In [7]:
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
import datetime

def generate_certificate():
    """Generates an RSA key pair and a self-signed X.509 certificate."""

    # Step 1: Generate Private Key
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=2048
    )

    # Step 2: Generate Public Key
    public_key = private_key.public_key()

    # Step 3: Create Certificate Builder
    subject = issuer = x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "California"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MyCompany"),
        x509.NameAttribute(NameOID.COMMON_NAME, "mycompany.com"),
    ])

    certificate = (
        x509.CertificateBuilder()
        .subject_name(subject)
        .issuer_name(issuer)
        .public_key(public_key)
        .serial_number(x509.random_serial_number())
        .not_valid_before(datetime.datetime.utcnow())
        .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))
        .add_extension(
            x509.BasicConstraints(ca=True, path_length=None), critical=True
        )
        .sign(private_key, hashes.SHA256())
    )

    # Step 4: Write Private Key to File
    with open("private_key.pem", "wb") as f:
        f.write(private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption()
        ))

    # Step 5: Write Certificate to File
    with open("certificate.pem", "wb") as f:
        f.write(certificate.public_bytes(serialization.Encoding.PEM))

    print("Certificate and private key generated successfully!")

def verify_certificate(cert_file):
    """Verifies a certificate using its public key."""

def verify_certificate(cert_file):
    """Verifies a certificate using its public key."""

    # Step 1: Load Certificate
    with open(cert_file, "rb") as f:
        cert = x509.load_pem_x509_certificate(f.read())

    # Step 2: Get Public Key
    public_key = cert.public_key()

    # Step 3: Verify the Certificate's Signature
    try:
        public_key.verify(
            cert.signature,
            cert.tbs_certificate_bytes,
            padding.PKCS1v15(),  # Explicitly specify padding
            cert.signature_hash_algorithm
        )
        print("Certificate is valid and verified successfully!")
    except Exception as e:
        print("Certificate verification failed:", e)

if __name__ == "__main__":
    generate_certificate()
    verify_certificate("certificate.pem")

Certificate and private key generated successfully!
Certificate is valid and verified successfully!
