Skip to content

Commit 8124a88

Browse files
borrrdenborrrden
committed
Switch to appropriate TLS EC key
1 parent 1e9125b commit 8124a88

1 file changed

Lines changed: 9 additions & 6 deletions

File tree

client/src/cbltest/api/x509_certificate.py

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
from datetime import datetime, timedelta, timezone
22

3-
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
3+
from cryptography.hazmat.primitives import hashes
4+
from cryptography.hazmat.primitives.asymmetric import ec
45
from cryptography.hazmat.primitives.serialization import Encoding, NoEncryption, pkcs12
56
from cryptography.x509 import (
67
BasicConstraints,
@@ -18,7 +19,9 @@ class CertKeyPair:
1819
A class representing a certificate and its associated private key.
1920
"""
2021

21-
def __init__(self, certificate: Certificate, private_key: Ed25519PrivateKey):
22+
def __init__(
23+
self, certificate: Certificate, private_key: ec.EllipticCurvePrivateKey
24+
):
2225
self.certificate = certificate
2326
self.private_key = private_key
2427

@@ -44,7 +47,7 @@ def pem_bytes(self) -> bytes:
4447

4548

4649
def create_ca_certificate(CN: str) -> CertKeyPair:
47-
private_key = Ed25519PrivateKey.generate()
50+
private_key = ec.generate_private_key(ec.SECP256R1())
4851
cn_attribute = Name([NameAttribute(NameOID.COMMON_NAME, CN)])
4952
not_valid_before = datetime.now(timezone.utc)
5053
not_valid_after = not_valid_before + timedelta(days=1)
@@ -58,7 +61,7 @@ def create_ca_certificate(CN: str) -> CertKeyPair:
5861
.not_valid_before(not_valid_before)
5962
.not_valid_after(not_valid_after)
6063
.add_extension(BasicConstraints(ca=True, path_length=None), critical=True)
61-
.sign(private_key, None)
64+
.sign(private_key, hashes.SHA256())
6265
)
6366

6467
return CertKeyPair(ca_certificate, private_key)
@@ -67,7 +70,7 @@ def create_ca_certificate(CN: str) -> CertKeyPair:
6770
def create_leaf_certificate(
6871
CN: str, *, issuer_data: CertKeyPair | None = None
6972
) -> CertKeyPair:
70-
private_key = Ed25519PrivateKey.generate()
73+
private_key = ec.generate_private_key(ec.SECP256R1())
7174
cn_attribute = Name([NameAttribute(NameOID.COMMON_NAME, CN)])
7275
not_valid_before = datetime.now(timezone.utc)
7376
not_valid_after = not_valid_before + timedelta(days=1)
@@ -82,7 +85,7 @@ def create_leaf_certificate(
8285
.serial_number(random_serial_number())
8386
.not_valid_before(not_valid_before)
8487
.not_valid_after(not_valid_after)
85-
.sign(signing_key, None)
88+
.sign(signing_key, hashes.SHA256())
8689
)
8790

8891
return CertKeyPair(leaf_certificate, private_key)

0 commit comments

Comments
 (0)