from datetime import datetime, timedelta

from cryptography import x509
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa


# ETAT


# generate a private key for the certificate
admin_private_key = rsa.generate_private_key(public_exponent=65537, key_size=4096)
# get the public key from it
admin_public_key = admin_private_key.public_key()

# create a builder for the certificate
builder = x509.CertificateBuilder(
    issuer_name=x509.Name([x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "vote.gouv.fr")]),
    subject_name=x509.Name([x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "vote.gouv.fr")]),
    serial_number=x509.random_serial_number(),
    public_key=admin_public_key,
    not_valid_before=datetime.now(),
    not_valid_after=datetime.now() + timedelta(weeks=1),
)

# create the certificate by signing it
admin_certificate = builder.sign(admin_private_key, algorithm=hashes.SHA256())


print(admin_certificate)


# BUREAU


# generate a private key for the certificate
machine_private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
# get the public key from it
machine_public_key = machine_private_key.public_key()

# create a builder for the certificate
builder = x509.CertificateBuilder(
    issuer_name=x509.Name([x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "vote.gouv.fr")]),
    subject_name=x509.Name([x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "machine.vote.gouv.fr")]),
    serial_number=x509.random_serial_number(),
    public_key=machine_public_key,
    not_valid_before=datetime.now(),
    not_valid_after=datetime.now() + timedelta(weeks=1),
)

# create the certificate by signing it
machine_certificate = builder.sign(admin_private_key, algorithm=hashes.SHA256())


print(machine_certificate)
# check that the machine
machine_certificate.verify_directly_issued_by(admin_certificate)