2 from __future__
import print_function
4 from secure_element_common
import *
12 ''' ******************************************************************************************* ''' 15 print(
'\nDeleting old credentials')
16 for name
in os.listdir(CREDENTIAL_BASE_PATH):
17 if name.startswith(
'.'):
20 os.remove(CREDENTIAL_PATH(name))
24 print(
'\nLoading root CA key')
25 root_ca_priv_key = load_or_create_key(ROOT_CA_KEY_FILENAME)
28 print(
'\nGenerating self-signed root CA certificate')
29 builder = x509.CertificateBuilder()
30 builder = builder.serial_number(random_cert_sn(16))
33 builder = builder.issuer_name(x509.Name([
34 x509.NameAttribute(x509.oid.NameOID.ORGANIZATION_NAME,
u'Example Inc'),
35 x509.NameAttribute(x509.oid.NameOID.COMMON_NAME,
u'Example Root CA')]))
36 builder = builder.not_valid_before(datetime.datetime.now(tz=pytz.utc))
37 builder = builder.not_valid_after(builder._not_valid_before.replace(year=builder._not_valid_before.year + 25))
38 builder = builder.subject_name(builder._issuer_name)
39 builder = builder.public_key(root_ca_priv_key.public_key())
40 builder = builder.add_extension(
41 x509.SubjectKeyIdentifier.from_public_key(root_ca_priv_key.public_key()),
43 builder = builder.add_extension(
44 x509.BasicConstraints(ca=
True, path_length=
None),
47 root_ca_cert = builder.sign(
48 private_key=root_ca_priv_key,
49 algorithm=hashes.SHA256(),
53 with open(CREDENTIAL_PATH(ROOT_CA_CERT_FILENAME),
'wb')
as f:
54 print(
' Saving to ' + f.name)
55 f.write(root_ca_cert.public_bytes(encoding=serialization.Encoding.PEM))
63 ''' ******************************************************************************************* ''' 64 if __name__ ==
'__main__':
65 parser = optparse.OptionParser(description=
'Generates a self-signed CA certificate')
70 except Exception
as e: