mirror of
https://github.com/Tautulli/Tautulli.git
synced 2025-01-04 10:10:00 -08:00
107 lines
3.9 KiB
Python
107 lines
3.9 KiB
Python
# -*- coding: latin-1 -*-
|
|
#
|
|
# Copyright (C) AB Strakt
|
|
# Copyright (C) Jean-Paul Calderone
|
|
# See LICENSE for details.
|
|
|
|
"""
|
|
Certificate generation module.
|
|
"""
|
|
|
|
from OpenSSL import crypto
|
|
|
|
TYPE_RSA = crypto.TYPE_RSA
|
|
TYPE_DSA = crypto.TYPE_DSA
|
|
|
|
def createKeyPair(type, bits):
|
|
"""
|
|
Create a public/private key pair.
|
|
Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
|
|
bits - Number of bits to use in the key
|
|
Returns: The public/private key pair in a PKey object
|
|
"""
|
|
pkey = crypto.PKey()
|
|
pkey.generate_key(type, bits)
|
|
return pkey
|
|
|
|
def createCertRequest(pkey, digest="sha256", **name):
|
|
"""
|
|
Create a certificate request.
|
|
Arguments: pkey - The key to associate with the request
|
|
digest - Digestion method to use for signing, default is sha256
|
|
**name - The name of the subject of the request, possible
|
|
arguments are:
|
|
C - Country name
|
|
ST - State or province name
|
|
L - Locality name
|
|
O - Organization name
|
|
OU - Organizational unit name
|
|
CN - Common name
|
|
emailAddress - E-mail address
|
|
Returns: The certificate request in an X509Req object
|
|
"""
|
|
req = crypto.X509Req()
|
|
subj = req.get_subject()
|
|
|
|
for key, value in name.items():
|
|
setattr(subj, key, value)
|
|
|
|
req.set_pubkey(pkey)
|
|
req.sign(pkey, digest)
|
|
return req
|
|
|
|
def createCertificate(req, issuerCertKey, serial, validityPeriod, digest="sha256"):
|
|
"""
|
|
Generate a certificate given a certificate request.
|
|
Arguments: req - Certificate request to use
|
|
issuerCert - The certificate of the issuer
|
|
issuerKey - The private key of the issuer
|
|
serial - Serial number for the certificate
|
|
notBefore - Timestamp (relative to now) when the certificate
|
|
starts being valid
|
|
notAfter - Timestamp (relative to now) when the certificate
|
|
stops being valid
|
|
digest - Digest method to use for signing, default is sha256
|
|
Returns: The signed certificate in an X509 object
|
|
"""
|
|
issuerCert, issuerKey = issuerCertKey
|
|
notBefore, notAfter = validityPeriod
|
|
cert = crypto.X509()
|
|
cert.set_serial_number(serial)
|
|
cert.gmtime_adj_notBefore(notBefore)
|
|
cert.gmtime_adj_notAfter(notAfter)
|
|
cert.set_issuer(issuerCert.get_subject())
|
|
cert.set_subject(req.get_subject())
|
|
cert.set_pubkey(req.get_pubkey())
|
|
cert.sign(issuerKey, digest)
|
|
return cert
|
|
|
|
def createSelfSignedCertificate(issuerName, issuerKey, serial, notBefore, notAfter, altNames, digest="sha256"):
|
|
"""
|
|
Generate a certificate given a certificate request.
|
|
Arguments: issuerName - The name of the issuer
|
|
issuerKey - The private key of the issuer
|
|
serial - Serial number for the certificate
|
|
notBefore - Timestamp (relative to now) when the certificate
|
|
starts being valid
|
|
notAfter - Timestamp (relative to now) when the certificate
|
|
stops being valid
|
|
altNames - The alternative names
|
|
digest - Digest method to use for signing, default is sha256
|
|
Returns: The signed certificate in an X509 object
|
|
"""
|
|
cert = crypto.X509()
|
|
cert.set_version(2)
|
|
cert.set_serial_number(serial)
|
|
cert.get_subject().CN = issuerName
|
|
cert.gmtime_adj_notBefore(notBefore)
|
|
cert.gmtime_adj_notAfter(notAfter)
|
|
cert.set_issuer(cert.get_subject())
|
|
cert.set_pubkey(issuerKey)
|
|
|
|
if altNames:
|
|
cert.add_extensions([crypto.X509Extension(b"subjectAltName", False, altNames)])
|
|
|
|
cert.sign(issuerKey, digest)
|
|
return cert
|