From b3dba8e6db899b7a88409e2699d7fdb9d4a2fb9d Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Thu, 9 Aug 2012 18:52:12 -0700
Subject: [PATCH] function to generate RSA keypair and corresponding CSR

---
 client-webserver/make-req.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 client-webserver/make-req.py

diff --git a/client-webserver/make-req.py b/client-webserver/make-req.py
new file mode 100644
index 000000000..13d3829c4
--- /dev/null
+++ b/client-webserver/make-req.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+# based on M2Crypto unit test written by Toby Allsopp
+
+from M2Crypto import EVP, X509, RSA
+
+def mkreq(names, bits=2048):
+    """Return a tuple (key, csr) containing a PEM-formatted private key
+    of the specified number of bits and a CSR requesting a certificate for
+    the specified DNS names."""
+    pk = EVP.PKey()
+    x = X509.Request()
+    rsa = RSA.gen_key(bits, 65537)
+    pk.assign_rsa(rsa)
+    key_pem = rsa.as_pem(cipher=None)
+    rsa = None # should not be freed here
+    x.set_pubkey(pk)
+    name = x.get_subject()
+    name.CN = names[0]
+    extstack = X509.X509_Extension_Stack()
+    for n in names:
+        ext = X509.new_extension('subjectAltName', 'DNS:%s' % n)
+        extstack.push(ext)
+    x.add_extensions(extstack)
+    x.sign(pk,'sha1')
+    assert x.verify(pk)
+    pk2 = x.get_pubkey()
+    assert x.verify(pk2)
+    return key_pem, x.as_pem()