def generate_peer_cert(self, cn, password=None):
"""Peer ??? ??
???/???? ???(ECC Key), ????? 1?
:param cn: ?? CommonName
:param password: ??? ??? ????(8?? ??)
"""
pri_key = ec.generate_private_key(ec.SECP256K1(), default_backend())
pub_key = pri_key.public_key()
issuer_name = self.__ca_cert.issuer
ou = issuer_name.get_attributes_for_oid(NameOID.ORGANIZATIONAL_UNIT_NAME)[0].value
o = issuer_name.get_attributes_for_oid(NameOID.ORGANIZATION_NAME)[0].value
subject_name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, cn),
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, ou),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, o),
x509.NameAttribute(NameOID.COUNTRY_NAME, "kr")
])
expire_period = self.__peer_expired
serial_number = self.__LAST_PEER_INDEX + 1
key_usage = x509.KeyUsage(digital_signature=True, content_commitment=False,
key_encipherment=True, data_encipherment=False, key_agreement=False,
key_cert_sign=False, crl_sign=False,
encipher_only=False, decipher_only=False)
new_cert = self.__generate_cert(pub_key=pub_key, subject_name=subject_name,
issuer_name=issuer_name, serial_number=serial_number,
expire_period=expire_period, key_usage=key_usage,
issuer_priv=self.__ca_pri, issuer_cert=self.__ca_cert)
cert_pem = new_cert.public_bytes(encoding=serialization.Encoding.PEM)
if password is None:
pri_pem = pri_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
else:
pri_pem = pri_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(password=password)
)
ca_cert_pem = self.__ca_cert.public_bytes(encoding=serialization.Encoding.PEM)
peer_path = join(self.__DEFAULT_PATH, cn)
self.__save(peer_path, cert_bytes=cert_pem, pri_bytes=pri_pem, ca_cert=ca_cert_pem)
# ???? ??
self.__load_peer_certificate(cert_bytes=cert_pem)
self.__show_certificate(new_cert)
评论列表
文章目录
