CertificateGenerator#
- class ansys.tools.common.utils.certificates.CertificateGenerator(key_size: int = 4096, validity_days: int = 1)#
Certificate generator for creating self-signed certificates for testing.
This class encapsulates all the logic needed to generate a complete PKI setup including CA, server, and client certificates.
Parameters#
- key_sizeint, optional
Size of the RSA keys in bits, by default 4096
- validity_daysint, optional
Number of days the certificates should be valid, by default 1 (24 hours)
Examples#
>>> from ansys.tools.common.utils.certificates import CertificateGenerator >>> gen = CertificateGenerator(validity_days=2) >>> ca_key, ca_cert = gen.create_ca_certificate() >>> server_key, server_cert = gen.create_server_certificate(ca_cert, ca_key, "localhost")
Overview#
Generate an RSA private key. |
|
Create a self-signed CA certificate. |
|
Create a server certificate signed by the CA with optional Subject Alternative Names. |
|
Create a client certificate signed by the CA. |
Save a private key to a PEM file. |
|
Save a certificate to a PEM file. |
Import detail#
from ansys.tools.common.utils.certificates import CertificateGenerator
Attribute detail#
- CertificateGenerator.key_size = 4096#
- CertificateGenerator.validity_days = 1#
Method detail#
- CertificateGenerator.generate_private_key() cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey#
Generate an RSA private key.
Returns#
- rsa.RSAPrivateKey
Generated RSA private key
- static CertificateGenerator.save_private_key(key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, filepath: pathlib.Path) None#
Save a private key to a PEM file.
Parameters#
- keyrsa.RSAPrivateKey
The private key to save
- filepathPath
Path to the output file
- static CertificateGenerator.save_certificate(cert: cryptography.x509.Certificate, filepath: pathlib.Path) None#
Save a certificate to a PEM file.
Parameters#
- certx509.Certificate
The certificate to save
- filepathPath
Path to the output file
- CertificateGenerator.create_ca_certificate(common_name: str = 'Test CA') tuple[cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.x509.Certificate]#
Create a self-signed CA certificate.
Parameters#
- common_namestr, optional
Common name for the CA certificate, by default “Test CA”
Returns#
- tuple[rsa.RSAPrivateKey, x509.Certificate]
Tuple containing (ca_key, ca_cert)
- CertificateGenerator.create_server_certificate(ca_cert: cryptography.x509.Certificate, ca_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, server_common_name: str, san_names: list[str] | None = None) tuple[cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.x509.Certificate]#
Create a server certificate signed by the CA with optional Subject Alternative Names.
Parameters#
- ca_certx509.Certificate
The CA certificate to use as issuer
- ca_keyrsa.RSAPrivateKey
The CA private key to sign the certificate
- server_common_namestr
The common name for the server certificate (will be used as CN and primary SAN)
- san_nameslist[str], optional
Additional Subject Alternative Names to include, by default None
Returns#
- tuple[rsa.RSAPrivateKey, x509.Certificate]
Tuple containing (server_key, server_cert)
- CertificateGenerator.create_client_certificate(ca_cert: cryptography.x509.Certificate, ca_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, client_common_name: str) tuple[cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.x509.Certificate]#
Create a client certificate signed by the CA.
Parameters#
- ca_certx509.Certificate
The CA certificate to use as issuer
- ca_keyrsa.RSAPrivateKey
The CA private key to sign the certificate
- client_common_namestr
The common name for the client certificate
Returns#
- tuple[rsa.RSAPrivateKey, x509.Certificate]
Tuple containing (client_key, client_cert)