本文整理汇总了Python中OpenSSL.crypto.PKCS12属性的典型用法代码示例。如果您正苦于以下问题:Python crypto.PKCS12属性的具体用法?Python crypto.PKCS12怎么用?Python crypto.PKCS12使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类OpenSSL.crypto
的用法示例。
在下文中一共展示了crypto.PKCS12属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _create_pkcs12_bin
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def _create_pkcs12_bin(self):
"""
Helper function to create an encrypted pkcs12 binary for download
:return: PKCS12 binary
"""
certificate = self.get_tokeninfo("certificate")
privatekey = self.get_tokeninfo("privatekey")
pkcs12 = crypto.PKCS12()
pkcs12.set_certificate(crypto.load_certificate(
crypto.FILETYPE_PEM, certificate))
pkcs12.set_privatekey(crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey))
# TODO define a random passphrase and hand it to the user
passphrase = self.token.get_pin()
if passphrase == -1:
passphrase = ""
pkcs12_bin = pkcs12.export(passphrase=passphrase)
return pkcs12_bin
示例2: get_as_dict
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def get_as_dict(self):
"""
This returns the token data as a dictionary.
It is used to display the token list at /token/list.
The certificate token can add the PKCS12 file if it exists
:return: The token data as dict
:rtype: dict
"""
# first get the database values as dict
token_dict = self.token.get()
if "privatekey" in token_dict.get("info"):
token_dict["info"]["pkcs12"] = b64encode_and_unicode(self._create_pkcs12_bin())
return token_dict
示例3: _create_self_signed_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def _create_self_signed_cert(self):
# Create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# Create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = "NL"
cert.get_subject().ST = "Rotterdam"
cert.get_subject().L = "Rotterdam"
cert.get_subject().O = "Mendix" # noqa: E741
cert.get_subject().OU = "Mendix"
cert.get_subject().CN = gethostname()
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, "sha1")
# Create a P12 container
p12 = crypto.PKCS12()
p12.set_certificate(cert)
return p12.export()
# The following two tests ensure that the certificates are being loaded into the right configuration key
# Mendix 7.20 deprecated WebServiceClientCertificates in favour of ClientCertificateUsagess
示例4: store_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def store_cert(self, context, certificate, private_key, intermediates=None,
private_key_passphrase=None, expiration=None,
name="PKCS12 Certificate Bundle"):
p12 = crypto.PKCS12()
p12.set_certificate(certificate)
p12.set_privatekey(private_key)
if intermediates:
p12.set_ca_certificates(intermediates)
if private_key_passphrase:
raise exceptions.CertificateStorageException(
"Passphrases protected PKCS12 certificates are not supported.")
p12_data = opaque_data.OpaqueData(p12.export(), name=name)
self.manager.store(context, p12_data)
示例5: get_init_detail
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def get_init_detail(self, params=None, user=None):
"""
At the end of the initialization we return the certificate and the
PKCS12 file, if the private key exists.
"""
response_detail = TokenClass.get_init_detail(self, params, user)
params = params or {}
certificate = self.get_tokeninfo("certificate")
response_detail["certificate"] = certificate
privatekey = self.get_tokeninfo("privatekey")
# If there is a private key, we dump a PKCS12
if privatekey:
response_detail["pkcs12"] = b64encode_and_unicode(self._create_pkcs12_bin())
return response_detail
示例6: set_pin
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def set_pin(self, pin, encrypt=False):
"""
set the PIN of a token.
The PIN of the certificate token is stored encrypted. It is used as
passphrase for the PKCS12 file.
:param pin: the pin to be set for the token
:type pin: basestring
:param encrypt: If set to True, the pin is stored encrypted and
can be retrieved from the database again
:type encrypt: bool
"""
storeHashed = False
self.token.set_pin(pin, storeHashed)
示例7: p12_assertions
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def p12_assertions(self, cdir, cert, key, p12, cacert=None):
'''
test basic p12 certificate bundle assumptions
Args:
cdir (s_certdir.CertDir): certdir object
cert (crypto.X509): Cert to test
key (crypto.PKey): Key for the certification
p12 (crypto.PKCS12): PKCS12 object to test
cacert (crypto.X509): Corresponding CA cert (optional)
'''
self.nn(p12)
# Pull out the CA cert and keypair data
p12_cacert = None
if cacert:
p12_cacert = p12.get_ca_certificates()
self.nn(p12_cacert)
self.len(1, p12_cacert)
p12_cacert = p12_cacert[0]
self.eq(crypto.dump_certificate(crypto.FILETYPE_ASN1, cacert), crypto.dump_certificate(crypto.FILETYPE_ASN1, p12_cacert))
p12_cert = p12.get_certificate()
p12_key = p12.get_privatekey()
self.basic_assertions(cdir, p12_cert, p12_key, cacert=p12_cacert)
# Make sure that the CA cert and keypair files are the same as the CA cert and keypair contained in the p12 file
self.eq(crypto.dump_certificate(crypto.FILETYPE_ASN1, cert), crypto.dump_certificate(crypto.FILETYPE_ASN1, p12_cert))
self.eq(crypto.dump_privatekey(crypto.FILETYPE_ASN1, key), crypto.dump_privatekey(crypto.FILETYPE_ASN1, p12_key))
示例8: store_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import PKCS12 [as 别名]
def store_cert(self, context, certificate, private_key, intermediates=None,
private_key_passphrase=None, expiration=None,
name="PKCS12 Certificate Bundle"):
"""Stores a certificate in the certificate manager.
:param context: Oslo context of the request
:param certificate: PEM encoded TLS certificate
:param private_key: private key for the supplied certificate
:param intermediates: ordered and concatenated intermediate certs
:param private_key_passphrase: optional passphrase for the supplied key
:param expiration: the expiration time of the cert in ISO 8601 format
:param name: a friendly name for the cert
:returns: the container_ref of the stored cert
:raises Exception: if certificate storage fails
"""
connection = self.auth.get_barbican_client(context.project_id)
LOG.info("Storing certificate secret '%s' in Barbican.", name)
p12 = crypto.PKCS12()
p12.set_friendlyname(encodeutils.to_utf8(name))
x509_cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
p12.set_certificate(x509_cert)
x509_pk = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
p12.set_privatekey(x509_pk)
if intermediates:
cert_ints = list(cert_parser.get_intermediates_pems(intermediates))
x509_ints = [
crypto.load_certificate(crypto.FILETYPE_PEM, ci)
for ci in cert_ints]
p12.set_ca_certificates(x509_ints)
if private_key_passphrase:
raise exceptions.CertificateStorageException(
"Passphrase protected PKCS12 certificates are not supported.")
try:
certificate_secret = connection.secrets.create(
payload=p12.export(),
expiration=expiration,
name=name
)
certificate_secret.store()
return certificate_secret.secret_ref
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error('Error storing certificate data: %s', e)