本文整理汇总了Python中OpenSSL.crypto.PKey类的典型用法代码示例。如果您正苦于以下问题:Python PKey类的具体用法?Python PKey怎么用?Python PKey使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了PKey类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __getitem__
def __getitem__(self, cn):
cnp = path.sep.join([self.cache_dir, '.pymp_%s.pem' % cn])
if not path.exists(cnp):
# create certificate
key = PKey()
key.generate_key(TYPE_RSA, 2048)
# Generate CSR
req = X509Req()
req.get_subject().CN = cn
req.set_pubkey(key)
req.sign(key, 'sha1')
# Sign CSR
cert = X509()
cert.set_subject(req.get_subject())
cert.set_serial_number(self.serial)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(31536000)
cert.set_issuer(self.cert.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha1')
with open(cnp, 'wb+') as f:
f.write(dump_privatekey(FILETYPE_PEM, key))
f.write(dump_certificate(FILETYPE_PEM, cert))
return cnp示例2: _sign_ca
def _sign_ca(self,cn,cnp):
#使用合法的CA证书为代理程序生成服务器证书
# create certificate
try:
key = PKey()
key.generate_key(TYPE_RSA, 2048)
# Generate CSR
req = X509Req()
req.get_subject().CN = cn
req.set_pubkey(key)
req.sign(key, 'sha256')
# Sign CSR
cert = X509()
cert.set_version(2)
cert.set_subject(req.get_subject())
cert.set_serial_number(self.serial)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(31536000)
cert.set_issuer(self.cert.get_subject())
ss = ("DNS:%s" % cn).encode(encoding="utf-8")
cert.add_extensions(
[X509Extension(b"subjectAltName", False, ss)])
cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha256')
with open(cnp, 'wb+') as f:
f.write(dump_privatekey(FILETYPE_PEM, key))
f.write(dump_certificate(FILETYPE_PEM, cert))
except Exception as e:
raise Exception("generate CA fail:{}".format(str(e)))示例3: test_pregeneration
def test_pregeneration(self):
"""
L{PKeyType.bits} and L{PKeyType.type} return C{0} before the key is
generated.
"""
key = PKey()
self.assertEqual(key.type(), 0)
self.assertEqual(key.bits(), 0)示例4: test_use_privatekey
def test_use_privatekey(self):
"""
L{Context.use_privatekey} takes an L{OpenSSL.crypto.PKey} instance.
"""
key = PKey()
key.generate_key(TYPE_RSA, 128)
ctx = Context(TLSv1_METHOD)
ctx.use_privatekey(key)
self.assertRaises(TypeError, ctx.use_privatekey, "")示例5: gen_rsa_key
def gen_rsa_key(bits):
"""
Generate an RSA key and returns it in PEM format.
:rtype: An RSA key as an `pyopenssl.OpenSSL.crypto.PKey`
"""
key = PKey()
key.generate_key(TYPE_RSA, bits)
return crypto.dump_privatekey(SSL.FILETYPE_PEM, key)示例6: test_rsaGeneration
def test_rsaGeneration(self):
"""
L{PKeyType.generate_key} generates an RSA key when passed
L{TYPE_RSA} as a type and a reasonable number of bits.
"""
bits = 128
key = PKey()
key.generate_key(TYPE_RSA, bits)
self.assertEqual(key.type(), TYPE_RSA)
self.assertEqual(key.bits(), bits)示例7: test_regeneration
def test_regeneration(self):
"""
L{PKeyType.generate_key} can be called multiple times on the same
key to generate new keys.
"""
key = PKey()
for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]:
key.generate_key(type, bits)
self.assertEqual(key.type(), type)
self.assertEqual(key.bits(), bits)示例8: test_signWithPublicKey
def test_signWithPublicKey(self):
"""
L{X509Req.sign} raises L{ValueError} when pass a L{PKey} with no
private part as the signing key.
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
request.set_pubkey(key)
pub = request.get_pubkey()
self.assertRaises(ValueError, request.sign, pub, 'MD5')示例9: createDGPairs
def createDGPairs(username):
private_path = 'private/'
public_path = 'public/'
private_path += username
public_path += username
P = PKey()
P.generate_key(TYPE_RSA, 1024)
#写入
with open(public_path,'w') as f:
f.write(dump_publickey(FILETYPE_PEM, P).decode('utf-8'))
with open(private_path,'w') as f:
f.write(dump_privatekey(FILETYPE_PEM, P).decode('utf-8'))示例10: test_dsaGeneration
def test_dsaGeneration(self):
"""
L{PKeyType.generate_key} generates a DSA key when passed
L{TYPE_DSA} as a type and a reasonable number of bits.
