diff options
author | Martin Paljak <martin@martinpaljak.net> | 2013-04-29 12:42:36 +0300 |
---|---|---|
committer | Matěj Cepl <mcepl@cepl.eu> | 2015-11-25 20:59:55 +0100 |
commit | aeeb47d298dcc15ef9d99f8c5ebbaba598c3bf16 (patch) | |
tree | 6d653a4d4e22e574449af2900eff7449bd794f10 /tests/makecerts.py | |
parent | 8e6a43db5c4fef0117e55827874a68c62137a70f (diff) | |
download | m2crypto-aeeb47d298dcc15ef9d99f8c5ebbaba598c3bf16.tar.gz |
Import the makecerts.py from OSAP bugzilla
Diffstat (limited to 'tests/makecerts.py')
-rw-r--r-- | tests/makecerts.py | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/tests/makecerts.py b/tests/makecerts.py new file mode 100644 index 0000000..284e044 --- /dev/null +++ b/tests/makecerts.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# +# Create test certificates: +# +# ca.pem +# server.pem +# recipient.pem +# signer.pem +# x509.pem +# + +import time +from M2Crypto import X509, RSA, EVP, ASN1, m2 + +t = long(time.time()) + time.timezone +before = ASN1.ASN1_UTCTIME() +before.set_time(t) +after = ASN1.ASN1_UTCTIME() +after.set_time(t + 60 * 60 * 24 * 365 * 10) # 10 years + +serial = 1 + +def callback(self, *args): + return ' ' + +def req(name): + rsa = RSA.load_key(name + '_key.pem') + pk = EVP.PKey() + pk.assign_rsa(rsa) + req = X509.Request() + req.set_pubkey(pk) + n = req.get_subject() + n.C = 'US' + n.O = 'M2Crypto ' + name + n.CN = 'localhost' + req.sign(pk, 'sha256') + return req, pk + +def saveTextPemKey(cert, name): + f = open(name + '.pem', 'wb') + for line in cert.as_text(): + f.write(line) + for line in cert.as_pem(): + f.write(line) + for line in open(name + '_key.pem', 'rb'): + f.write(line) + f.close() + +def issue(request, ca, capk): + global serial + + pkey = request.get_pubkey() + sub = request.get_subject() + + cert = X509.X509() + cert.set_version(2) + cert.set_subject(sub) + cert.set_serial_number(serial) + serial += 1 + + issuer = ca.get_subject() + cert.set_issuer(issuer) + + cert.set_pubkey(pkey) + + cert.set_not_before(before) + cert.set_not_after(after) + + cert.sign(capk, 'sha256') + + assert cert.verify(capk) + + return cert + +def mk_ca(): + r, pk = req('ca') + pkey = r.get_pubkey() + sub = r.get_subject() + + cert = X509.X509() + cert.set_version(2) + cert.set_subject(sub) + cert.set_serial_number(0) + + issuer = X509.X509_Name() + issuer.C = sub.C + issuer.O = sub.O + issuer.CN = sub.CN + cert.set_issuer(issuer) + + cert.set_pubkey(pkey) + + cert.set_not_before(before) + cert.set_not_after(after) + + ext = X509.new_extension('basicConstraints', 'CA:TRUE') + cert.add_ext(ext) + + cert.sign(pk, 'sha256') + + saveTextPemKey(cert, 'ca') + + return cert, pk + +def mk_server(ca, capk): + r, pk = req('server') + cert = issue(r, ca, capk) + saveTextPemKey(cert, 'server') + +def mk_x509(ca, capk): + r, pk = req('x509') + cert = issue(r, ca, capk) + saveTextPemKey(cert, 'x509') + +def mk_signer(ca, capk): + r, pk = req('signer') + r.get_subject().Email = 'signer@example.com' + cert = issue(r, ca, capk) + saveTextPemKey(cert, 'signer') + +def mk_recipient(ca, capk): + r, pk = req('recipient') + r.get_subject().Email = 'recipient@example.com' + cert = issue(r, ca, capk) + saveTextPemKey(cert, 'recipient') + +if __name__ == '__main__': + names = ['ca', 'server', 'recipient', 'signer', 'x509'] + + for name in names: + rsa = RSA.gen_key(2048, m2.RSA_F4) + rsa.save_key('%s_key.pem' % name, None) + + ca, pk = mk_ca() + mk_server(ca, pk) + mk_x509(ca, pk) + mk_signer(ca, pk) + mk_recipient(ca, pk) |