/src/crypto.py - Komentovat - Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD - Redmine

348a4758

Captain_Trojan

from cryptography import x509

2

from cryptography.x509.oid import NameOID

3

from cryptography.hazmat.primitives import hashes

4

from cryptography.hazmat.primitives import serialization

5

from cryptography.hazmat.primitives.asymmetric import rsa

6

import datetime

7

from time import time

8

9

# Generate our key

10

key = rsa.generate_private_key(

11

    public_exponent=65537,

12

    key_size=2048,

13

14

# Write our key to disk for safe keeping

15

with open("cert/key.pem", "wb") as f:

16

    f.write(key.private_bytes(

17

        encoding=serialization.Encoding.PEM,

18

        format=serialization.PrivateFormat.TraditionalOpenSSL,

19

        encryption_algorithm=serialization.BestAvailableEncryption(b"passphrase"),

20

))

21

22

# Generate a CSR

23

csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([

24

    # Provide various details about who we are.

25

    x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),

26

    x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"),

27

    x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),

28

    x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),

29

    x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"),

30

])).add_extension(

31

    x509.SubjectAlternativeName([

32

        # Describe what sites we want this certificate for.

33

        x509.DNSName(u"mysite.com"),

34

        x509.DNSName(u"www.mysite.com"),

35

        x509.DNSName(u"subdomain.mysite.com"),

36

]),

37

    critical=False,

38

# Sign the CSR with our private key.

39

).sign(key, hashes.SHA256())

40

# Write our CSR out to disk.

41

with open("cert/csr.pem", "wb") as f:

42

    f.write(csr.public_bytes(serialization.Encoding.PEM))

43

44

# Various details about who we are. For a self-signed certificate the

45

# subject and issuer are always the same.

46

subject = issuer = x509.Name([

47

    x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),

48

    x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"),

49

    x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),

50

    x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),

51

    x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"),

52

])

53

cert = x509.CertificateBuilder().subject_name(

54

    subject

55

).issuer_name(

56

    issuer

57

).public_key(

58

    key.public_key()

59

).serial_number(

60

    x509.random_serial_number()

61

).not_valid_before(

62

    datetime.datetime.utcnow()

63

).not_valid_after(

64

    # Our certificate will be valid for 10 days

65

    datetime.datetime.utcnow() + datetime.timedelta(days=10)

66

).add_extension(

67

    x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),

68

    critical=False,

69

# Sign our certificate with our private key

70

).sign(key, hashes.SHA256())

71

# Write our certificate out to disk.

72

with open("cert/certificate.pem", "wb") as f:

73

    f.write(cert.public_bytes(serialization.Encoding.PEM))

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

aswi2021jmsd-gitlab/src/crypto.py @ 348a4758