1 # -*- coding: latin-1 -*-
3 # Copyright (C) AB Strakt
4 # Copyright (C) Jean-Paul Calderone
5 # See LICENSE for details.
8 Certificate generation module.
11 from OpenSSL import crypto
13 TYPE_RSA = crypto.TYPE_RSA
14 TYPE_DSA = crypto.TYPE_DSA
16 def createKeyPair(type, bits):
18 Create a public/private key pair.
20 Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
21 bits - Number of bits to use in the key
22 Returns: The public/private key pair in a PKey object
25 pkey.generate_key(type, bits)
28 def createCertRequest(pkey, digest="md5", **name):
30 Create a certificate request.
32 Arguments: pkey - The key to associate with the request
33 digest - Digestion method to use for signing, default is md5
34 **name - The name of the subject of the request, possible
37 ST - State or province name
40 OU - Organizational unit name
42 emailAddress - E-mail address
43 Returns: The certificate request in an X509Req object
45 req = crypto.X509Req()
46 subj = req.get_subject()
48 for (key,value) in name.items():
49 setattr(subj, key, value)
52 req.sign(pkey, digest)
55 def createCertificate(req, (issuerCert, issuerKey), serial, (notBefore, notAfter), digest="md5"):
57 Generate a certificate given a certificate request.
59 Arguments: req - Certificate reqeust to use
60 issuerCert - The certificate of the issuer
61 issuerKey - The private key of the issuer
62 serial - Serial number for the certificate
63 notBefore - Timestamp (relative to now) when the certificate
65 notAfter - Timestamp (relative to now) when the certificate
67 digest - Digest method to use for signing, default is md5
68 Returns: The signed certificate in an X509 object
71 cert.set_serial_number(serial)
72 cert.gmtime_adj_notBefore(notBefore)
73 cert.gmtime_adj_notAfter(notAfter)
74 cert.set_issuer(issuerCert.get_subject())
75 cert.set_subject(req.get_subject())
76 cert.set_pubkey(req.get_pubkey())
77 cert.sign(issuerKey, digest)