-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy pathx509.py
More file actions
62 lines (54 loc) · 2.1 KB
/
x509.py
File metadata and controls
62 lines (54 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
from cwt import COSEKey
from typing import Union
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.x509 import Certificate
from cryptography.hazmat.primitives import hashes, serialization
from pymdoccbor import settings
class MsoX509Fabric:
"""
MsoX509Fabric helper class to create a new mso
"""
def selfsigned_x509cert(self, encoding: str = "DER") -> Union[Certificate, bytes]:
"""
Returns an X.509 certificate derived from the private key of the MSO Issuer
:param encoding: str: the encoding to use, default is DER
:return: Union[Certificate, bytes]: the X.509 certificate
"""
ckey = COSEKey.from_bytes(self.private_key.encode())
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, settings.X509_COUNTRY_NAME),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, settings.X509_STATE_OR_PROVINCE_NAME),
x509.NameAttribute(NameOID.LOCALITY_NAME, settings.X509_LOCALITY_NAME),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, settings.X509_ORGANIZATION_NAME),
x509.NameAttribute(NameOID.COMMON_NAME, settings.X509_COMMON_NAME),
])
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
ckey.key.public_key()
).serial_number(
x509.random_serial_number()
).not_valid_before(
settings.X509_NOT_VALID_BEFORE
).not_valid_after(
settings.X509_NOT_VALID_AFTER
).add_extension(
x509.SubjectAlternativeName(
[
x509.UniformResourceIdentifier(
settings.X509_SAN_URL
)
]
),
critical=False,
# Sign our certificate with our private key
).sign(ckey.key, hashes.SHA256())
if not encoding:
return cert
else:
return cert.public_bytes(
getattr(serialization.Encoding, encoding)
)