Code source de mathenjeu.cli.openssl

"""
Starts an app locally to test it.


:githublink:`%|py|5`
"""
from OpenSSL import crypto



[docs]def create_self_signed_cert(keyfile="key.pem", certfile="cert.pem",
                            country='FR', state='Paris', location='Paris',
                            organization='mathenjeu', cn='mathenjeu',
                            organizational_unit_name=None,
                            email=None, size=4096, days=365, algo="sha256",
                            fLOG=print):
    """
    Creates a signed certificate.

    :param keyfile: key file
    :param certfile: certificate file
    :param country: country
    :param state: state
    :param location: location
    :param cn: common name
    :param organization: organization
    :param organizational_unit_name: organizational unit name (can be empty)
    :param email: email (can be empty)
    :param size: key size
    :param days: days it is valid
    :param algo: algorithm
    :param fLOG: logging function

    See also `How to generate a certificate using pyOpenSSL to make it secure connection?
    <https://stackoverflow.com/questions/44055029/how-to-generate-a-certificate-using-pyopenssl-to-make-it-secure-connection>`_,
    `How to serve HTTP/2 using Python
    <https://medium.com/python-pandemonium/how-to-serve-http-2-using-python-5e5bbd1e7ff1>`_.

    .. cmdref::
        :title: Creates a signed certificate
        :cmd: -m mathenjeu create_self_signed_cert --help

        The command line creates a certificate used later by
        a service such as :epkg:`hypercorn` or :epkg:`waitress`.
        Example::

            python -m mathenjeu create_self_signed_cert --keyfile=key.pem --certfile=cert.pem


    :githublink:`%|py|45`
    """
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_RSA, size)

    cert = crypto.X509()

    cert.get_subject().C = country
    cert.get_subject().ST = state
    cert.get_subject().L = location
    cert.get_subject().O = organization
    if organizational_unit_name:
        cert.get_subject().OU = organizational_unit_name
    cert.get_subject().CN = cn
    if email:
        cert.get_subject().emailAddress = email

    cert.set_serial_number(1000)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(5 * days * 24 * 60 * 60)
    cert.set_issuer(cert.get_subject())
    cert.set_pubkey(k)
    cert.sign(k, 'sha256')

    with open(certfile, 'wb') as f:
        if fLOG:
            fLOG("[create_self_signed_cert] create '{0}'".format(certfile))
        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))

    with open(keyfile, 'wb') as f:
        if fLOG:
            fLOG("[create_self_signed_cert] create '{0}'".format(keyfile))
        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))