CertificateSigningRequest

CertificateSigningRequest ¶

Bases: InitCryptoParser

Represents a certificate signing request (CSR).

Attributes:

subject (Name) –

The subject of the CSR.
public_key (Optional[CryptoPublicKey]) –

Public key associated with the CSR.
extensions (Optional[Extensions]) –

Extensions associated with the CSR.
attributes (Optional[Dict[str, bytes]]) –

Attributes of the CSR.
signature_algorithm (Optional[SignatureAlgorithm]) –

Signature algorithm used while signing the CSR.

Examples¶

Create CSR¶

from pki_tools import (
    Name,
    CertificateSigningRequest,
    RSAKeyPair,
    SHA512,
)

name = Name(cn=["Cert CN"])

csr = CertificateSigningRequest(subject=name)

csr.sign(RSAKeyPair.generate(), SHA512)

print(csr.pem_string)

Print output

InitCryptoParser.from_pem_string ¶

csr_pem

csr_pem = """
-----BEGIN CERTIFICATE REQUEST-----
MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHQ2VydCBDTjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANOiYxJDZFLSPUpA98CtuDN4fL7UfQNIDrpqZJ4paQ6i
YmkU1fFIjM/PtfCAPycV66JUOd0pVFQMajmZCaF0wfo6WONuhbqYlTojfUxD1l5S
B9V9afhZqXt9L5AvHO6gf8bo6wHWGVtAL+FjYEa16BFwTiAqaFfXvRBcbgaAM2DD
t5dmrYyOysAR0m6T5AkS2TANO4/+TF+cqIhHwwMc4PRDQigGTMwYgOa30qq7Cmn2
tnxFogjG1y3YhsuagIxUJHkCLEdY+Oizr2UTD8OM57UXrrrQ90yAmqfsSiBQ1p2A
OJ9HCdzhsVIi1pneW3aR7hTBzxyVtDTrB8Uw817YBX8CAwEAAaAAMA0GCSqGSIb3
DQEBDQUAA4IBAQCoSEXDN9LObJnU+jpslg9IwciERem1kKjkkU5JHpX1ke9+8su/
qbFv8LUkwmmz09IQgQfYqaUJiMkuRwP9QX07o+0TJlMiog1XssCk3M/tJLDKjRSW
auf4eI7124lv2LToRxOq7F5RWnnE5T4mAYlrcNgmjrJXQo8NcYhQrvAr2mRe3BaG
4n15VU4agfO9VB6DYE4tziiwsmiZTt3RAXM+GQ+uqnKz8gMyBgUxx+J6dmTO3RA0
E4/OFGv5Ujtx7iXFWxaiU2xbuWhsgB9KkcBMvKw53h2P+Src4aQxqPnpqc1+NtCL
e59skp82bFTb8z71rtulJCrB5wVwmKu0vZRM
-----END CERTIFICATE REQUEST-----
"""

from pki_tools import CertificateSigningRequest

csr = CertificateSigningRequest.from_pem_string(csr_pem)

print(csr)

Print output

---
Certificate Signing Request:
  Public Key:
    key_size: '2048'
    modulus_n: |-
      26716358360742544711136558712918138457090578197784896616128362330453217873912769
      38973797190331477144533828320851286368308484453249053131491260959451466856446960
      43548112812652207234421352848628686980164413725264941098222269514216721188716622
      65590866097496954872762228616694151448613403733748380224855089049580564759153027
      66988474416809383902060297278802743411877979695292402720989981535491788799402318
      64116191530708924188357355511896332177591494948825032722689481817669730807125787
      41796163550115211562638399475127977459029514421310873620145663150204828820938017
      426289749515165066297784261832441262414445871314870207871
    public_exponent_e: '65537'
  Subject: 'CN: Cert CN'
Extensions: {}
Signature Algorithm: SHA512

InitCryptoParser.from_file ¶

csr.pem

from pki_tools import CertificateSigningRequest

csr = CertificateSigningRequest.from_file("csr.pem")

print(csr)

Print output

---
Certificate Signing Request:
  Public Key:
    key_size: '2048'
    modulus_n: |-
      26716358360742544711136558712918138457090578197784896616128362330453217873912769
      38973797190331477144533828320851286368308484453249053131491260959451466856446960
      43548112812652207234421352848628686980164413725264941098222269514216721188716622
      65590866097496954872762228616694151448613403733748380224855089049580564759153027
      66988474416809383902060297278802743411877979695292402720989981535491788799402318
      64116191530708924188357355511896332177591494948825032722689481817669730807125787
      41796163550115211562638399475127977459029514421310873620145663150204828820938017
      426289749515165066297784261832441262414445871314870207871
    public_exponent_e: '65537'
  Subject: 'CN: Cert CN'
Extensions: {}
Signature Algorithm: SHA512

