MCPcopy
hub / github.com/pyca/cryptography / _generate_ca_and_leaf

Function _generate_ca_and_leaf

tests/x509/test_x509.py:92–138  ·  view source on GitHub ↗
(
    issuer_private_key: types.CertificateIssuerPrivateKeyTypes,
    subject_private_key: types.CertificateIssuerPrivateKeyTypes,
)

Source from the content-addressed store, hash-verified

90
91
92def _generate_ca_and_leaf(
93 issuer_private_key: types.CertificateIssuerPrivateKeyTypes,
94 subject_private_key: types.CertificateIssuerPrivateKeyTypes,
95):
96 if isinstance(
97 issuer_private_key,
98 (
99 ed25519.Ed25519PrivateKey,
100 ed448.Ed448PrivateKey,
101 mldsa.MLDSA44PrivateKey,
102 mldsa.MLDSA65PrivateKey,
103 mldsa.MLDSA87PrivateKey,
104 ),
105 ):
106 hash_alg = None
107 else:
108 hash_alg = hashes.SHA256()
109
110 builder = (
111 x509.CertificateBuilder()
112 .subject_name(
113 x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")])
114 )
115 .issuer_name(
116 x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")])
117 )
118 .public_key(issuer_private_key.public_key())
119 .serial_number(1)
120 .not_valid_before(datetime.datetime(2020, 1, 1))
121 .not_valid_after(datetime.datetime(2030, 1, 1))
122 )
123 ca = builder.sign(issuer_private_key, hash_alg)
124 builder = (
125 x509.CertificateBuilder()
126 .subject_name(
127 x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "leaf")])
128 )
129 .issuer_name(
130 x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "PyCA CA")])
131 )
132 .public_key(subject_private_key.public_key())
133 .serial_number(100)
134 .not_valid_before(datetime.datetime(2020, 1, 1))
135 .not_valid_after(datetime.datetime(2025, 1, 1))
136 )
137 cert = builder.sign(issuer_private_key, hash_alg)
138 return ca, cert
139
140
141def _break_cert_sig(cert: x509.Certificate) -> x509.Certificate:

Calls 7

not_valid_afterMethod · 0.80
not_valid_beforeMethod · 0.80
serial_numberMethod · 0.45
public_keyMethod · 0.45
issuer_nameMethod · 0.45
subject_nameMethod · 0.45
signMethod · 0.45

Tested by

no test coverage detected