(private_key=None, algorithm=hashes.SHA256())
| 41 | |
| 42 | |
| 43 | def _generate_root(private_key=None, algorithm=hashes.SHA256()): |
| 44 | from cryptography.hazmat.backends.openssl.backend import backend |
| 45 | |
| 46 | if private_key is None: |
| 47 | private_key = EC_KEY_SECP256R1.private_key(backend) |
| 48 | |
| 49 | subject = x509.Name( |
| 50 | [ |
| 51 | x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "US"), |
| 52 | x509.NameAttribute(x509.NameOID.COMMON_NAME, "Cryptography CA"), |
| 53 | ] |
| 54 | ) |
| 55 | |
| 56 | builder = ( |
| 57 | x509.CertificateBuilder() |
| 58 | .serial_number(123456789) |
| 59 | .issuer_name(subject) |
| 60 | .subject_name(subject) |
| 61 | .public_key(private_key.public_key()) |
| 62 | .not_valid_before(datetime.datetime.now()) |
| 63 | .not_valid_after( |
| 64 | datetime.datetime.now() + datetime.timedelta(days=3650) |
| 65 | ) |
| 66 | ) |
| 67 | |
| 68 | cert = builder.sign(private_key, algorithm, backend) |
| 69 | return cert, private_key |
| 70 | |
| 71 | |
| 72 | def _check_ocsp_response_times( |
no test coverage detected