Projekt

Obecné

Profil

« Předchozí | Další » 

Revize b04aeacb

Přidáno uživatelem Stanislav Král před více než 3 roky(ů)

Re #8307 - The children certificate including the whole chain of trust is now also saved to a PFX store

Zobrazit rozdíly:

openssl_poc.py
145 145 
#
146 146 
# the generated certificate will have the Common Name field set to "MyTestCertificate"
147 147 
# and will be stored to MyTestCertificate.crt
148 
# PFX store containing the whole chain of trust will also be generated (can be imported to Adobe Acrobat Reader)
148 149 
if __name__ == "__main__":
149 150 
    # a name of the child certificate to be generated must be passed to the program via arguments
150 151 
    if len(sys.argv) > 1:
......
195 196 
        puts(child_ca, child_ca_file)
196 197 

  		




  197
  198
  
    
        # store the generated private key used to generate the child. cert


  		




  198
  
  
    
        puts(child_key, get_path(f"{cert_name}.key"))


  		




  
  199
  
    
        child_key_file = get_path(f"{cert_name}.key")


  		




  
  200
  
    
        puts(child_key, child_key_file)


  		




  
  201
  
    

  		




  
  202
  
    
        # export the whole chain of trust including the generated child certificate to a PKCS store


  		




  
  203
  
    
        # "pass" passphrase will be used to encrypt the store


  		




  
  204
  
    
        subprocess.check_output(


  		




  
  205
  
    
            ["openssl", "pkcs12", "-export", "-out", f"{get_path(cert_name)}.pfx", "-inkey", child_key_file, "-in",


  		




  
  206
  
    
             child_ca_file, "-certfile", get_path("inter.crt"), "-passout", "pass:pass"],


  		




  
  207
  
    
            encoding="utf-8")


  		




  199
  208
  
    

  		




  200
  209
  
    
        #####################################


  		




  201
  210
  
    
        # TEST SECTION


  		




  ......




  239
  248
  
    
        assert subprocess.check_output(


  		




  240
  249
  
    
            ["openssl", "verify", "-CAfile", get_path("root.crt"), "-untrusted", get_path("inter.crt"), child_ca_file])


  		




  241
  250
  
    

  		




  242
  
  
    
        print(f"TESTS PASSED!!! \n{cert_name} certificate created successfully")


  		




  
  251
  
    
        print(f"""TESTS PASSED!!! \n\n"{cert_name}" certificate created successfully""")


  		




  
  252
  
    
        print(


  		




  
  253
  
    
            f"""PFX store with the generated certificate and the whole chain of trust saved to:\n{cert_name}.pfx (protecteed by "pass" passphrase)""")


  		












Také k dispozici:  Unified diff