(
issuer_private_key: types.CertificateIssuerPrivateKeyTypes,
subject_private_key: types.CertificateIssuerPrivateKeyTypes,
)
| 90 | |
| 91 | |
| 92 | def _generate_ca_and_leaf( |
| 93 | issuer_private_key: types.CertificateIssuerPrivateKeyTypes, |
| 94 | subject_private_key: types.CertificateIssuerPrivateKeyTypes, |
| 95 | ): |
| 96 | if isinstance( |
| 97 | issuer_private_key, |
| 98 | ( |
| 99 | ed25519.Ed25519PrivateKey, |
| 100 | ed448.Ed448PrivateKey, |
| 101 | mldsa.MLDSA44PrivateKey, |
| 102 | mldsa.MLDSA65PrivateKey, |
| 103 | mldsa.MLDSA87PrivateKey, |
| 104 | ), |
| 105 | ): |
| 106 | hash_alg = None |
| 107 | else: |
| 108 | hash_alg = hashes.SHA256() |
| 109 | |
| 110 | builder = ( |
| 111 | x509.CertificateBuilder() |
| 112 | .subject_name( |
| 113 | x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")]) |
| 114 | ) |
| 115 | .issuer_name( |
| 116 | x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")]) |
| 117 | ) |
| 118 | .public_key(issuer_private_key.public_key()) |
| 119 | .serial_number(1) |
| 120 | .not_valid_before(datetime.datetime(2020, 1, 1)) |
| 121 | .not_valid_after(datetime.datetime(2030, 1, 1)) |
| 122 | ) |
| 123 | ca = builder.sign(issuer_private_key, hash_alg) |
| 124 | builder = ( |
| 125 | x509.CertificateBuilder() |
| 126 | .subject_name( |
| 127 | x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "leaf")]) |
| 128 | ) |
| 129 | .issuer_name( |
| 130 | x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")]) |
| 131 | ) |
| 132 | .public_key(subject_private_key.public_key()) |
| 133 | .serial_number(100) |
| 134 | .not_valid_before(datetime.datetime(2020, 1, 1)) |
| 135 | .not_valid_after(datetime.datetime(2025, 1, 1)) |
| 136 | ) |
| 137 | cert = builder.sign(issuer_private_key, hash_alg) |
| 138 | return ca, cert |
| 139 | |
| 140 | |
| 141 | def _break_cert_sig(cert: x509.Certificate) -> x509.Certificate: |
no test coverage detected