name(x509.Name([
x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "US"),
x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, "CO"),
x509.NameAttribute(x509.NameOID.LOCALITY_NAME, "Denver"),
x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "Eldarion, Inc."),
x509.NameAttribute(x509.NameOID.COMMON_NAME, "eldarion.com"),
]))
builder = builder.issuer_name(x509.Name([
x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "US"),
x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, "CO"),
x509.NameAttribute(x509.NameOID.LOCALITY_NAME, "Denver"),
x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "Eldarion, Inc."),
x509.NameAttribute(x509.NameOID.COMMON_NAME, "eldarion.com"),
]))
builder = builder.add_extension(
x509.BasicConstraints(
ca=True,
path_length=None
),
critical=False,
)
certificate = builder.sign(
private_key=ca_key,
algorithm=hashes.SHA256(),
backend=default_backend(),
)
self.keypairs["ca"]["certificate"] = certificate
return certificate
评论列表
文章目录
