site/usecase-7/templates/templates.py [53:128]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - csr_webserver_privkey = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) csr_webserver_privkey_pem = csr_webserver_privkey.private_bytes(encoding=serialization.Encoding.PEM,\ format=serialization.PrivateFormat.PKCS8,\ encryption_algorithm=NoEncryption()) ################################################ # createa a csr for the code signing cert # ################################################ endpoint_serial_number = random.randint(1, 100000) subject_name_csr = x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, 'code signing'), x509.NameAttribute(NameOID.COUNTRY_NAME, 'US'), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'Nevada'), x509.NameAttribute(NameOID.LOCALITY_NAME, 'Las Vegas'), x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'customer'), x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, 'customerdept'), x509.NameAttribute(NameOID.SERIAL_NUMBER, str(str(endpoint_serial_number))) ]) # ca=False for non ca Certs basic_contraints = x509.BasicConstraints(ca=False, path_length=None) csr = ( x509.CertificateSigningRequestBuilder() .subject_name(subject_name_csr) .add_extension(basic_contraints, True) .sign(csr_webserver_privkey, hashes.SHA256(), default_backend()) ) csr_pem = csr.public_bytes(encoding=serialization.Encoding.PEM) response = acm_pca_client.issue_certificate( CertificateAuthorityArn=subordinate_pca_arn, Csr=csr_pem, SigningAlgorithm='SHA256WITHRSA', Validity={ 'Value': 180, 'Type': 'DAYS' }, IdempotencyToken='dp-workshop-subordinate', TemplateArn = 'arn:aws:acm-pca:::template/CodeSigningCertificate/V1' ) cert_arn = response['CertificateArn'] time.sleep(30) ############################################## # Let's get the certificate bytes # ############################################## response = acm_pca_client.get_certificate( CertificateAuthorityArn=subordinate_pca_arn, CertificateArn=cert_arn ) current_directory_path = os.path.dirname(os.path.realpath(__file__)) + '/' code_signing_cert_path = current_directory_path + 'codesigning_cert.pem' textfilecert = open(code_signing_cert_path, 'wb') textfilecert.write(response['Certificate'].encode('utf_8')) textfilecert.close() print("Successfully created code signing cert codesigning_cert.pem \n") except: print("Unexpected error:", sys.exc_info()[0]) raise else: exit(0) if __name__ == "__main__": main() - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - usecase-9/templates/templates.py [57:132]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - csr_webserver_privkey = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) csr_webserver_privkey_pem = csr_webserver_privkey.private_bytes(encoding=serialization.Encoding.PEM,\ format=serialization.PrivateFormat.PKCS8,\ encryption_algorithm=NoEncryption()) ################################################ # createa a csr for the code signing cert # ################################################ endpoint_serial_number = random.randint(1, 100000) subject_name_csr = x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, 'code signing'), x509.NameAttribute(NameOID.COUNTRY_NAME, 'US'), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'Nevada'), x509.NameAttribute(NameOID.LOCALITY_NAME, 'Las Vegas'), x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'customer'), x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, 'customerdept'), x509.NameAttribute(NameOID.SERIAL_NUMBER, str(str(endpoint_serial_number))) ]) # ca=False for non ca Certs basic_contraints = x509.BasicConstraints(ca=False, path_length=None) csr = ( x509.CertificateSigningRequestBuilder() .subject_name(subject_name_csr) .add_extension(basic_contraints, True) .sign(csr_webserver_privkey, hashes.SHA256(), default_backend()) ) csr_pem = csr.public_bytes(encoding=serialization.Encoding.PEM) response = acm_pca_client.issue_certificate( CertificateAuthorityArn=subordinate_pca_arn, Csr=csr_pem, SigningAlgorithm='SHA256WITHRSA', Validity={ 'Value': 180, 'Type': 'DAYS' }, IdempotencyToken='dp-workshop-subordinate', TemplateArn = 'arn:aws:acm-pca:::template/CodeSigningCertificate/V1' ) cert_arn = response['CertificateArn'] time.sleep(30) ############################################## # Let's get the certificate bytes # ############################################## response = acm_pca_client.get_certificate( CertificateAuthorityArn=subordinate_pca_arn, CertificateArn=cert_arn ) current_directory_path = os.path.dirname(os.path.realpath(__file__)) + '/' code_signing_cert_path = current_directory_path + 'codesigning_cert.pem' textfilecert = open(code_signing_cert_path, 'wb') textfilecert.write(response['Certificate'].encode('utf_8')) textfilecert.close() print("Successfully created code signing cert codesigning_cert.pem \n") except: print("Unexpected error:", sys.exc_info()[0]) raise else: exit(0) if __name__ == "__main__": main() - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -