3 from __future__
import print_function
11 from cryptography
import x509
13 sys.stdout.write(
"\n\n\n*** You must install the python package 'cryptography' first. Run the command:\n\n" + \
14 " pip install cryptography\n\n" + \
15 "More details here: https://pypi.org/project/cryptography\n\n\n")
17 from cryptography.hazmat.primitives
import serialization
18 from cryptography.hazmat.primitives
import hashes
19 from cryptography.hazmat.primitives.asymmetric
import ec
20 from cryptography.hazmat
import backends
22 crypto_be = backends.default_backend()
25 CREDENTIAL_BASE_PATH = os.path.normpath(os.path.join(os.path.dirname(__file__),
'..',
'credentials'))
26 CREDENTIAL_PATH =
lambda filename : os.path.join(CREDENTIAL_BASE_PATH, filename).replace(
'\\',
'/')
28 SOURCE_BASE_PATH = os.path.normpath(os.path.join(os.path.dirname(__file__),
'..',
'..',
'cert_templates'))
29 SOURCE_PATH =
lambda filename : os.path.join(SOURCE_BASE_PATH, filename).replace(
'\\',
'/')
32 ROOT_CA_FILENAME_BASE =
'root-ca' 33 ROOT_CA_KEY_FILENAME = ROOT_CA_FILENAME_BASE +
'.key' 34 ROOT_CA_CERT_FILENAME = ROOT_CA_FILENAME_BASE +
'.crt' 36 SIGNER_CA_FILENAME_BASE =
'signer-ca' 37 SIGNER_CA_KEY_FILENAME = SIGNER_CA_FILENAME_BASE +
'.key' 38 SIGNER_CA_CSR_FILENAME = SIGNER_CA_FILENAME_BASE +
'.csr' 39 SIGNER_CA_CERT_FILENAME = SIGNER_CA_FILENAME_BASE +
'.crt' 40 SIGNER_CA_VER_CERT_FILENAME = SIGNER_CA_FILENAME_BASE +
'-verification.crt' 41 SIGNER_CA_C_FILENAME =
'cert_def_1_signer.c' 43 KIT_INFO_FILENAME =
'kit-info.json' 45 DEVICE_FILENAME_BASE =
'device' 46 DEVICE_CSR_FILENAME = DEVICE_FILENAME_BASE +
'.csr' 47 DEVICE_CSR_C_FILENAME =
'cert_def_3_device_csr.c' 49 DEVICE_CERT_FILENAME = DEVICE_FILENAME_BASE +
'.crt' 50 DEVICE_CERT_C_FILENAME =
'cert_def_2_device.c' 52 SERVER_FILENAME_BASE =
'test-server' 53 SERVER_KEY_FILENAME = SERVER_FILENAME_BASE +
'.key' 54 SERVER_CSR_FILENAME = SERVER_FILENAME_BASE +
'.csr' 55 SERVER_CERT_FILENAME = SERVER_FILENAME_BASE +
'.crt' 56 SERVER_CERT_CHAIN_FILENAME = SERVER_FILENAME_BASE +
'-chain.crt' 61 def load_or_create_key(filename, verbose=True):
62 file_path = CREDENTIAL_PATH(filename)
65 os.makedirs(os.path.dirname(file_path))
71 if os.path.isfile(file_path):
73 with open(file_path,
'rb')
as f:
75 print(
' Loading from ' + f.name)
76 priv_key = serialization.load_pem_private_key(
83 print(
' No key file found, generating new key')
84 priv_key = ec.generate_private_key(ec.SECP256R1(), crypto_be)
86 with open(file_path,
'wb')
as f:
88 print(
' Saving to ' + f.name)
89 pem_key = priv_key.private_bytes(
90 encoding=serialization.Encoding.PEM,
91 format=serialization.PrivateFormat.PKCS8,
92 encryption_algorithm=serialization.NoEncryption())
97 def random_cert_sn(size):
98 """Create a positive, non-trimmable serial number for X.509 certificates""" 99 raw_sn = bytearray(os.urandom(size))
100 raw_sn[0] = raw_sn[0] & 0x7F
101 raw_sn[0] = raw_sn[0] | 0x40
104 for i
in range(len(raw_sn)):
105 result = result * 256 + int(raw_sn[len(raw_sn) - i - 1])
110 def read_pem_cert(cert_path):
111 with open(cert_path,
'rb')
as f:
112 print(
' Loading from ' + f.name)
113 return x509.load_pem_x509_certificate(f.read(), crypto_be)
115 def pub_key_to_bytes(pub_key):
117 pub_nums = pub_key.public_numbers()
118 pubkey = bytearray(binascii.unhexlify(
'{:064x}'.format(pub_nums.x)))
119 pubkey.extend(binascii.unhexlify(
'{:064x}'.format(pub_nums.y)))