from pygost.asn1schemas.oids import id_at_commonName
from pygost.asn1schemas.oids import id_ce_authorityKeyIdentifier
from pygost.asn1schemas.oids import id_ce_basicConstraints
+from pygost.asn1schemas.oids import id_ce_keyUsage
from pygost.asn1schemas.oids import id_ce_subjectAltName
from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
from pygost.asn1schemas.x509 import GeneralName
from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
from pygost.asn1schemas.x509 import KeyIdentifier
+from pygost.asn1schemas.x509 import KeyUsage
from pygost.asn1schemas.x509 import Name
from pygost.asn1schemas.x509 import RDNSequence
from pygost.asn1schemas.x509 import RelativeDistinguishedName
))
])))
not_before = datetime.utcnow()
-not_after = not_before + timedelta(days=365)
+not_after = not_before + timedelta(days=365 * (10 if args.ca else 1))
ai_sign = AlgorithmIdentifier((
("algorithm", (ai if ca_ai is None else ca_ai)["sign_algorithm"]),
))
("extnID", id_ce_basicConstraints),
("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())),
)))
+ exts.append(Extension((
+ ("extnID", id_ce_keyUsage),
+ ("extnValue", OctetString(KeyUsage(("keyCertSign",)).encode())),
+ )))
if ca_ai is not None:
caKeyId = [
bytes(SubjectKeyIdentifier().decod(bytes(ext["extnValue"])))
id_at_commonName = ObjectIdentifier("2.5.4.3")
id_ce_basicConstraints = ObjectIdentifier("2.5.29.19")
id_ce_subjectKeyIdentifier = ObjectIdentifier("2.5.29.14")
+id_ce_keyUsage = ObjectIdentifier("2.5.29.15")
id_ce_subjectAltName = ObjectIdentifier("2.5.29.17")
id_ce_authorityKeyIdentifier = ObjectIdentifier("2.5.29.35")
# CertificateSerialNumber(impl=tag_ctxp(2), optional=True),
# ),
)
+
+
+class KeyUsage(BitString):
+ schema = (
+ ("digitalSignature", 0),
+ ("nonRepudiation", 1),
+ ("keyEncipherment", 2),
+ ("dataEncipherment", 3),
+ ("keyAgreement", 4),
+ ("keyCertSign", 5),
+ ("cRLSign", 6),
+ ("encipherOnly", 7),
+ ("decipherOnly", 8),
+ )