InitCryptoParser.to_file ¶

chain_pem

csr_pem = """
-----BEGIN CERTIFICATE REQUEST-----
MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHQ2VydCBDTjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANOiYxJDZFLSPUpA98CtuDN4fL7UfQNIDrpqZJ4paQ6i
YmkU1fFIjM/PtfCAPycV66JUOd0pVFQMajmZCaF0wfo6WONuhbqYlTojfUxD1l5S
B9V9afhZqXt9L5AvHO6gf8bo6wHWGVtAL+FjYEa16BFwTiAqaFfXvRBcbgaAM2DD
t5dmrYyOysAR0m6T5AkS2TANO4/+TF+cqIhHwwMc4PRDQigGTMwYgOa30qq7Cmn2
tnxFogjG1y3YhsuagIxUJHkCLEdY+Oizr2UTD8OM57UXrrrQ90yAmqfsSiBQ1p2A
OJ9HCdzhsVIi1pneW3aR7hTBzxyVtDTrB8Uw817YBX8CAwEAAaAAMA0GCSqGSIb3
DQEBDQUAA4IBAQCoSEXDN9LObJnU+jpslg9IwciERem1kKjkkU5JHpX1ke9+8su/
qbFv8LUkwmmz09IQgQfYqaUJiMkuRwP9QX07o+0TJlMiog1XssCk3M/tJLDKjRSW
auf4eI7124lv2LToRxOq7F5RWnnE5T4mAYlrcNgmjrJXQo8NcYhQrvAr2mRe3BaG
4n15VU4agfO9VB6DYE4tziiwsmiZTt3RAXM+GQ+uqnKz8gMyBgUxx+J6dmTO3RA0
E4/OFGv5Ujtx7iXFWxaiU2xbuWhsgB9KkcBMvKw53h2P+Src4aQxqPnpqc1+NtCL
e59skp82bFTb8z71rtulJCrB5wVwmKu0vZRM
-----END CERTIFICATE REQUEST-----
"""

from pki_tools import CertificateSigningRequest

csr = CertificateSigningRequest.from_pem_string(csr_pem)

csr.to_file("out_csr.pem")

out_cert.pem

tbs_bytes `property` ¶

tbs_bytes: bytes

Get the bytes to be signed of the CSR.

Returns:	`bytes` – TBS bytes of the CSR.

from_cryptography `classmethod` ¶

from_cryptography(crypto_csr: x509.CertificateSigningRequest) -> CertificateSigningRequest

Create a CertificateSigningRequest object from a cryptography CertificateSigningRequest.

Parameters:	`crypto_csr` (`x509.CertificateSigningRequest`) – Cryptography CertificateSigningRequest.

Returns:	`CertificateSigningRequest` – Instance of CertificateSigningRequest.

Example¶

crypto_csr

from cryptography import x509

csr_pem = """
-----BEGIN CERTIFICATE REQUEST-----
MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHQ2VydCBDTjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANOiYxJDZFLSPUpA98CtuDN4fL7UfQNIDrpqZJ4paQ6i
YmkU1fFIjM/PtfCAPycV66JUOd0pVFQMajmZCaF0wfo6WONuhbqYlTojfUxD1l5S
B9V9afhZqXt9L5AvHO6gf8bo6wHWGVtAL+FjYEa16BFwTiAqaFfXvRBcbgaAM2DD
t5dmrYyOysAR0m6T5AkS2TANO4/+TF+cqIhHwwMc4PRDQigGTMwYgOa30qq7Cmn2
tnxFogjG1y3YhsuagIxUJHkCLEdY+Oizr2UTD8OM57UXrrrQ90yAmqfsSiBQ1p2A
OJ9HCdzhsVIi1pneW3aR7hTBzxyVtDTrB8Uw817YBX8CAwEAAaAAMA0GCSqGSIb3
DQEBDQUAA4IBAQCoSEXDN9LObJnU+jpslg9IwciERem1kKjkkU5JHpX1ke9+8su/
qbFv8LUkwmmz09IQgQfYqaUJiMkuRwP9QX07o+0TJlMiog1XssCk3M/tJLDKjRSW
auf4eI7124lv2LToRxOq7F5RWnnE5T4mAYlrcNgmjrJXQo8NcYhQrvAr2mRe3BaG
4n15VU4agfO9VB6DYE4tziiwsmiZTt3RAXM+GQ+uqnKz8gMyBgUxx+J6dmTO3RA0
E4/OFGv5Ujtx7iXFWxaiU2xbuWhsgB9KkcBMvKw53h2P+Src4aQxqPnpqc1+NtCL
e59skp82bFTb8z71rtulJCrB5wVwmKu0vZRM
-----END CERTIFICATE REQUEST-----
"""

crypto_csr = x509.load_pem_x509_csr(csr_pem.encode())

from pki_tools import CertificateSigningRequest

csr = CertificateSigningRequest.from_cryptography(crypto_csr)

print(csr)

Print output

---
Certificate Signing Request:
  Public Key:
    key_size: '2048'
    modulus_n: |-
      26716358360742544711136558712918138457090578197784896616128362330453217873912769
      38973797190331477144533828320851286368308484453249053131491260959451466856446960
      43548112812652207234421352848628686980164413725264941098222269514216721188716622
      65590866097496954872762228616694151448613403733748380224855089049580564759153027
      66988474416809383902060297278802743411877979695292402720989981535491788799402318
      64116191530708924188357355511896332177591494948825032722689481817669730807125787
      41796163550115211562638399475127977459029514421310873620145663150204828820938017
      426289749515165066297784261832441262414445871314870207871
    public_exponent_e: '65537'
  Subject: 'CN: Cert CN'
Extensions: {}
Signature Algorithm: SHA512

sign ¶

sign(key_pair: CryptoKeyPair, signature_algorithm: Optional[SignatureAlgorithm] = None)

Sign the CSR with the provided key pair and signature algorithm.

Parameters:	`key_pair` (`CryptoKeyPair`) – Key pair with the private key to use while signing the CSR `signature_algorithm` (`Optional[SignatureAlgorithm]`, default: `None` ) – Signature algorithm to use for signing.

CertificateSigningRequest ¶

Examples¶

Create CSR¶

InitCryptoParser.from_pem_string¶

InitCryptoParser.from_file¶

InitCryptoParser.to_file¶

tbs_bytes property ¶

from_cryptography classmethod ¶

Example¶

sign ¶

InitCryptoParser.from_pem_string ¶

InitCryptoParser.from_file ¶

InitCryptoParser.to_file ¶

tbs_bytes `property` ¶

from_cryptography `classmethod` ¶