"""

        Generates private key. Key algorithm and parameters are

        deterimened by instance's key specification (passed-in during

        instance creation).

        :returns: Private key.

        """

        if self._algorithm == "rsa":

            rsa_public_exponent = 65537

    :type issuer_dn: cryptography.x509.Name

    :param subject_dn: Subject DN to use in issued certificate.

    :type subject_dn: cryptography.x509.Name

    :param signing_key: Private key belonging to entity associated with passed-in issuer_dn. Used for signing the certificate data.

    :param public_key: Public key belonging to entity associated with passed-in subject_dn. Used as part of certificate to denote its owner.

    :param not_before: Beginning of certifiate validity.

    :type datetime.datetime.:

    :param not_after: End of certificate validity.

    :type datetime.datetime:

    naming as basis for the DNs.

    :param base_name: Base name for constructing the CA DNs. Resulting DNs are of format 'BASE Level N'.

    :type base_name: str

    :param key_generator: Callable for generating private keys.

    :returns: List of CA private key and certificate pairs, starting with the level 1 (root) CA, and ending with the leaf CA.

    :rtype: list[(cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or

                  cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, cryptography.x509.Certificate)]

    """

    Server certificate validity will not exceed the CA validity.

    :param name: Name of the server end entity. Name will be part of subject DN CN field.

    :type name: str

    :param public_key: Public key of the server end entity.

    :param issuer_private_key: Private key of the issuer to use for signing the server certificate structure.

    :param issuer_certificate: Certificate of certificate issuer. Naming and validity constraints will be applied based on its content.

    :type issuer_certificate: cryptography.x509.Certificate

    :param extra_dns_names: Additional DNS names to include in subject alternative name. Set to None (default) to not include anything.

    :type extra_dns_names: list[str] or None

    Client certificate validity will not exceed the CA validity.

    :param name: Name of the client end entity. Name will be part of subject DN CN field.

    :type name: str

    :param public_key: Public key of the server end entity.

    :param issuer_private_key: Private key of the issuer to use for signing the client certificate structure.

    :param issuer_certificate: Certificate of certificate issuer. Naming and validity constraints will be applied based on its content.

    :type issuer_certificate: cryptography.x509.Certificate

    :returns: Client certificate issued by designated issuer.

    :rtype: cryptography.x509.Certificate

    subject DNs, as well as extensions from the old certificate.

    :param old_certificate: Previously issued certificate.

    :type old_certificate: cryptography.x509.Certificate

    :param public_key: Public key to use in resulting certificate. Allows replacement of public key in new certificate.

    :param issuer_private_key: Private key of the issuer to use for signing the certificate structure.

    :param issuer_certificate: Certificate of certificate issuer. Naming and validity constraints will be applied based on its content.

    :type issuer_certificate: cryptography.x509.Certificate

    :returns: New certificate, which preserves naming, extensions, and public key of the old one.

    :rtype: cryptography.x509.Certificate

    Generates certificate signing request.

    :param name: Name of the end entity. If string, passed-in name is treated as value for CN in subject DN.

    :type name: str or cryptography.x509.Name

    :param private_key: Private key of end entity to use for signing the CSR.

    :returns: Certificate signing request with specified naming signed with passed-in private key.

    :rtype: cryptography.x509.CertificateSigningRequest

    """

    if isinstance(name, cryptography.x509.Name):

def key_specification_from_public_key(public_key):

    """

    Derives key specification (algorithm and associated parameters)

    from the passed-in public key. Key specification can be used for

    generating the private keys via KeyGenerator instances.

    :returns: Key algorithm and parameter(s) for generating same type of keys as the passed-in public key.

    :raises ValueError: If algorithm/parameters could not be derived from the passed-in public key.

    """

    if isinstance(public_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey):

        return "rsa", public_key.key_size

    Writes the passed-in private key to designated path in

    OpenSSL-style PEM format.

    The private key is written without any encryption.

    :param private_key: Private key that should be written.

    :param path: File path where the key should be written.

    :type path: str

    """

    private_key_pem = private_key.private_bytes(

    pattern 'levelN.key.pem' and 'levelN.cert.pem' will be read.

    :param ca_directory: Path to directory containing the CA artifacts (private keys and certificates).

    :type ca_directory: str

    :returns: List of private key/certificate pairs, starting with the level 1 CA and moving down the chain to leaf CA.

    """

    ca_hierarchy = []

    level = 1

    while os.path.exists(os.path.join(ca_directory, "level%d.key.pem" % level)) and os.path.exists(os.path.join(ca_directory, "level%d.cert.pem" % level)):

    provided in OpenSSL-style PEM format, unencrypted.

    :param private_key_path: Path to private key to read.

    :type private_key_path: str

    :returns: Private key object read from the specified file.

    """

    with open(private_key_path, 'rb') as private_key_file:

        private_key = cryptography.hazmat.primitives.serialization.load_pem_private_key(

            private_key_file.read(),

            None,  # no password