本文整理汇总了Python中CertUtils.generate_int_and_ee方法的典型用法代码示例。如果您正苦于以下问题:Python CertUtils.generate_int_and_ee方法的具体用法?Python CertUtils.generate_int_and_ee怎么用?Python CertUtils.generate_int_and_ee使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类CertUtils的用法示例。
在下文中一共展示了CertUtils.generate_int_and_ee方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: generate_certs
# 需要导入模块: import CertUtils [as 别名]
# 或者: from CertUtils import generate_int_and_ee [as 别名]
def generate_certs():
init_nss_db()
ca_cert = 'evroot.der'
ca_key = 'evroot.key'
prefix = "ev-valid"
key_type = 'rsa'
ee_ext_text = (EE_basic_constraints + EE_full_ku + Server_eku +
authority_key_ident + aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_basic_constraints + EE_full_ku + CA_eku +
authority_key_ident + subject_key_ident +
aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + mozilla_testing_ev_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key,
"int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)
[bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic( db,
srcdir,
1,
'rsa',
'non-evroot-ca',
CA_basic_constraints + EE_full_ku +
authority_key_ident)
pk12file = CertUtils.generate_pkcs12(db, srcdir, bad_ca_cert, bad_ca_key,
"non-evroot-ca")
import_cert_and_pkcs12(bad_ca_cert, pk12file, "non-evroot-ca", "C,C,C")
prefix = "non-ev-root"
ee_ext_text = (EE_basic_constraints + EE_full_ku + Server_eku +
authority_key_ident + aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_basic_constraints + EE_full_ku + CA_eku +
authority_key_ident + aia_prefix + "int-" + prefix +
aia_suffix + intermediate_crl + subject_key_ident +
mozilla_testing_ev_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
bad_ca_key,
bad_ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key,
"int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)示例2: generate_certs
# 需要导入模块: import CertUtils [as 别名]
# 或者: from CertUtils import generate_int_and_ee [as 别名]
def generate_certs():
CertUtils.init_dsa(db)
ee_ext_text = EE_basic_constraints + EE_full_ku
for name, key_type in pk_name.iteritems():
ca_name = "ca-" + name
[ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
ca_name,
CA_basic_constraints + CA_min_ku)
[valid_int_key, valid_int_cert, ee_key, ee_cert] = (
CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
name + "-valid",
CA_basic_constraints,
ee_ext_text,
key_type) )
[int_key, int_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
"int-" + name + "-tampered",
ee_ext_text,
ca_key,
ca_cert)
[ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
name + "-tampered-int-valid-ee",
ee_ext_text,
int_key,
int_cert)
#only tamper after ee has been generated
tamper_cert(int_cert);
[ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
name + "-valid-int-tampered-ee",
ee_ext_text,
valid_int_key,
valid_int_cert)
tamper_cert(ee_cert);示例3: generate_certs
# 需要导入模块: import CertUtils [as 别名]
# 或者: from CertUtils import generate_int_and_ee [as 别名]
def generate_certs():
init_nss_db()
ca_cert = 'evroot.der'
ca_key = 'evroot.key'
prefix = "ev-valid"
key_type = 'rsa'
ee_ext_text = (aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + mozilla_testing_ev_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key,
"int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)
# now we generate an end entity cert with an AIA with no OCSP URL
no_ocsp_url_ext_aia = ("authorityInfoAccess =" +
"caIssuers;URI:http://www.example.com/ca.html\n");
[no_ocsp_key, no_ocsp_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100, 40000000),
key_type,
'no-ocsp-url-cert',
no_ocsp_url_ext_aia + endentity_crl +
mozilla_testing_ev_policy,
int_key, int_cert);
import_untrusted_cert(no_ocsp_cert, 'no-ocsp-url-cert');
# add an ev cert whose intermediate has a anypolicy oid
prefix = "ev-valid-anypolicy-int"
ee_ext_text = (aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + anypolicy_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key,
"int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)
[bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic( db,
srcdir,
1,
'rsa',
'non-evroot-ca',
CA_extensions)
pk12file = CertUtils.generate_pkcs12(db, srcdir, bad_ca_cert, bad_ca_key,
"non-evroot-ca")
import_cert_and_pkcs12(bad_ca_cert, pk12file, "non-evroot-ca", "C,C,C")
prefix = "non-ev-root"
ee_ext_text = (aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + mozilla_testing_ev_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
bad_ca_key,
bad_ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key,
"int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)示例4: generate_certs
# 需要导入模块: import CertUtils [as 别名]
# 或者: from CertUtils import generate_int_and_ee [as 别名]
def generate_certs():
init_nss_db()
ca_cert = "evroot.der"
ca_key = "evroot.key"
prefix = "ev-valid"
key_type = "rsa"
ee_ext_text = (
EE_basic_constraints
+ EE_full_ku
+ Server_eku
+ authority_key_ident
+ aia_prefix
+ prefix
+ aia_suffix
+ endentity_crl
+ mozilla_testing_ev_policy
)
int_ext_text = (
CA_basic_constraints
+ EE_full_ku
+ CA_eku
+ authority_key_ident
+ subject_key_ident
+ aia_prefix
+ "int-"
+ prefix
+ aia_suffix
+ intermediate_crl
+ mozilla_testing_ev_policy
)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(
db, srcdir, ca_key, ca_cert, prefix, int_ext_text, ee_ext_text, key_type
)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key, "int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)
# now we generate an end entity cert with an AIA with no OCSP URL
no_ocsp_url_ext_aia = "authorityInfoAccess =" + "caIssuers;URI:http://www.example.com/ca.html\n"
[no_ocsp_key, no_ocsp_cert] = CertUtils.generate_cert_generic(
db,
srcdir,
random.randint(100, 40000000),
key_type,
"no-ocsp-url-cert",
EE_basic_constraints
+ EE_full_ku
+ Server_eku
+ authority_key_ident
+ no_ocsp_url_ext_aia
+ endentity_crl
+ mozilla_testing_ev_policy,
int_key,
int_cert,
)
import_untrusted_cert(no_ocsp_cert, "no-ocsp-url-cert")
# add an ev cert whose intermediate has a anypolicy oid
prefix = "ev-valid-anypolicy-int"
ee_ext_text = (
EE_basic_constraints
+ EE_full_ku
+ Server_eku
+ authority_key_ident
+ aia_prefix
+ prefix
+ aia_suffix
+ endentity_crl
+ mozilla_testing_ev_policy
)
int_ext_text = (
CA_basic_constraints
+ EE_full_ku
+ CA_eku
+ authority_key_ident
+ subject_key_ident
+ aia_prefix
+ "int-"
+ prefix
+ aia_suffix
+ intermediate_crl
+ anypolicy_policy
)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(
db, srcdir, ca_key, ca_cert, prefix, int_ext_text, ee_ext_text, key_type
)
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key, "int-" + prefix)
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
import_untrusted_cert(ee_cert, prefix)
[bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic(
db, srcdir, 1, "rsa", "non-evroot-ca", CA_basic_constraints + EE_full_ku + authority_key_ident
)
pk12file = CertUtils.generate_pkcs12(db, srcdir, bad_ca_cert, bad_ca_key, "non-evroot-ca")
import_cert_and_pkcs12(bad_ca_cert, pk12file, "non-evroot-ca", "C,C,C")
prefix = "non-ev-root"
ee_ext_text = (
EE_basic_constraints
+ EE_full_ku
#.........这里部分代码省略.........