jrabbit · March 3, 2016 06:09
diff --git a/crypt_bug.py b/crypt_bug.py
 # -*- coding: utf-8 -*-
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives import serialization

 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.x509.oid import NameOID
 import datetime
 import uuid

 def create_ca():
    one_day = datetime.timedelta(1, 0, 0)
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=4096,
        backend=default_backend()
    )
    builder = x509.CertificateBuilder()
    builder = builder.subject_name(x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, u'localhost'),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Göteborg Bit Factory'),
    ]))
    builder = builder.issuer_name(x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, u'localhost'),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Göteborg Bit Factory'),
    ]))
    builder = builder.not_valid_before(datetime.datetime.today() - one_day)
    builder = builder.not_valid_after(datetime.datetime(2017, 8, 2))
    builder = builder.serial_number(int(uuid.uuid4()))
    builder = builder.public_key(private_key.public_key())
    certificate = builder.sign(
        private_key=private_key, algorithm=hashes.SHA256(),
        backend=default_backend()
    )
    return private_key, certificate


 def sign_cert(our_ca_key, ca_cert):
    one_day = datetime.timedelta(1, 0, 0)
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=4096,
        backend=default_backend()
    )
    public_key = private_key.public_key()

    
    builder = x509.CertificateBuilder()
    builder = builder.subject_name(x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, u'localhost'),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Göteborg Bit Factory'),
    ]))
    # QUE?????
    builder = builder.issuer_name(ca_cert.subject)
    builder = builder.not_valid_before(datetime.datetime.today() - one_day)
    builder = builder.not_valid_after(datetime.datetime(2017, 8, 2))
    builder = builder.serial_number(int(uuid.uuid4()))
    builder = builder.public_key(public_key)
    builder = builder.add_extension(
        x509.BasicConstraints(ca=False, path_length=None), critical=True,
    )
    builder = builder.add_extension(
        x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=True,
                      data_encipherment=False, key_agreement=False, key_cert_sign=False,
                      crl_sign=False, encipher_only=False, decipher_only=False), critical=True
        )
    builder = builder.add_extension(
        x509.ExtendedKeyUsage([x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH]), critical=False
        )
    builder = builder.add_extension(
        x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False
        )
    builder = builder.add_extension(
        x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()), critical=False
        )

    certificate = builder.sign(
        private_key=our_ca_key, algorithm=hashes.SHA256(),
        backend=default_backend()
    )
    private_key_pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.TraditionalOpenSSL,
        encryption_algorithm=serialization.NoEncryption()
    )
    cert_pem = certificate.public_bytes(serialization.Encoding.PEM)
    
    return (cert_pem, private_key_pem)

 if __name__ == '__main__':
    with open("test.cert.pem", 'wb') as f_cert, open("test.key.pem", 'wb') as f_key, open("test.ca.cert.pem", 'wb') as f_cacert, open("tes.ca.key.pem", 'wb') as f_cakey:
        our_ca_key, ca_cert = create_ca()
        f_cakey.write(our_ca_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption()
        ))
        f_cacert.write(ca_cert.public_bytes(serialization.Encoding.PEM))
        cert, key = sign_cert(our_ca_key, ca_cert)
        f_cert.write(cert)
        f_key.write(key)
	# -- coding: utf-8 --
	from cryptography import x509
	from cryptography.hazmat.backends import default_backend
	from cryptography.hazmat.primitives import hashes
	from cryptography.hazmat.primitives import serialization

	from cryptography.hazmat.primitives.asymmetric import rsa
	from cryptography.x509.oid import NameOID
	import datetime
	import uuid

	def create_ca():
	one_day = datetime.timedelta(1, 0, 0)
	private_key = rsa.generate_private_key(
	public_exponent=65537,
	key_size=4096,
	backend=default_backend()
	)
	builder = x509.CertificateBuilder()
	builder = builder.subject_name(x509.Name([
	x509.NameAttribute(NameOID.COMMON_NAME, u'localhost'),
	x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Göteborg Bit Factory'),
	]))
	builder = builder.issuer_name(x509.Name([
	x509.NameAttribute(NameOID.COMMON_NAME, u'localhost'),
	x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Göteborg Bit Factory'),
	]))
	builder = builder.not_valid_before(datetime.datetime.today() - one_day)
	builder = builder.not_valid_after(datetime.datetime(2017, 8, 2))
	builder = builder.serial_number(int(uuid.uuid4()))
	builder = builder.public_key(private_key.public_key())
	certificate = builder.sign(
	private_key=private_key, algorithm=hashes.SHA256(),
	backend=default_backend()
	)
	return private_key, certificate


	def sign_cert(our_ca_key, ca_cert):
	one_day = datetime.timedelta(1, 0, 0)
	private_key = rsa.generate_private_key(
	public_exponent=65537,
	key_size=4096,
	backend=default_backend()
	)
	public_key = private_key.public_key()


	builder = x509.CertificateBuilder()
	builder = builder.subject_name(x509.Name([
	x509.NameAttribute(NameOID.COMMON_NAME, u'localhost'),
	x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Göteborg Bit Factory'),
	]))
	# QUE?????
	builder = builder.issuer_name(ca_cert.subject)
	builder = builder.not_valid_before(datetime.datetime.today() - one_day)
	builder = builder.not_valid_after(datetime.datetime(2017, 8, 2))
	builder = builder.serial_number(int(uuid.uuid4()))
	builder = builder.public_key(public_key)
	builder = builder.add_extension(
	x509.BasicConstraints(ca=False, path_length=None), critical=True,
	)
	builder = builder.add_extension(
	x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=True,
	data_encipherment=False, key_agreement=False, key_cert_sign=False,
	crl_sign=False, encipher_only=False, decipher_only=False), critical=True
	)
	builder = builder.add_extension(
	x509.ExtendedKeyUsage([x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH]), critical=False
	)
	builder = builder.add_extension(
	x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False
	)
	builder = builder.add_extension(
	x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()), critical=False
	)

	certificate = builder.sign(
	private_key=our_ca_key, algorithm=hashes.SHA256(),
	backend=default_backend()
	)
	private_key_pem = private_key.private_bytes(
	encoding=serialization.Encoding.PEM,
	format=serialization.PrivateFormat.TraditionalOpenSSL,
	encryption_algorithm=serialization.NoEncryption()
	)
	cert_pem = certificate.public_bytes(serialization.Encoding.PEM)

	return (cert_pem, private_key_pem)

	if __name__ == '__main__':
	with open("test.cert.pem", 'wb') as f_cert, open("test.key.pem", 'wb') as f_key, open("test.ca.cert.pem", 'wb') as f_cacert, open("tes.ca.key.pem", 'wb') as f_cakey:
	our_ca_key, ca_cert = create_ca()
	f_cakey.write(our_ca_key.private_bytes(
	encoding=serialization.Encoding.PEM,
	format=serialization.PrivateFormat.TraditionalOpenSSL,
	encryption_algorithm=serialization.NoEncryption()
	))
	f_cacert.write(ca_cert.public_bytes(serialization.Encoding.PEM))
	cert, key = sign_cert(our_ca_key, ca_cert)
	f_cert.write(cert)
	f_key.write(key)