add code to generate self signed certificates
This commit is contained in:
parent
ae97a3ed83
commit
a3e5e42375
|
@ -26,10 +26,14 @@ PYOPENSSL_PRESENT = False
|
|||
try:
|
||||
import OpenSSL
|
||||
PYOPENSSL_PRESENT = True
|
||||
from OpenSSL import SSL, Context
|
||||
except ImportError:
|
||||
log.info("PyOpenSSL not available")
|
||||
|
||||
if PYOPENSSL_PRESENT:
|
||||
from OpenSSL import SSL
|
||||
from OpenSSL.SSL import Context
|
||||
from OpenSSL import crypto
|
||||
|
||||
def default_callback(connection, certificate, error_num, depth, return_code):
|
||||
log.info("certificate: %s" % certificate)
|
||||
return return_code
|
||||
|
@ -54,3 +58,88 @@ def get_context(fingerprint, verify_cb=None):
|
|||
ctx.load_verify_locations(os.path.expanduser('~/certs/CA.cert'))
|
||||
return ctx
|
||||
|
||||
# the following code is partly due to pyopenssl examples
|
||||
|
||||
TYPE_RSA = crypto.TYPE_RSA
|
||||
TYPE_DSA = crypto.TYPE_DSA
|
||||
|
||||
def createKeyPair(type, bits):
|
||||
"""
|
||||
Create a public/private key pair.
|
||||
|
||||
Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
|
||||
bits - Number of bits to use in the key
|
||||
Returns: The public/private key pair in a PKey object
|
||||
"""
|
||||
pkey = crypto.PKey()
|
||||
pkey.generate_key(type, bits)
|
||||
return pkey
|
||||
|
||||
def createCertRequest(pkey, digest="md5", **name):
|
||||
"""
|
||||
Create a certificate request.
|
||||
|
||||
Arguments: pkey - The key to associate with the request
|
||||
digest - Digestion method to use for signing, default is md5
|
||||
**name - The name of the subject of the request, possible
|
||||
arguments are:
|
||||
C - Country name
|
||||
ST - State or province name
|
||||
L - Locality name
|
||||
O - Organization name
|
||||
OU - Organizational unit name
|
||||
CN - Common name
|
||||
emailAddress - E-mail address
|
||||
Returns: The certificate request in an X509Req object
|
||||
"""
|
||||
req = crypto.X509Req()
|
||||
subj = req.get_subject()
|
||||
|
||||
for (key,value) in name.items():
|
||||
setattr(subj, key, value)
|
||||
|
||||
req.set_pubkey(pkey)
|
||||
req.sign(pkey, digest)
|
||||
return req
|
||||
|
||||
def createCertificate(req, (issuerCert, issuerKey), serial, (notBefore, notAfter), digest="md5"):
|
||||
"""
|
||||
Generate a certificate given a certificate request.
|
||||
|
||||
Arguments: req - Certificate reqeust to use
|
||||
issuerCert - The certificate of the issuer
|
||||
issuerKey - The private key of the issuer
|
||||
serial - Serial number for the certificate
|
||||
notBefore - Timestamp (relative to now) when the certificate
|
||||
starts being valid
|
||||
notAfter - Timestamp (relative to now) when the certificate
|
||||
stops being valid
|
||||
digest - Digest method to use for signing, default is md5
|
||||
Returns: The signed certificate in an X509 object
|
||||
"""
|
||||
cert = crypto.X509()
|
||||
cert.set_serial_number(serial)
|
||||
cert.gmtime_adj_notBefore(notBefore)
|
||||
cert.gmtime_adj_notAfter(notAfter)
|
||||
cert.set_issuer(issuerCert.get_subject())
|
||||
cert.set_subject(req.get_subject())
|
||||
cert.set_pubkey(req.get_pubkey())
|
||||
cert.sign(issuerKey, digest)
|
||||
return cert
|
||||
|
||||
def make_certs(filepath, CN):
|
||||
"""
|
||||
make self signed certificates
|
||||
filepath : absolute path of certificate file, will be appended the '.pkey' and '.cert' extensions
|
||||
CN : common name
|
||||
"""
|
||||
key = createKeyPair(TYPE_RSA, 1024)
|
||||
req = createCertRequest(key, CN=CN)
|
||||
cert = createCertificate(req, (req, key), 0, (0, 60*60*24*365*5)) # five years
|
||||
open(filepath + '.pkey', 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
|
||||
open(filepath + '.cert', 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
make_certs('./selfcert', 'gajim')
|
||||
|
||||
|
|
Loading…
Reference in New Issue