From f24fd4afc7233df175fe00d1492fd3dbb0c52ad8 Mon Sep 17 00:00:00 2001
From: hysuh <yuvika.suvarna@gmail.com>
Date: Sat, 30 Aug 2014 16:33:22 +0100
Subject: [PATCH] Added comments and defined constants

---
 examples/mk_simple_certs.py | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/examples/mk_simple_certs.py b/examples/mk_simple_certs.py
index 9dfdd2ed5..3098beeea 100644
--- a/examples/mk_simple_certs.py
+++ b/examples/mk_simple_certs.py
@@ -3,15 +3,30 @@
 """
 
 from OpenSSL import crypto
-from certgen import *   # yes yes, I know, I'm lazy
-cakey = createKeyPair(TYPE_RSA, 1024)
+from certgen import createKeyPair, createCertRequest, createCertificate, \
+                    TYPE_RSA, TYPE_DSA
+
+FIVE_YEARS = 60*60*24*365*5
+BIT_LENGTH = 1024
+
+serial_number = 0
+# Create a self signed CA certificate
+cakey = createKeyPair(TYPE_RSA, BIT_LENGTH)
 careq = createCertRequest(cakey, CN='Certificate Authority')
-cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5)) # five years
-open('simple/CA.pkey', 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey))
-open('simple/CA.cert', 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
+cacert = createCertificate(careq, (careq, cakey), serial_number, (0, FIVE_YEARS))
+serial_number += 1
+with open('simple/CA.pkey', 'w') as f:
+    f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey))
+with open('simple/CA.cert', 'w') as f:
+    f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
+
+# Create the server and client certificate signed by the CA created above
 for (fname, cname) in [('client', 'Simple Client'), ('server', 'Simple Server')]:
-    pkey = createKeyPair(TYPE_RSA, 1024)
+    pkey = createKeyPair(TYPE_RSA, BIT_LENGTH)
     req = createCertRequest(pkey, CN=cname)
-    cert = createCertificate(req, (cacert, cakey), 1, (0, 60*60*24*365*5)) # five years
-    open('simple/%s.pkey' % (fname,), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
-    open('simple/%s.cert' % (fname,), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+    cert = createCertificate(req, (cacert, cakey), serial_number, (0, FIVE_YEARS))
+    serial_number += 1
+    with open('simple/%s.pkey' % (fname,), 'w') as f:
+        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+    with open('simple/%s.cert' % (fname,), 'w') as f:
+        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))