demo/secure_element/resources/generation_scripts/create_root

 
 from __future__ import print_function
 
 from secure_element_common import *
 import os
 import traceback
 import datetime
 import optparse
 
 
 
 ''' ******************************************************************************************* '''
 def create_root_ca():
     # Delete all old credentials first
     print('\nDeleting old credentials')
     for name in os.listdir(CREDENTIAL_BASE_PATH):
         if name.startswith('.'):
             continue
         
         os.remove(CREDENTIAL_PATH(name))
     
     
     # Create or load a root CA key pair
     print('\nLoading root CA key')
     root_ca_priv_key = load_or_create_key(ROOT_CA_KEY_FILENAME)
 
     # Create root CA certificate
     print('\nGenerating self-signed root CA certificate')
     builder = x509.CertificateBuilder()
     builder = builder.serial_number(random_cert_sn(16))
     # Please note that the name of the root CA is also part of the signer certificate.
     # If this changes then you must re-generate the signer certificate and device certificate.
     builder = builder.issuer_name(x509.Name([
         x509.NameAttribute(x509.oid.NameOID.ORGANIZATION_NAME, u'Example Inc'),
         x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, u'Example Root CA')]))
     builder = builder.not_valid_before(datetime.datetime.now(tz=pytz.utc))
     builder = builder.not_valid_after(builder._not_valid_before.replace(year=builder._not_valid_before.year + 25))
     builder = builder.subject_name(builder._issuer_name)
     builder = builder.public_key(root_ca_priv_key.public_key())
     builder = builder.add_extension(
         x509.SubjectKeyIdentifier.from_public_key(root_ca_priv_key.public_key()),
         critical=False)
     builder = builder.add_extension(
         x509.BasicConstraints(ca=True, path_length=None),
         critical=True)
     # Self-sign certificate
     root_ca_cert = builder.sign(
         private_key=root_ca_priv_key,
         algorithm=hashes.SHA256(),
         backend=crypto_be)
 
     # Write root CA certificate to file
     with open(CREDENTIAL_PATH(ROOT_CA_CERT_FILENAME), 'wb') as f:
         print('    Saving to ' + f.name)
         f.write(root_ca_cert.public_bytes(encoding=serialization.Encoding.PEM))
 
     print('\nDone')
 
 
 
 
 
 ''' ******************************************************************************************* '''
 if __name__ == '__main__':
     parser = optparse.OptionParser(description='Generates a self-signed CA certificate')
     parser.parse_args()
     
     try:
         create_root_ca()
     except Exception as e:
         traceback.print_exc()
         print(e)
     
demo/secure_element/resources/generation_scripts/create_root_ca.py