"""
# 512 is a magic number. The DSS (Digital Signature Standard)
# allows a minimum of 512 bits for DSA. DSA_generate_parameters
# will silently promote any value below 512 to 512.
bits = 512
key = PKey()
key.generate_key(TYPE_DSA, bits)
self.assertEqual(key.type(), TYPE_DSA)
self.assertEqual(key.bits(), bits)示例11: check_success
def check_success(self):
"""
Call the method repeatedly such that it will return a PKey object.
"""
small = xrange(3)
for i in xrange(self.iterations):
key = PKey()
key.generate_key(TYPE_DSA, 256)
for i in small:
cert = X509()
cert.set_pubkey(key)
for i in small:
cert.get_pubkey()示例12: create_session_cert
def create_session_cert(cacert, cakey, cn='localhost', serial=1):
LOG.debug('Creating session certificate')
key = PKey()
key.generate_key(TYPE_RSA, 1024)
cert = X509()
cert.get_subject().CN = cn
cert.set_serial_number(serial)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert.set_issuer(cacert.get_subject())
cert.set_pubkey(key)
cert.sign(cakey, 'sha1')
return cert, key示例13: _gen_ca
def _gen_ca(self,again=False):
# Generate key
#如果证书存在而且不是强制生成,直接返回证书信息
if os.path.exists(self.ca_file_path) and os.path.exists(self.cert_file_path) and not again:
self._read_ca(self.ca_file_path) #读取证书信息
return
self.key = PKey()
self.key.generate_key(TYPE_RSA, 2048)
# Generate certificate
self.cert = X509()
self.cert.set_version(2)
self.cert.set_serial_number(1)
self.cert.get_subject().CN = 'baseproxy'
self.cert.gmtime_adj_notBefore(0)
self.cert.gmtime_adj_notAfter(315360000)
self.cert.set_issuer(self.cert.get_subject())
self.cert.set_pubkey(self.key)
self.cert.add_extensions([
X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:0"),
X509Extension(b"keyUsage", True, b"keyCertSign, cRLSign"),
X509Extension(b"subjectKeyIdentifier", False, b"hash", subject=self.cert),
])
self.cert.sign(self.key, "sha256")
with open(self.ca_file_path, 'wb+') as f:
f.write(dump_privatekey(FILETYPE_PEM, self.key))
f.write(dump_certificate(FILETYPE_PEM, self.cert))
with open(self.cert_file_path, 'wb+') as f:
f.write(dump_certificate(FILETYPE_PEM, self.cert))示例14: makeCertificate
def makeCertificate(**kw):
keypair = PKey()
keypair.generate_key(TYPE_RSA, 512)
certificate = X509()
certificate.gmtime_adj_notBefore(0)
certificate.gmtime_adj_notAfter(60 * 60 * 24 * 365) # One year
for xname in certificate.get_issuer(), certificate.get_subject():
for (k, v) in kw.items():
setattr(xname, k, v)
certificate.set_serial_number(counter())
certificate.set_pubkey(keypair)
certificate.sign(keypair, "md5")
return keypair, certificate示例15: _generate_ca
def _generate_ca(self):
# Generate key
self.key = PKey()
self.key.generate_key(TYPE_RSA, 2048)
# Generate certificate
self.cert = X509()
self.cert.set_version(3)
self.cert.set_serial_number(1)
self.cert.get_subject().CN = 'Namecoin .bit proxy'
self.cert.gmtime_adj_notBefore(0)
self.cert.gmtime_adj_notAfter(315360000)
self.cert.set_issuer(self.cert.get_subject())
self.cert.set_pubkey(self.key)
self.cert.add_extensions([
X509Extension("basicConstraints", True, "CA:TRUE, pathlen:0"),
X509Extension("keyUsage", True, "keyCertSign, cRLSign"),
X509Extension("subjectKeyIdentifier", False, "hash", subject=self.cert),
])
self.cert.sign(self.key, "sha256")
with open(self.ca_file, 'wb+') as f:
f.write(dump_privatekey(self.filetype, self.key))
f.write(dump_certificate(self.filetype, self.cert))
# export for Windows
with open("ca.crt", 'wb+') as f:
f.write(dump_certificate(self.filetype, self.cert))