本文整理汇总了Python中OpenSSL.crypto.FILETYPE_PEM属性的典型用法代码示例。如果您正苦于以下问题:Python crypto.FILETYPE_PEM属性的具体用法?Python crypto.FILETYPE_PEM怎么用?Python crypto.FILETYPE_PEM使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类OpenSSL.crypto的用法示例。
在下文中一共展示了crypto.FILETYPE_PEM属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: is_real_certificate_installed
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def is_real_certificate_installed(self):
if not os.path.exists(self.platform_config.get_ssl_certificate_file()):
return False
cert = crypto.load_certificate(
crypto.FILETYPE_PEM, open(self.platform_config.get_ssl_certificate_file()).read())
if cert.get_issuer().CN == cert.get_subject().CN:
self.log.info('issuer: {0}'.format(cert.get_issuer().CN))
self.log.info('self signed certificate')
return False
if 'Fake' in cert.get_issuer().CN:
self.log.info('issuer: {0}'.format(cert.get_issuer().CN))
self.log.info('test certificate')
return False
self.log.info('real certificate')
self.log.info('issuer: {0}, subject: {1}'.format(cert.get_issuer().CN, cert.get_subject().CN))
return True 示例2: _get_crl_next_update
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def _get_crl_next_update(filename):
"""
Read the CRL file and return the next update as datetime
:param filename:
:return:
"""
dt = None
f = open(filename)
crl_buff = f.read()
f.close()
crl_obj = crypto.load_crl(crypto.FILETYPE_PEM, crl_buff)
# Get "Next Update" of CRL
# Unfortunately pyOpenSSL does not support this. so we dump the
# CRL and parse the text :-/
# We do not want to add dependency to pyasn1
crl_text = to_unicode(crypto.dump_crl(crypto.FILETYPE_TEXT, crl_obj))
for line in crl_text.split("\n"):
if "Next Update: " in line:
key, value = line.split(":", 1)
date = value.strip()
dt = datetime.datetime.strptime(date, "%b %d %X %Y %Z")
break
return dt 示例3: _create_pkcs12_bin
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def _create_pkcs12_bin(self):
"""
Helper function to create an encrypted pkcs12 binary for download
:return: PKCS12 binary
"""
certificate = self.get_tokeninfo("certificate")
privatekey = self.get_tokeninfo("privatekey")
pkcs12 = crypto.PKCS12()
pkcs12.set_certificate(crypto.load_certificate(
crypto.FILETYPE_PEM, certificate))
pkcs12.set_privatekey(crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey))
# TODO define a random passphrase and hand it to the user
passphrase = self.token.get_pin()
if passphrase == -1:
passphrase = ""
pkcs12_bin = pkcs12.export(passphrase=passphrase)
return pkcs12_bin 示例4: test_set_verify_callback_exception
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_set_verify_callback_exception(self):
"""
If the verify callback passed to :py:obj:`Context.set_verify` raises an
exception, verification fails and the exception is propagated to the
caller of :py:obj:`Connection.do_handshake`.
"""
serverContext = Context(TLSv1_METHOD)
serverContext.use_privatekey(
load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
serverContext.use_certificate(
load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
clientContext = Context(TLSv1_METHOD)
def verify_callback(*args):
raise Exception("silly verify failure")
clientContext.set_verify(VERIFY_PEER, verify_callback)
exc = self.assertRaises(
Exception, self._handshake_test, serverContext, clientContext)
self.assertEqual("silly verify failure", str(exc)) 示例5: test_accept
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_accept(self):
"""
:py:obj:`Connection.accept` accepts a pending connection attempt and returns a
tuple of a new :py:obj:`Connection` (the accepted client) and the address the
connection originated from.
"""
ctx = Context(TLSv1_METHOD)
ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
port = socket()
portSSL = Connection(ctx, port)
portSSL.bind(('', 0))
portSSL.listen(3)
clientSSL = Connection(Context(TLSv1_METHOD), socket())
# Calling portSSL.getsockname() here to get the server IP address sounds
# great, but frequently fails on Windows.
clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))
serverSSL, address = portSSL.accept()
self.assertTrue(isinstance(serverSSL, Connection))
self.assertIdentical(serverSSL.get_context(), ctx)
self.assertEquals(address, clientSSL.getsockname()) 示例6: _server
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def _server(self, sock):
"""
Create a new server-side SSL :py:obj:`Connection` object wrapped around
:py:obj:`sock`.
"""
# Create the server side Connection. This is mostly setup boilerplate
# - use TLSv1, use a particular certificate, etc.
server_ctx = Context(TLSv1_METHOD)
server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
server_store = server_ctx.get_cert_store()
server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
server_ctx.check_privatekey()
server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
# Here the Connection is actually created. If None is passed as the 2nd
# parameter, it indicates a memory BIO should be created.
server_conn = Connection(server_ctx, sock)
server_conn.set_accept_state()
return server_conn 示例7: _client
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def _client(self, sock):
"""
Create a new client-side SSL :py:obj:`Connection` object wrapped around
:py:obj:`sock`.
