from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from OpenSSL import crypto
import tkinter 
import tkinter.filedialog 
root=tkinter.Tk()
root.withdraw()
#加载公钥
path=tkinter.filedialog.askopenfilename(title="选择公钥文件",filetypes=[("PEM files","*.pem")])
with open(path, 'rb') as f:
    public_key = f.read()
public_key = crypto.load_publickey(crypto.FILETYPE_PEM, public_key)
#加载私钥
path=tkinter.filedialog.askopenfilename(title="选择私钥文件",filetypes=[("PEM files","*.pem")])
with open(path, 'rb') as f:
    private_key = f.read()
private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
cert = crypto.X509()
cert.get_subject().C = "CN"
cert.get_subject().ST = "Beijing"
cert.get_subject().L = "Beijing"
cert.get_subject().O = "Example Inc."
cert.get_subject().OU = "IT"
cert.get_subject().CN = "example.com"
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)  
# 有效期10年
cert.set_issuer(cert.get_subject())
cert.set_pubkey(public_key)
cert.sign(private_key, 'sha256')
# 保存证书
cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
path=tkinter.filedialog.asksaveasfilename(title="证书保存",defaultextension=".pem", filetypes=[("PEM files", "*.pem")])

try:
    with open(path,'wb') as f:
        f.write(cert_pem)
except:
    print("保存失败")