def build_crl():
#from cryptography import x509
# from cryptography.hazmat.backends import default_backend
#from cryptography.hazmat.primitives import hashes
# from cryptography.hazmat.primitives.asymmetric import rsa
#from cryptography.x509.oid import NameOID
#import datetime
ca=get_newest_ca()
one_day = datetime.timedelta(1, 0, 0)
builder = x509.CertificateRevocationListBuilder()
builder = builder.issuer_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,ca.common_name),
]))
builder = builder.last_update(datetime.datetime.today())
builder = builder.next_update(datetime.datetime.today() + one_day)
revoked_list=Certificate.objects.filter(issuer_serial_number=ca.serial_number,revoked=True)
for revoked_cert in revoked_list:
logger.debug("revoked serial_number: %s",revoked_cert.serial_number)
revoked_cert = x509.RevokedCertificateBuilder().serial_number(int(revoked_cert.serial_number)
).revocation_date(
datetime.datetime.today()
).build(default_backend())
builder = builder.add_revoked_certificate(revoked_cert)
crl = builder.sign(
private_key=loadPEMKey(keyStorePath(ca.serial_number)), algorithm=hashes.SHA256(),
backend=default_backend()
)
dataStream=crl.public_bytes(serialization.Encoding.PEM)
return dataStream
评论列表
文章目录
