mirror of
				https://github.com/OpenKMIP/PyKMIP.git
				synced 2025-10-25 01:24:15 +02:00 
			
		
		
		
	Merge pull request #409 from OpenKMIP/feat/add-certs-script
Add a certificate creation script
This commit is contained in:
		
						commit
						b963f7094e
					
				
							
								
								
									
										203
									
								
								bin/create_certificates.py
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										203
									
								
								bin/create_certificates.py
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,203 @@ | ||||
| #!/usr/bin/env python | ||||
| 
 | ||||
| from cryptography import x509 | ||||
| from cryptography.hazmat import backends | ||||
| from cryptography.hazmat.primitives import hashes | ||||
| from cryptography.hazmat.primitives import serialization | ||||
| from cryptography.hazmat.primitives.asymmetric import rsa | ||||
| 
 | ||||
| import datetime | ||||
| 
 | ||||
| 
 | ||||
| def create_rsa_private_key(key_size=2048, public_exponent=65537): | ||||
|     private_key = rsa.generate_private_key( | ||||
|         public_exponent=public_exponent, | ||||
|         key_size=key_size, | ||||
|         backend=backends.default_backend() | ||||
|     ) | ||||
|     return private_key | ||||
| 
 | ||||
| 
 | ||||
| def create_self_signed_certificate(subject_name, private_key, days_valid=365): | ||||
|     subject = x509.Name([ | ||||
|         x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."), | ||||
|         x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name) | ||||
|     ]) | ||||
|     certificate = x509.CertificateBuilder().subject_name( | ||||
|         subject | ||||
|     ).issuer_name( | ||||
|         subject | ||||
|     ).public_key( | ||||
|         private_key.public_key() | ||||
|     ).serial_number( | ||||
|         x509.random_serial_number() | ||||
|     ).not_valid_before( | ||||
|         datetime.datetime.utcnow() | ||||
|     ).not_valid_after( | ||||
|         datetime.datetime.utcnow() + datetime.timedelta(days=days_valid) | ||||
|     ).sign(private_key, hashes.SHA256(), backends.default_backend()) | ||||
| 
 | ||||
|     return certificate | ||||
| 
 | ||||
| 
 | ||||
| def create_certificate(subject_name, | ||||
|                        private_key, | ||||
|                        signing_certificate, | ||||
|                        signing_key, | ||||
|                        days_valid=365, | ||||
|                        client_auth=False): | ||||
|     subject = x509.Name([ | ||||
|         x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."), | ||||
|         x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name) | ||||
|     ]) | ||||
|     builder = x509.CertificateBuilder().subject_name( | ||||
|         subject | ||||
|     ).issuer_name( | ||||
|         signing_certificate.subject | ||||
|     ).public_key( | ||||
|         private_key.public_key() | ||||
|     ).serial_number( | ||||
|         x509.random_serial_number() | ||||
|     ).not_valid_before( | ||||
|         datetime.datetime.utcnow() | ||||
|     ).not_valid_after( | ||||
|         datetime.datetime.utcnow() + datetime.timedelta(days=days_valid) | ||||
|     ) | ||||
| 
 | ||||
|     if client_auth: | ||||
|         builder = builder.add_extension( | ||||
|             x509.ExtendedKeyUsage([x509.ExtendedKeyUsageOID.CLIENT_AUTH]), | ||||
|             critical=True | ||||
|         ) | ||||
| 
 | ||||
|     certificate = builder.sign( | ||||
|         signing_key, | ||||
|         hashes.SHA256(), | ||||
|         backends.default_backend() | ||||
|     ) | ||||
|     return certificate | ||||
| 
 | ||||
| 
 | ||||
| def main(): | ||||
|     root_key = create_rsa_private_key() | ||||
|     root_certificate = create_self_signed_certificate( | ||||
|         u"Root CA", | ||||
|         root_key | ||||
|     ) | ||||
| 
 | ||||
|     server_key = create_rsa_private_key() | ||||
|     server_certificate = create_certificate( | ||||
|         u"Server Certificate", | ||||
|         server_key, | ||||
|         root_certificate, | ||||
|         root_key | ||||
|     ) | ||||
| 
 | ||||
|     john_doe_client_key = create_rsa_private_key() | ||||
|     john_doe_client_certificate = create_certificate( | ||||
|         u"John Doe", | ||||
|         john_doe_client_key, | ||||
|         root_certificate, | ||||
|         root_key, | ||||
|         client_auth=True | ||||
|     ) | ||||
