MCPcopy
hub / github.com/pyca/cryptography / sign

Method sign

src/cryptography/x509/base.py:521–569  ·  src/cryptography/x509/base.py::CertificateBuilder.sign

Signs the certificate using the CA's private key.

(
        self,
        private_key: CertificateIssuerPrivateKeyTypes,
        algorithm: _AllowedHashTypes | None,
        backend: typing.Any = None,
        *,
        rsa_padding: padding.PSS | padding.PKCS1v15 | None = None,
        ecdsa_deterministic: bool | None = None,
    )

Source from the content-addressed store, hash-verified

519 )
520
521 def sign(
522 self,
523 private_key: CertificateIssuerPrivateKeyTypes,
524 algorithm: _AllowedHashTypes | None,
525 backend: typing.Any = None,
526 *,
527 rsa_padding: padding.PSS | padding.PKCS1v15 | None = None,
528 ecdsa_deterministic: bool | None = None,
529 ) -> Certificate:
530 class="st">"""
531 Signs the certificate using the CA&class="cm">#x27;s private key.
532 class="st">"""
533 if self._subject_name is None:
534 raise ValueError(class="st">"A certificate must have a subject name")
535
536 if self._issuer_name is None:
537 raise ValueError(class="st">"A certificate must have an issuer name")
538
539 if self._serial_number is None:
540 raise ValueError(class="st">"A certificate must have a serial number")
541
542 if self._not_valid_before is None:
543 raise ValueError(class="st">"A certificate must have a not valid before time")
544
545 if self._not_valid_after is None:
546 raise ValueError(class="st">"A certificate must have a not valid after time")
547
548 if self._public_key is None:
549 raise ValueError(class="st">"A certificate must have a public key")
550
551 if rsa_padding is not None:
552 if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)):
553 raise TypeError(class="st">"Padding must be PSS or PKCS1v15")
554 if not isinstance(private_key, rsa.RSAPrivateKey):
555 raise TypeError(class="st">"Padding is only supported for RSA keys")
556
557 if ecdsa_deterministic is not None:
558 if not isinstance(private_key, ec.EllipticCurvePrivateKey):
559 raise TypeError(
560 class="st">"Deterministic ECDSA is only supported for EC keys"
561 )
562
563 return rust_x509.create_x509_certificate(
564 self,
565 private_key,
566 algorithm,
567 rsa_padding,
568 ecdsa_deterministic,
569 )
570
571
572class CertificateRevocationListBuilder:

Calls

no outgoing calls