X-Git-Url: http://www.git.cypherpunks.ru/?p=pygost.git;a=blobdiff_plain;f=pygost%2Fasn1schemas%2Fcert-selfsigned-example.py;h=df832ba4fe07fd408d47dde12584efeb00d68340;hp=1f505aae09e9e327fa9a2ea407690715634b6224;hb=0a222bc1e121d463351d0c259a403c3e8d331e60;hpb=9d164d4752669895c45db4770309e5815498ff1e diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py index 1f505aa..df832ba 100755 --- a/pygost/asn1schemas/cert-selfsigned-example.py +++ b/pygost/asn1schemas/cert-selfsigned-example.py @@ -22,6 +22,7 @@ from pyderasn import UTCTime from pygost.asn1schemas.oids import id_at_commonName from pygost.asn1schemas.oids import id_ce_authorityKeyIdentifier from pygost.asn1schemas.oids import id_ce_basicConstraints +from pygost.asn1schemas.oids import id_ce_keyUsage from pygost.asn1schemas.oids import id_ce_subjectAltName from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256 @@ -51,6 +52,7 @@ from pygost.asn1schemas.x509 import Extensions from pygost.asn1schemas.x509 import GeneralName from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters from pygost.asn1schemas.x509 import KeyIdentifier +from pygost.asn1schemas.x509 import KeyUsage from pygost.asn1schemas.x509 import Name from pygost.asn1schemas.x509 import RDNSequence from pygost.asn1schemas.x509 import RelativeDistinguishedName @@ -211,7 +213,7 @@ subj = Name(("rdnSequence", RDNSequence([ )) ]))) not_before = datetime.utcnow() -not_after = not_before + timedelta(days=365) +not_after = not_before + timedelta(days=365 * (10 if args.ca else 1)) ai_sign = AlgorithmIdentifier(( ("algorithm", (ai if ca_ai is None else ca_ai)["sign_algorithm"]), )) @@ -237,6 +239,10 @@ if args.ca: ("extnID", id_ce_basicConstraints), ("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())), ))) + exts.append(Extension(( + ("extnID", id_ce_keyUsage), + ("extnValue", OctetString(KeyUsage(("keyCertSign",)).encode())), + ))) if ca_ai is not None: caKeyId = [ bytes(SubjectKeyIdentifier().decod(bytes(ext["extnValue"])))