|     jane_doe_client_key = create_rsa_private_key() | ||||
|     jane_doe_client_certificate = create_certificate( | ||||
|         u"Jane Doe", | ||||
|         jane_doe_client_key, | ||||
|         root_certificate, | ||||
|         root_key, | ||||
|         client_auth=True | ||||
|     ) | ||||
|     john_smith_client_key = create_rsa_private_key() | ||||
|     john_smith_client_certificate = create_certificate( | ||||
|         u"John Smith", | ||||
|         john_smith_client_key, | ||||
|         root_certificate, | ||||
|         root_key, | ||||
|         client_auth=True | ||||
|     ) | ||||
|     jane_smith_client_key = create_rsa_private_key() | ||||
|     jane_smith_client_certificate = create_certificate( | ||||
|         u"Jane Smith", | ||||
|         jane_smith_client_key, | ||||
|         root_certificate, | ||||
|         root_key, | ||||
|     ) | ||||
| 
 | ||||
|     with open("root_key.pem", "w") as f: | ||||
|         f.write(root_key.private_bytes( | ||||
|             encoding=serialization.Encoding.PEM, | ||||
|             format=serialization.PrivateFormat.PKCS8, | ||||
|             encryption_algorithm=serialization.NoEncryption() | ||||
|         )) | ||||
|     with open("root_certificate.pem", "w") as f: | ||||
|         f.write( | ||||
|             root_certificate.public_bytes( | ||||
|                 serialization.Encoding.PEM | ||||
|             ) | ||||
|         ) | ||||
|     with open("server_key.pem", "w") as f: | ||||
|         f.write(server_key.private_bytes( | ||||
|             encoding=serialization.Encoding.PEM, | ||||
|             format=serialization.PrivateFormat.PKCS8, | ||||
|             encryption_algorithm=serialization.NoEncryption() | ||||
|         )) | ||||
|     with open("server_certificate.pem", "w") as f: | ||||
|         f.write( | ||||
|             server_certificate.public_bytes( | ||||
|                 serialization.Encoding.PEM | ||||
|             ) | ||||
|         ) | ||||
|     with open("client_key_john_doe.pem", "w") as f: | ||||
|         f.write(john_doe_client_key.private_bytes( | ||||
|             encoding=serialization.Encoding.PEM, | ||||
|             format=serialization.PrivateFormat.PKCS8, | ||||
|             encryption_algorithm=serialization.NoEncryption() | ||||
|         )) | ||||
|     with open("client_certificate_john_doe.pem", "w") as f: | ||||
|         f.write( | ||||
|             john_doe_client_certificate.public_bytes( | ||||
|                 serialization.Encoding.PEM | ||||
|             ) | ||||
|         ) | ||||
|     with open("client_key_jane_doe.pem", "w") as f: | ||||
|         f.write(jane_doe_client_key.private_bytes( | ||||
|             encoding=serialization.Encoding.PEM, | ||||
|             format=serialization.PrivateFormat.PKCS8, | ||||
|             encryption_algorithm=serialization.NoEncryption() | ||||
|         )) | ||||
|     with open("client_certificate_jane_doe.pem", "w") as f: | ||||
|         f.write( | ||||
|             jane_doe_client_certificate.public_bytes( | ||||
|                 serialization.Encoding.PEM | ||||
|             ) | ||||
|         ) | ||||
|     with open("client_key_john_smith.pem", "w") as f: | ||||
|         f.write(john_smith_client_key.private_bytes( | ||||
|             encoding=serialization.Encoding.PEM, | ||||
|             format=serialization.PrivateFormat.PKCS8, | ||||
|             encryption_algorithm=serialization.NoEncryption() | ||||
|         )) | ||||
|     with open("client_certificate_john_smith.pem", "w") as f: | ||||
|         f.write( | ||||
|             john_smith_client_certificate.public_bytes( | ||||
|                 serialization.Encoding.PEM | ||||
|             ) | ||||
|         ) | ||||
|     with open("client_key_jane_smith.pem", "w") as f: | ||||
|         f.write(jane_smith_client_key.private_bytes( | ||||
|             encoding=serialization.Encoding.PEM, | ||||
|             format=serialization.PrivateFormat.PKCS8, | ||||
|             encryption_algorithm=serialization.NoEncryption() | ||||
|         )) | ||||
|     with open("client_certificate_jane_smith.pem", "w") as f: | ||||
|         f.write( | ||||
|             jane_smith_client_certificate.public_bytes( | ||||
|                 serialization.Encoding.PEM | ||||
|             ) | ||||
|         ) | ||||
| 
 | ||||
| 
 | ||||
| if __name__ == '__main__': | ||||
|     main() | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user