本文整理汇总了Python中sfa.trust.certificate.Certificate.save_to_string方法的典型用法代码示例。如果您正苦于以下问题:Python Certificate.save_to_string方法的具体用法?Python Certificate.save_to_string怎么用?Python Certificate.save_to_string使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sfa.trust.certificate.Certificate的用法示例。
在下文中一共展示了Certificate.save_to_string方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: testLongExtension
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
def testLongExtension(self):
cert = Certificate(subject="test")
# should produce something around 256 KB
veryLongString = "URI:http://"
shortString = ""
for i in range(1, 80):
shortString = shortString + "abcdefghijklmnopqrstuvwxyz012345"
for i in range(1, 100):
veryLongString = veryLongString + shortString + str(i)
cert.add_extension("subjectAltName", 0, veryLongString)
# create an issuer and sign the certificate
issuerKey = Keypair(create=True)
issuerSubject = "testissuer"
cert.set_issuer(issuerKey, issuerSubject)
cert.sign()
certstr = cert.save_to_string()
cert2 = Certificate()
cert2.load_from_string(certstr)
val = cert2.get_extension("subjectAltName")
self.assertEqual(val, veryLongString)示例2: testSaveAndLoadString
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
def testSaveAndLoadString(self):
cert = Certificate(subject="test")
cert.add_extension("subjectAltName", 0, "URI:http://foovalue")
# create an issuer and sign the certificate
issuerKey = Keypair(create=True)
issuerSubject = "testissuer"
cert.set_issuer(issuerKey, issuerSubject)
cert.sign()
certstr = cert.save_to_string()
#print certstr
cert2 = Certificate()
cert2.load_from_string(certstr)
# read back the subject and make sure it is correct
subj = cert2.get_subject()
self.assertEqual(subj, "test")
# read back the issuer and make sure it is correct
issuerName = cert2.get_issuer()
self.assertEqual(issuerName, "testissuer")
# read back the extension and make sure it is correct
self.assertEqual(cert2.get_extension("subjectAltName"),
"URI:http://foovalue")示例3: testVerify
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
def testVerify(self):
cert = Certificate(subject="test")
# create an issuer and sign the certificate
issuerKey = Keypair(create=True)
issuerSubject = "testissuer"
cert.set_issuer(issuerKey, issuerSubject)
cert.sign()
result = cert.verify(issuerKey)
self.assert_(result)
# create another key
issuerKey2 = Keypair(create=True)
issuerSubject2 = "wrongissuer"
# and make sure it doesn't verify
result = cert.verify(issuerKey2)
self.assert_(not result)
# load the cert from a string, and verify again
cert2 = Certificate(string = cert.save_to_string())
result = cert2.verify(issuerKey)
self.assert_(result)
result = cert2.verify(issuerKey2)
self.assert_(not result)示例4: test_parents
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
def test_parents(self):
cert_root = Certificate(subject="root")
key_root = Keypair(create=True)
cert_root.set_pubkey(key_root)
cert_root.set_issuer(key_root, "root")
cert_root.sign()
cert1 = Certificate(subject="one")
key1 = Keypair(create=True)
cert1.set_pubkey(key1)
cert1.set_issuer(key_root, "root")
cert1.sign()
cert2 = Certificate(subject="two")
key2 = Keypair(create=True)
cert2.set_pubkey(key2)
cert2.set_issuer(key1, cert=cert1)
cert2.set_parent(cert1)
cert2.sign()
cert3 = Certificate(subject="three")
key3 = Keypair(create=True)
cert3.set_pubkey(key3)
cert3.set_issuer(key2, cert=cert2)
cert3.set_parent(cert2)
cert3.sign()
self.assert_(cert1.verify(key_root))
self.assert_(cert2.is_signed_by_cert(cert1))
self.assert_(cert3.is_signed_by_cert(cert2))
cert3.verify_chain([cert_root])
# now save the chain to a string and load it into a new certificate
str_chain = cert3.save_to_string(save_parents=True)
cert4 = Certificate(string = str_chain)
# verify the newly loaded chain still verifies
cert4.verify_chain([cert_root])
# verify the parentage
self.assertEqual(cert4.get_parent().get_subject(), "two")
self.assertEqual(cert4.get_parent().get_parent().get_subject(), "one")示例5: GetCredential
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
def GetCredential(registry=None, force=False, verbose=False):
config = Config()
hierarchy = Hierarchy()
key_dir= hierarchy.basedir
data_dir = config.data_path
config_dir = config.config_path
credfile = data_dir + os.sep + 'node.cred'
# check for existing credential
if not force and os.path.exists(credfile):
if verbose:
print "Loading Credential from %(credfile)s " % locals()
cred = Credential(filename=credfile).save_to_string(save_parents=True)
else:
if verbose:
print "Getting credential from registry"
# make sure node private key exists
node_pkey_file = config_dir + os.sep + "node.key"
node_gid_file = config_dir + os.sep + "node.gid"
if not os.path.exists(node_pkey_file) or \
not os.path.exists(node_gid_file):
get_node_key(registry=registry, verbose=verbose)
gid = GID(filename=node_gid_file)
hrn = gid.get_hrn()
# create server key and certificate
keyfile =data_dir + os.sep + "server.key"
certfile = data_dir + os.sep + "server.cert"
key = Keypair(filename=node_pkey_file)
key.save_to_file(keyfile)
create_server_keypair(keyfile, certfile, hrn, verbose)
# get credential from registry
registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
cert = Certificate(filename=certfile)
cert_str = cert.save_to_string(save_parents=True)
