你好,感谢你的文章。但是我不得不稍微修改一下代码才能让它工作。这是修改后的代码
from cryptography.hazmat.backends import default_backendfrom cryptography.hazmat.primitives.asymmetric import rsafrom cryptography.hazmat.primitives import hashes, serializationfrom cryptography import x509from cryptography.x509.oid import NameOIDimport datetimeone_day = datetime.timedelta(days=1)today = datetime.date.today()
yest = today - one_daytom = today + one_dayyesterday = datetime.datetime(yest.year, yest.month, yest.day)tomorrow = datetime.datetime(tom.year, tom.month, tom.day)
private_key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend() )
ca_name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'Simple Test CA'),x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Organization'),x509.NameAttribute(NameOID.COUNTRY_NAME, u'US') ])
public_key = private_key.public_key()builder = x509.CertificateBuilder()builder = builder.subject_name(ca_name)builder = builder.issuer_name(ca_name)builder = builder.not_valid_before(yesterday)builder = builder.not_valid_after(tomorrow)builder = builder.serial_number(12345)#x509.random_serial_number())builder = builder.public_key(public_key)builder = builder.add_extension(x509.BasicConstraints(ca=True, path_length=None),critical=True)certificate = builder.sign(private_key=private_key, algorithm=hashes.SHA256(),backend=default_backend() )private_bytes = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.TraditionalOpenSSL,encryption_algorithm=serialization.NoEncryption())public_bytes = certificate.public_bytes(encoding=serialization.Encoding.PEM)with open("caa_ca.pem", "wb") as foutfout.write(private_bytes + public_bytes)with open("caa_ca.crt", "wb") as foutfout.write(public_bytes)
service_private_key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend() )service_public_key = service_private_key.public_key()builder = x509.CertificateBuilder()builder = builder.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, 'service.test.local') ]))builder = builder.issuer_name(ca_name)builder = builder.serial_number(123456)builder = builder.not_valid_before(yesterday)builder = builder.not_valid_after(tomorrow)builder = builder.public_key(public_key)certificate = builder.sign(private_key=private_key, algorithm=hashes.SHA256(),backend=default_backend() )private_bytes = service_private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.TraditionalOpenSSL,encryption_algorithm=serialization.NoEncryption())public_bytes = certificate.public_bytes(encoding=serialization.Encoding.PEM)with open("caa_service.pem", "wb") as foutfout.write(private_bytes + public_bytes)
你好,
感谢你的文章。但是我不得不稍微修改一下代码才能让它工作。
这是修改后的代码
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes, serialization
from cryptography import x509
from cryptography.x509.oid import NameOID
import datetime
one_day = datetime.timedelta(days=1)
today = datetime.date.today()
yest = today - one_day
tom = today + one_day
yesterday = datetime.datetime(yest.year, yest.month, yest.day)
tomorrow = datetime.datetime(tom.year, tom.month, tom.day)
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
ca_name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'Simple Test CA'),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Organization'),
x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')
])
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(ca_name)
builder = builder.issuer_name(ca_name)
builder = builder.not_valid_before(yesterday)
builder = builder.not_valid_after(tomorrow)
builder = builder.serial_number(12345)#x509.random_serial_number())
builder = builder.public_key(public_key)
builder = builder.add_extension(
x509.BasicConstraints(ca=True, path_length=None),
critical=True)
certificate = builder.sign(
private_key=private_key, algorithm=hashes.SHA256(),
backend=default_backend()
)
private_bytes = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
public_bytes = certificate.public_bytes(
encoding=serialization.Encoding.PEM)
with open("caa_ca.pem", "wb") as fout
fout.write(private_bytes + public_bytes)
with open("caa_ca.crt", "wb") as fout
fout.write(public_bytes)
service_private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
service_public_key = service_private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, 'service.test.local')
]))
builder = builder.issuer_name(ca_name)
builder = builder.serial_number(123456)
builder = builder.not_valid_before(yesterday)
builder = builder.not_valid_after(tomorrow)
builder = builder.public_key(public_key)
certificate = builder.sign(
private_key=private_key, algorithm=hashes.SHA256(),
backend=default_backend()
)
private_bytes = service_private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
public_bytes = certificate.public_bytes(
encoding=serialization.Encoding.PEM)
with open("caa_service.pem", "wb") as fout
fout.write(private_bytes + public_bytes)