def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
cert.set_pubkey(pkey)
cert.sign(pkey, 'sha256')
return cert, pkey
python类TYPE_RSA的实例源码
def generateSSLCert():
if not os.path.exists(os.path.join(config.DATA_DIR, 'plexivity.key')) or not os.path.exists(os.path.join(config.DATA_DIR, 'plexivity.crt')):
logger.warning("plexivity was started with ssl support but no cert was found, trying to generating cert and key now")
try:
from OpenSSL import crypto, SSL
from socket import gethostname
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = "US"
cert.get_subject().ST = "plex land"
cert.get_subject().L = "plex land"
cert.get_subject().O = "plexivity"
cert.get_subject().OU = "plexivity"
cert.get_subject().CN = gethostname()
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha1')
open(os.path.join(config.DATA_DIR, 'plexivity.crt'), "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
open(os.path.join(config.DATA_DIR, 'plexivity.key'), "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
logger.info("ssl cert and key generated and saved to: %s" % config.DATA_DIR)
except:
logger.error("unable to generate ssl key and cert")
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def create_self_signed_cert():
"""
If ssl.cert and ssl.key don't exist in config, create a new self-signed cert and keypair and write them into that directory.
"""
if not isfile(CERT_FILE) or not isfile(KEY_FILE):
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 4096)
# create a self-signed certificate
cert = crypto.X509()
subj = cert.get_subject()
subj.C = "DE"
subj.ST = "Hessen"
subj.L = "Darmstadt"
subj.O = "github.com/BjoernPetersen/MusicBot"
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(5 * 365 * 24 * 60 * 60)
cert.set_issuer(subj)
cert.set_pubkey(k)
cert.sign(k, "sha256")
with open(KEY_FILE, 'wb') as key_file:
key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
with open(CERT_FILE, 'wb') as cert_file:
cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def generate_adhoc_ssl_pair(cn=None):
from random import random
from OpenSSL import crypto
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxint))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 768)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def create_key_pair(self, bits=4096, type=crypto.TYPE_RSA):
"""
Create a key pair for use in PKI
Arguments: bits - the number of bits to use in the private key
type - the type of key (currently only crypto.TYPE_RSA supported)
"""
if bits % 1024 != 0 or bits < 2048 != 0:
raise ValueError("This implementation requires a key size evenly divisible by 1024 and larger than 2048.")
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, bits)
return k
def create_key_pair(self, bits=4096, type=crypto.TYPE_RSA):
"""
Create a key pair for use in PKI
Arguments: bits - the number of bits to use in the private key
type - the type of key (currently only crypto.TYPE_RSA supported)
"""
if bits % 1024 != 0 or bits < 2048 != 0:
raise ValueError("This implementation requires a key size evenly divisible by 1024 and larger than 2048.")
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, bits)
return k
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
cert.set_pubkey(pkey)
cert.sign(pkey, 'sha256')
return cert, pkey
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def generate_self_signed_cert_pair(key_size, valid_for_days,
signature_alg, subject):
"""Generate self signed certificate and key pair"""
validate_cert_params(key_size, valid_for_days,
signature_alg, subject)
# generate key pair
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, key_size)
# generate certificate
cert = crypto.X509()
cert.get_subject().C = subject.get(CERT_SUBJECT_COUNTRY, 'US')
cert.get_subject().ST = subject.get(CERT_SUBJECT_STATE, 'California')
cert.get_subject().O = subject.get(CERT_SUBJECT_ORG, 'MyOrg')
cert.get_subject().OU = subject.get(CERT_SUBJECT_UNIT, 'MyUnit')
cert.get_subject().CN = subject.get(CERT_SUBJECT_HOST, 'myorg.com')
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(valid_for_days * 24 * 60 * 60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(key)
cert.set_serial_number(int(time()))
cert.sign(key, signature_alg)
return cert, key
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def generate_csr_and_key(user='TestUser'):
"""
TestUser is the user proposed by the documentation,
which will be ignored
"""
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 1024)
req = crypto.X509Req()
req.get_subject().CN = user
req.set_pubkey(key)
req.sign(key, "sha1")
# print("CSR", key, req)
return key, req
def certificateUpdate():
print art
print "\nCertificate Update Script - Block SSL\n"
# create a key pair or use the old one
ans = raw_input("Do you have your old keys.key file with your key pair? [Y]es [N]o, default: [Y]\n")
if ans == "n" or ans == "N":
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
print "Creating a new key pair:"
print "Warning: This is a pseudo-random generation.\n"
else:
print "Place your keys.key file in the scripts directory.\n"
k = crypto.PKey()
with open("keys.key", "r") as k:
k = crypto.load_privatekey(crypto.FILETYPE_PEM, k.read())
# create a self-signed cert
cert = crypto.X509()
createCert(k, cert)
open("certificate.crt", "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
print "\nCertificate created in file: certificate.crt"
if ans == "n" or ans == "N":
open("keys.key", "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
print "\nKeys saved in file: keys.key\n"
ans2 = raw_input("Do you want to send your certificate to the blockchain? [Y]es [N]o, default: [Y]")
if ans2 == "Y" or ans2 == "y" or ans2 == "" or ans2 == " ":
i = 2
sendCertificate(i)
sys.exit()
def certificateUpdate():
print art
print "\nCertificate Update Script - Block SSL\n"
# create a key pair or use the old one
ans = raw_input("Do you have your old keys.key file with your key pair? [Y]es [N]o, default: [Y]\n")
if ans == "n" or ans == "N":
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 4096)
print "Creating a new key pair:"
print "Warning: This is a pseudo-random generation.\n"
else:
print "Place your keys.key file in the scripts directory.\n"
k = crypto.PKey()
with open("keys.key", "r") as k:
k = crypto.load_privatekey(crypto.FILETYPE_PEM, k.read())
# create a self-signed cert
cert = crypto.X509()
createCert(k, cert)
open("certificate.crt", "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
print "\nCertificate created in file: certificate.crt"
if ans == "n" or ans == "N":
open("keys.key", "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
print "\nKeys saved in file: keys.key\n"
ans2 = raw_input("Do you want to send your certificate to the blockchain? [Y]es [N]o, default: [Y]")
if ans2 == "Y" or ans2 == "y" or ans2 == "" or ans2 == " ":
i = 2
sendCertificate(i)
sys.exit()
def generate_adhoc_ssl_pair(cn=None):
from random import random
from OpenSSL import crypto
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxint))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 768)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def generate_adhoc_ssl_pair(cn=None):
from random import random
crypto = _get_openssl_crypto_module()
# pretty damn sure that this is not actually accepted by anyone
if cn is None:
cn = '*'
cert = crypto.X509()
cert.set_serial_number(int(random() * sys.maxsize))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
subject = cert.get_subject()
subject.CN = cn
subject.O = 'Dummy Certificate'
issuer = cert.get_issuer()
issuer.CN = 'Untrusted Authority'
issuer.O = 'Self-Signed'
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
cert.set_pubkey(pkey)
cert.sign(pkey, 'md5')
return cert, pkey
def createKeyPair(type, bits):
"""
Create a public/private key pair.
Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
bits - Number of bits to use in the key
Returns: The public/private key pair in a PKey object
"""
pkey = crypto.PKey()
pkey.generate_key(type, bits)
return pkey
