added notes and example code for 76 char wide pem

This commit is contained in:
Oscar Krause 2025-03-21 14:29:43 +01:00
parent 2dbb8f1a80
commit dec5760fb6
2 changed files with 47 additions and 4 deletions

File diff suppressed because one or more lines are too long

View File

@ -1,7 +1,7 @@
import json
from calendar import timegm
from datetime import datetime, UTC, timedelta
from textwrap import wrap
from cryptography import x509
from cryptography.hazmat._oid import NameOID
from cryptography.hazmat.primitives import serialization, hashes
@ -376,7 +376,7 @@ def test_our_config_token_with_our_key():
.add_extension(x509.SubjectAlternativeName([
x509.DNSName('4e53a171-103b-4946-9ed8-5f4c0ee750d9')
]), critical=False)
.sign(my_si_private_key, hashes.SHA256()))
.sign(my_ca_private_key, hashes.SHA256()))
my_si_public_key_exp = my_si_certificate.public_key().public_numbers().e
my_si_public_key_mod = f'{my_si_certificate.public_key().public_numbers().n:x}' # hex value without "0x" prefix
@ -403,6 +403,7 @@ def test_our_config_token_with_our_key():
"mod": hex(my_si_public_key.public_numbers().n)[2:],
"exp": int(my_si_public_key.public_numbers().e),
},
# 64 chars per line (pem default)
"service_instance_public_key_pem": my_si_public_key_as_pem.decode('utf-8').strip(),
"key_retention_mode": "LATEST_ONLY"
},
@ -411,10 +412,29 @@ def test_our_config_token_with_our_key():
my_sign_key = jwk.construct(my_si_private_key_as_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)
my_config_token = jws.sign(payload, key=my_sign_key, headers=None, algorithm=ALGORITHMS.RS256)
# generate a 76 char wide pem (does not work either, so this code can be removed)
response_ca_chain = my_ca_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8')
response_ca_chain = response_ca_chain.replace('-----BEGIN CERTIFICATE-----', '')
response_ca_chain = response_ca_chain.replace('-----END CERTIFICATE-----', '')
response_ca_chain = response_ca_chain.replace('\n', '')
response_ca_chain = wrap(response_ca_chain, 76)
response_ca_chain = '\r\n'.join(response_ca_chain)
response_ca_chain = f'-----BEGIN CERTIFICATE-----\r\n{response_ca_chain}\r\n-----END CERTIFICATE-----'
response_si_certificate = my_si_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8')
response_si_certificate = response_si_certificate.replace('-----BEGIN CERTIFICATE-----', '')
response_si_certificate = response_si_certificate.replace('-----END CERTIFICATE-----', '')
response_si_certificate = response_si_certificate.replace('\n', '')
response_si_certificate = wrap(response_si_certificate, 76)
response_si_certificate = '\r\n'.join(response_si_certificate)
response_si_certificate = f'-----BEGIN CERTIFICATE-----\r\n{response_si_certificate}\r\n-----END CERTIFICATE-----'
response = {
"certificateConfiguration": {
"caChain": [my_ca_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8').strip().replace('\n','\r\n')],
"publicCert": my_si_certificate.public_bytes(encoding=Encoding.PEM).decode('utf-8').strip().replace('\n','\r\n'),
# 76 chars per line
"caChain": [response_ca_chain],
# 76 chars per line
"publicCert": response_si_certificate,
"publicKey": {
"exp": int(my_si_certificate.public_key().public_numbers().e),
"mod": [hex(my_si_certificate.public_key().public_numbers().n)[2:]],