from pygost.asn1schemas.oids import id_at_commonName
from pygost.asn1schemas.oids import id_ce_authorityKeyIdentifier
from pygost.asn1schemas.oids import id_ce_basicConstraints
+from pygost.asn1schemas.oids import id_ce_keyUsage
from pygost.asn1schemas.oids import id_ce_subjectAltName
from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
from pygost.asn1schemas.x509 import GeneralName
from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
from pygost.asn1schemas.x509 import KeyIdentifier
+from pygost.asn1schemas.x509 import KeyUsage
from pygost.asn1schemas.x509 import Name
from pygost.asn1schemas.x509 import RDNSequence
from pygost.asn1schemas.x509 import RelativeDistinguishedName
))
])))
not_before = datetime.utcnow()
-not_after = not_before + timedelta(days=365)
+not_after = not_before + timedelta(days=365 * (10 if args.ca else 1))
ai_sign = AlgorithmIdentifier((
("algorithm", (ai if ca_ai is None else ca_ai)["sign_algorithm"]),
))
("extnID", id_ce_basicConstraints),
("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())),
)))
+ exts.append(Extension((
+ ("extnID", id_ce_keyUsage),
+ ("extnValue", OctetString(KeyUsage(("keyCertSign",)).encode())),
+ )))
if ca_ai is not None:
caKeyId = [
bytes(SubjectKeyIdentifier().decod(bytes(ext["extnValue"])))