M2Crypto: AttributeError: 'CSR' object has no attribute 'pkey'

  • Thread starter Matthias Güntert
  • Start date
M

Matthias Güntert

Hello python-guys

I am trying to build a python based certificate authority using
m2crypto. I am quite new to python and I am asking myself why my code
snippets below throw the following Traceback:

$ python csr.py

....++++++++++++
................++++++++++++
Traceback (most recent call last):
File "csr.py", line 48, in <module>
csr.create_cert_signing_request(pubkey, cert_name)
File "csr.py", line 17, in create_cert_signing_request
cert_request.set_pubkey(keypair)
File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 926,
in set_pubkey
return m2.x509_req_set_pubkey( self.req, pkey.pkey )
AttributeError: 'CSR' object has no attribute 'pkey'

Bellow are my modules containing two classes CSR and Keypair. There
seems to be something wrong in the way I am calling
csr.create_cert_signing_request(), because if I directly add the key
generation part to the create_cert_singing_request function it works...

http://www.heikkitoivonen.net/m2crypto/api/M2Crypto.X509.Request-class.html#set_pubkey

This link states out, that the instance function set_pubkey takes an
EVP_KEY object as argument, and thats what I am passing to it, or not?

I really would be happy if someone could give me a helping hand on this
and maybe could comment every style / ... mistake I made to accelerate
my learning experience.

Thanks,
Matthias

$ cat csr.py

from config import *
from keypair import *
from M2Crypto import X509, EVP

class CSR(object):
def __init__(self):
pass

def create_cert_signing_request(keypair, cert_name,
cert_extension_stack=None):
# create a certificate signing request object
cert_request = X509.Request()

# set certificate version to 3
cert_request.set_version(3)

# which rsa public key should be used?
cert_request.set_pubkey(keypair)

# create an subject for the certificate request
cert_request.set_subject_name(cert_name)

if cert_extension_stack != None:
# add the extensions to the request
cert_request.add_extensions(cert_extension_stack)

# sign the request using the RSA key pair
cert_request.sign(keypair, 'sha1')

return cert_request

if __name__ == "__main__":
csr = CSR()
cert_name = X509.X509_Name()
keyp = Keypair()

keyp.create_keypair()
keyp.save_keypair("host.key")
pubkey = keyp.get_keypair()

cert_name.C = "GB"
cert_name.ST = "Greater Manchester"
cert_name.L = "Salford"
cert_name.O = "COMODO CA Limited"
cert_name.CN = "COMODO Certification Authority"
cert_name.OU = "Information Technology"
cert_name.Email = "(e-mail address removed)"

csr.create_cert_signing_request(pubkey, cert_name)

$ cat keypair.py

from M2Crypto import X509, m2, RSA, EVP
from config import *

class Keypair(object):
def __init__(self):
self.config = Config()
self.keypair = EVP.PKey()

def create_keypair(self):
# generate an RSA key pair
# OpenSSL book page 232
# second argument should be a constant RSA_F4 or RSA_3
rsa_key_pair =
RSA.gen_key(int(self.config.get_attribute('CA','key_size')), m2.RSA_F4)

# check if RSA key pair is usable
# OpenSSL book page 232
if rsa_key_pair.check_key() != 1:
print 'error while generating key!'
sys.exit()

# EVP object which can hold either a DSA or an RSA object
# OpenSSL book page 236
evp_key_container = EVP.PKey()
evp_key_container.assign_rsa(rsa_key_pair)

self.keypair = evp_key_container

def save_keypair(self, filename):
self.keypair.save_key(filename, None)

def load_keypair(self, filename):
self.keypair = EVP.load_key(filename)

def get_keypair(self):
return self.keypair

def get_public_key(self):
return self.keypair.pkey

def print_keypair(self):
print self.keypair.as_pem(None)

if __name__ == "__main__":
key = Keypair()
key.create_keypair()
key.save_keypair("test.key")

print key.get_keypair()
print key.get_public_key()
 
H

Heikki Toivonen

Matthias said:
class CSR(object):
def __init__(self):
pass

def create_cert_signing_request(keypair, cert_name,
cert_extension_stack=None):
Click to expand...

You missed self. Although this method does not seem to be using any
instance data so there isn't actually much reason to have a CSR object
unless you intend to expand it in ways that require it.
if cert_extension_stack != None:
Click to expand...

A word of advice: always check equality/inequality to None with 'is',
because that way it is a straight pointer conversion which is faster and
won't cause any surprises. In other words, write the above as:

if cert_extension_stack is not None:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

M2Crypto: How to generate subjectKeyIdentifier /authorityKeyIdentifier 4
AttributeError: 'Ball' object has no attribute 'hit_paddle' 1
AttributeError: ' ' object has no attribute ' ' 4
AttributeError: 'Or' object has no attribute 'as_independent' 1
Exception running GNU module "op25_grc.py" : AttributeError:'gr_hier_block2_sptr' object has no 3
AttributeError: 'gr_hier_block2_sptr' object has no attribute'set_callback' 0
AttributeError: 'module' object has no attribute 'pack' 0
EXP(ORT) ciphers and M2Crypto/OpenSSL 0

Members online

No members online now.
Total: 48 (members: 2, guests: 46)
Robots: 482

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,710
Latest member
bernietqt

Latest Threads

Top