FilesExpand file tree

 main

/

setup.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

141 lines (125 loc) · 4.52 KB

 main

/

setup.py

Top

File metadata and controls

• Code
• Blame

141 lines (125 loc) · 4.52 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

import datetime

from pathlib import Path

from cryptography import x509

from cryptography.hazmat._oid import NameOID

from cryptography.hazmat.primitives import serialization, hashes

from cryptography.hazmat.primitives.asymmetric import rsa

ca_key_passphrase = b'supersecretpassphrase'

def create_ca():

ca_dir = Path('ca')

ca_dir.mkdir(parents=True, exist_ok=True)

ca_key = rsa.generate_private_key(

public_exponent=65537,

key_size=4096

)

with open(ca_dir.joinpath('ca.key'), 'wb') as f:

f.write(ca_key.private_bytes(

encoding=serialization.Encoding.PEM,

format=serialization.PrivateFormat.TraditionalOpenSSL,

encryption_algorithm=serialization.BestAvailableEncryption(ca_key_passphrase)

))

ca_subject = ca_issuer = x509.Name([

x509.NameAttribute(NameOID.COUNTRY_NAME, "DE"),

x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Sachsen-Anhalt"),

x509.NameAttribute(NameOID.LOCALITY_NAME, "Wernigerode"),

x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Hochschule Harz"),

x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Netlab"),

x509.NameAttribute(NameOID.COMMON_NAME, "Netlab Root CA")

])

ca_crt = x509.CertificateBuilder().subject_name(

ca_subject

).issuer_name(

ca_issuer

).public_key(

ca_key.public_key()

).serial_number(

x509.random_serial_number()

).not_valid_before(

datetime.datetime.now(datetime.timezone.utc)

).not_valid_after(

datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=3650)

).add_extension(

x509.SubjectAlternativeName([x509.DNSName("ca.netlab.hs-harz.de")]),

critical=False

).add_extension(

x509.BasicConstraints(True, 2),

critical=False

).add_extension(

x509.KeyUsage(

False,

False,

False,

False,

False,

True,

True,

False,

False

),

critical=False

).add_extension(

x509.SubjectKeyIdentifier.from_public_key(ca_key.public_key()),

critical=False

).sign(ca_key, hashes.SHA256())

with open(ca_dir.joinpath('ca.crt'), 'wb') as f:

f.write(ca_crt.public_bytes(serialization.Encoding.PEM))

intermediate_key = rsa.generate_private_key(

public_exponent=65537,

key_size=4096

)

with open(ca_dir.joinpath('intermediate.key'), 'wb') as f:

f.write(intermediate_key.private_bytes(

encoding=serialization.Encoding.PEM,

format=serialization.PrivateFormat.TraditionalOpenSSL,

encryption_algorithm=serialization.BestAvailableEncryption(ca_key_passphrase)

))

intermediate_subject = x509.Name([

x509.NameAttribute(NameOID.COUNTRY_NAME, "DE"),

x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Sachsen-Anhalt"),

x509.NameAttribute(NameOID.LOCALITY_NAME, "Wernigerode"),

x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Hochschule Harz"),

x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Netlab"),

x509.NameAttribute(NameOID.COMMON_NAME, "Netlab Intermediate CA")

])

intermediate_crt = x509.CertificateBuilder().subject_name(

intermediate_subject

).issuer_name(

ca_issuer

).public_key(

intermediate_key.public_key()

).serial_number(

x509.random_serial_number()

).not_valid_before(

datetime.datetime.now(datetime.timezone.utc)

).not_valid_after(

datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=3650)

).add_extension(

x509.SubjectAlternativeName([x509.DNSName("intermediate-ca.netlab.hs-harz.de")]),

critical=False

).add_extension(

x509.BasicConstraints(True, 1),

critical=False

).add_extension(

x509.KeyUsage(

False,

False,

False,

False,

False,

True,

True,

False,

False

),

critical=False

).add_extension(

x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_key.public_key()),

critical=False

).add_extension(

x509.SubjectKeyIdentifier.from_public_key(intermediate_key.public_key()),

critical=False

).sign(ca_key, hashes.SHA256())

with open(ca_dir.joinpath('intermediate.crt'), 'wb') as f:

f.write(intermediate_crt.public_bytes(serialization.Encoding.PEM))

if __name__ == "__main__":

create_ca()