support random_serial_number in the CertificateBuilder (#3132)

* support random_serial_number in the CertificateBuilder

* turns out pytest's monkeypatch has an undo

* random_serial_number now a function

* just certs

2 files changed, 7 insertions, 0 deletions

diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index 968d29d0..feab4497 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -11,6 +11,7 @@ from cryptography.x509.base import (
     InvalidVersion, RevokedCertificate, RevokedCertificateBuilder,
     Version, load_der_x509_certificate, load_der_x509_crl, load_der_x509_csr,
     load_pem_x509_certificate, load_pem_x509_crl, load_pem_x509_csr,
+    random_serial_number,
 )
 from cryptography.x509.extensions import (
     AccessDescription, AuthorityInformationAccess,
@@ -113,6 +114,7 @@ __all__ = [
     "load_der_x509_csr",
     "load_pem_x509_crl",
     "load_der_x509_crl",
+    "random_serial_number",
     "InvalidVersion",
     "DuplicateExtension",
     "UnsupportedExtension",
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 498ccbb9..ffa71916 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -6,6 +6,7 @@ from __future__ import absolute_import, division, print_function
 
 import abc
 import datetime
+import os
 from enum import Enum
 
 import six
@@ -723,3 +724,7 @@ class RevokedCertificateBuilder(object):
             )
 
         return backend.create_x509_revoked_certificate(self)
+
+
+def random_serial_number():
+    return utils.int_from_bytes(os.urandom(20), "big") >> 1