"""
# Now create the client side Connection. Similar boilerplate to the
# above.
client_ctx = Context(TLSv1_METHOD)
client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
client_store = client_ctx.get_cert_store()
client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))
client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))
client_ctx.check_privatekey()
client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
client_conn = Connection(client_ctx, sock)
client_conn.set_connect_state()
return client_conn 示例8: test_set_multiple_ca_list
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_set_multiple_ca_list(self):
"""
If passed a list containing multiple X509Name objects,
:py:obj:`Context.set_client_ca_list` configures the context to send those CA
names to the client and, on both the server and client sides,
:py:obj:`Connection.get_client_ca_list` returns a list containing those
X509Names after the connection is set up.
"""
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
sedesc = secert.get_subject()
cldesc = clcert.get_subject()
def multiple_ca(ctx):
L = [sedesc, cldesc]
ctx.set_client_ca_list(L)
return L
self._check_client_ca_list(multiple_ca) 示例9: test_reset_ca_list
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_reset_ca_list(self):
"""
If called multiple times, only the X509Names passed to the final call
of :py:obj:`Context.set_client_ca_list` are used to configure the CA names
sent to the client.
"""
cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
cadesc = cacert.get_subject()
sedesc = secert.get_subject()
cldesc = clcert.get_subject()
def changed_ca(ctx):
ctx.set_client_ca_list([sedesc, cldesc])
ctx.set_client_ca_list([cadesc])
return [cadesc]
self._check_client_ca_list(changed_ca) 示例10: test_mutated_ca_list
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_mutated_ca_list(self):
"""
If the list passed to :py:obj:`Context.set_client_ca_list` is mutated
afterwards, this does not affect the list of CA names sent to the
client.
"""
cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
cadesc = cacert.get_subject()
sedesc = secert.get_subject()
def mutated_ca(ctx):
L = [cadesc]
ctx.set_client_ca_list([cadesc])
L.append(sedesc)
return [cadesc]
self._check_client_ca_list(mutated_ca) 示例11: test_set_and_add_client_ca
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_set_and_add_client_ca(self):
"""
A call to :py:obj:`Context.set_client_ca_list` followed by a call to
:py:obj:`Context.add_client_ca` results in using the CA names from the first
call and the CA name from the second call.
"""
cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
cadesc = cacert.get_subject()
sedesc = secert.get_subject()
cldesc = clcert.get_subject()
def mixed_set_add_ca(ctx):
ctx.set_client_ca_list([cadesc, sedesc])
ctx.add_client_ca(clcert)
return [cadesc, sedesc, cldesc]
self._check_client_ca_list(mixed_set_add_ca) 示例12: test_set_after_add_client_ca
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_set_after_add_client_ca(self):
"""
A call to :py:obj:`Context.set_client_ca_list` after a call to
:py:obj:`Context.add_client_ca` replaces the CA name specified by the former
call with the names specified by the latter cal.
"""
cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
cadesc = cacert.get_subject()
sedesc = secert.get_subject()
def set_replaces_add_ca(ctx):
ctx.add_client_ca(clcert)
ctx.set_client_ca_list([cadesc])
ctx.add_client_ca(secert)
return [cadesc, sedesc]
self._check_client_ca_list(set_replaces_add_ca) 示例13: test_extension_count
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_extension_count(self):
"""
:py:obj:`X509.get_extension_count` returns the number of extensions that are
present in the certificate.
"""
pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
subjectAltName = X509Extension(
b('subjectAltName'), True, b('DNS:example.com'))
# Try a certificate with no extensions at all.
c = self._extcert(pkey, [])
self.assertEqual(c.get_extension_count(), 0)
# And a certificate with one
c = self._extcert(pkey, [ca])
self.assertEqual(c.get_extension_count(), 1)
# And a certificate with several
c = self._extcert(pkey, [ca, key, subjectAltName])
self.assertEqual(c.get_extension_count(), 3) 示例14: test_nullbyte_subjectAltName
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def test_nullbyte_subjectAltName(self):
"""
The fields of a `subjectAltName` extension on an X509 may contain NUL
bytes and this value is reflected in the string representation of the
extension object.
"""
cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM)
ext = cert.get_extension(3)
self.assertEqual(ext.get_short_name(), b('subjectAltName'))
self.assertEqual(
b("DNS:altnull.python.org\x00example.com, "
"email:null@python.org\x00user@example.org, "
"URI:http://null.python.org\x00http://example.org, "
"IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n"),
b(str(ext))) 示例15: gen_pkcs12
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import FILETYPE_PEM [as 别名]
def gen_pkcs12(self, cert_pem=None, key_pem=None, ca_pem=None, friendly_name=None):
"""
Generate a PKCS12 object with components from PEM. Verify that the set
functions return None.
"""
p12 = PKCS12()
if cert_pem:
ret = p12.set_certificate(load_certificate(FILETYPE_PEM, cert_pem))
self.assertEqual(ret, None)
if key_pem:
ret = p12.set_privatekey(load_privatekey(FILETYPE_PEM, key_pem))
self.assertEqual(ret, None)
if ca_pem:
ret = p12.set_ca_certificates((load_certificate(FILETYPE_PEM, ca_pem),))
self.assertEqual(ret, None)
if friendly_name:
ret = p12.set_friendlyname(friendly_name)
self.assertEqual(ret, None)
return p12