Added basicConstraints, nsCertType and subjectKeyIdentifier in GenCert.

decryptus · Dec 12, 2020 · 9313704 · 9313704
1 parent e59f254
commit 9313704
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 26 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,9 @@
+python-sonicprobe (0.3.36) unstable; urgency=medium
+
+  * Added basicConstraints, nsCertType and subjectKeyIdentifier in GenCert.
+
+ -- Adrien DELLE CAVE (Decryptus) <adc@doowan.net>  Sat, 12 Dec 2020 09:52:33 +0100
+
 python-sonicprobe (0.3.35) unstable; urgency=medium
 
   * Added subjectAltName, keyUsage and extendedKeyUsage in GenCert.

diff --git a/RELEASE b/RELEASE
@@ -1 +1 @@
-0.3.35
+0.3.36
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.3.35
+0.3.36
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-httpdis>=0.6.16
+httpdis>=0.6.18
 pyOpenSSL
 python-magic
 psutil>=2.1

diff --git a/setup.yml b/setup.yml
@@ -4,8 +4,8 @@ description: sonicprobe
 author: Adrien Delle Cave
 author_email: pypi@doowan.net
 copyright: '2020 Adrien Delle Cave'
-release: '0.3.35'
-version: '0.3.35'
+release: '0.3.36'
+version: '0.3.36'
 license: License GPL-3
 url: https://github.com/decryptus/sonicprobe
 python_requires:

diff --git a/sonicprobe/libs/gencert.py b/sonicprobe/libs/gencert.py
@@ -96,7 +96,7 @@ def make_privatekey(self, export_file=False):
             f.close()
         return pkey
 
-    def make_certreq(self, pkey, attributes, export_file=False, san=None, key_usage=None, extended_key_usage=None):
+    def make_certreq(self, pkey, attributes, export_file=False, ca_crt=None, **kwargs):
         csr     = crypto.X509Req()
         subject = csr.get_subject()
         for key, value in iteritems(attributes):
@@ -105,26 +105,20 @@ def make_certreq(self, pkey, attributes, export_file=False, san=None, key_usage=
 
         extensions = []
 
-        if san:
-            altnames = ', '.join(san)
-            extensions.append(crypto.X509Extension(
-                ensure_binary('subjectAltName'),
-                False,
-                ensure_binary(altnames, encoding = 'ascii')))
-
-        if key_usage:
-            usages = '. '.join(key_usage)
-            extensions.append(crypto.X509Extension(
-                ensure_binary('keyUsage'),
-                False,
-                ensure_binary(usages, encoding = 'ascii')))
-
-        if extended_key_usage:
-            usages = '. '.join(extended_key_usage)
-            extensions.append(crypto.X509Extension(
-                ensure_binary('extendedKeyUsage'),
-                False,
-                ensure_binary(usages, encoding = 'ascii')))
+        for x in ('basicConstraints', 'keyUsage', 'extendedKeyUsage', 'subjectAltName', 'nsCertType'):
+            if x in kwargs:
+                extensions.append(crypto.X509Extension(
+                    ensure_binary(x),
+                    False,
+                    ensure_binary(', '.join(kwargs[x]), encoding = 'ascii')))
+
+        if ca_crt:
+            if 'subjectKeyIdentifier' in kwargs:
+                extensions.append(crypto.X509Extension(
+                    ensure_binary('subjectKeyIdentifier'),
+                    False,
+                    ensure_binary(', '.join(kwargs['subjectKeyIdentifier']), encoding = 'ascii'),
+                    subject = ca_crt))
 
         if extensions:
             csr.add_extensions(extensions)