cred = registry.GetSelfCredential(cert_str, 'node', hrn)
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred示例6: SfaApi
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
class SfaApi (XmlrpcApi):
"""
An SfaApi instance is a basic xmlrcp service
augmented with the local cryptographic material and hrn
It also has the notion of its own interface (a string describing
whether we run a registry, aggregate or slicemgr) and has
the notion of neighbour sfa services as defined
in /etc/sfa/{aggregates,registries}.xml
Finally it contains a cache instance
It gets augmented by the generic layer with
(*) an instance of manager (actually a manager module for now)
beware that this is shared among all instances of api
(*) an instance of a testbed driver
"""
def __init__ (self, encoding="utf-8", methods='sfa.methods',
config = "/etc/sfa/sfa_config",
peer_cert = None, interface = None,
key_file = None, cert_file = None, cache = None):
XmlrpcApi.__init__ (self, encoding)
# we may be just be documenting the API
if config is None:
return
# Load configuration
self.config = Config(config)
self.credential = None
self.auth = Auth(peer_cert)
self.interface = interface
self.hrn = self.config.SFA_INTERFACE_HRN
self.key_file = key_file
self.key = Keypair(filename=self.key_file)
self.cert_file = cert_file
self.cert = Certificate(filename=self.cert_file)
self.cache = cache
if self.cache is None:
self.cache = Cache()
# load registries
from sfa.server.registry import Registries
self.registries = Registries()
# load aggregates
from sfa.server.aggregate import Aggregates
self.aggregates = Aggregates()
# filled later on by generic/Generic
self.manager=None
self._dbsession=None
def server_proxy(self, interface, cred, timeout=30):
"""
Returns a connection to the specified interface. Use the specified
credential to determine the caller and look for the caller's key/cert
in the registry hierarchy cache.
"""
from sfa.trust.hierarchy import Hierarchy
if not isinstance(cred, Credential):
cred_obj = Credential(string=cred)
else:
cred_obj = cred
caller_gid = cred_obj.get_gid_caller()
hierarchy = Hierarchy()
auth_info = hierarchy.get_auth_info(caller_gid.get_hrn())
key_file = auth_info.get_privkey_filename()
cert_file = auth_info.get_gid_filename()
server = interface.server_proxy(key_file, cert_file, timeout)
return server
def dbsession(self):
if self._dbsession is None:
self._dbsession=alchemy.session()
return self._dbsession
def close_dbsession(self):
if self._dbsession is None: return
alchemy.close_session(self._dbsession)
self._dbsession=None
def getCredential(self, minimumExpiration=0):
"""
Return a valid credential for this interface.
"""
type = 'authority'
path = self.config.SFA_DATA_DIR
filename = ".".join([self.interface, self.hrn, type, "cred"])
cred_filename = os.path.join(path,filename)
cred = None
if os.path.isfile(cred_filename):
cred = Credential(filename = cred_filename)
# make sure cred isnt expired
if not cred.get_expiration or \
datetime.datetime.utcnow() + datetime.timedelta(seconds=minimumExpiration) < cred.get_expiration():
return cred.save_to_string(save_parents=True)
# get a new credential
#.........这里部分代码省略.........
示例7: SfaAPI
# 需要导入模块: from sfa.trust.certificate import Certificate [as 别名]
# 或者: from sfa.trust.certificate.Certificate import save_to_string [as 别名]
class SfaAPI(BaseAPI):
# flat list of method names
import sfa.methods
methods = sfa.methods.all
def __init__(self, config = "/etc/sfa/sfa_config.py", encoding = "utf-8",
methods='sfa.methods', peer_cert = None, interface = None,
key_file = None, cert_file = None, cache = None):
BaseAPI.__init__(self, config=config, encoding=encoding, methods=methods, \
peer_cert=peer_cert, interface=interface, key_file=key_file, \
cert_file=cert_file, cache=cache)
self.encoding = encoding
from sfa.util.table import SfaTable
self.SfaTable = SfaTable
# Better just be documenting the API
if config is None:
return
# Load configuration
self.config = Config(config)
self.auth = Auth(peer_cert)
self.interface = interface
self.key_file = key_file
self.key = Keypair(filename=self.key_file)
self.cert_file = cert_file
self.cert = Certificate(filename=self.cert_file)
self.credential = None
# Initialize the PLC shell only if SFA wraps a myPLC
rspec_type = self.config.get_aggregate_type()
if (rspec_type == 'pl' or rspec_type == 'vini' or \
rspec_type == 'eucalyptus' or rspec_type == 'max'):
self.plshell = self.getPLCShell()
self.plshell_version = "4.3"
self.hrn = self.config.SFA_INTERFACE_HRN
self.time_format = "%Y-%m-%d %H:%M:%S"
def getPLCShell(self):
self.plauth = {'Username': self.config.SFA_PLC_USER,
'AuthMethod': 'password',
'AuthString': self.config.SFA_PLC_PASSWORD}
# The native shell (PLC.Shell.Shell) is more efficient than xmlrpc,
# but it leaves idle db connections open. use xmlrpc until we can figure
# out why PLC.Shell.Shell doesn't close db connection properly
#try:
# sys.path.append(os.path.dirname(os.path.realpath("/usr/bin/plcsh")))
# self.plshell_type = 'direct'
# import PLC.Shell
# shell = PLC.Shell.Shell(globals = globals())
#except:
self.plshell_type = 'xmlrpc'
url = self.config.SFA_PLC_URL
shell = xmlrpclib.Server(url, verbose = 0, allow_none = True)
return shell
def get_server(self, interface, cred, timeout=30):
"""
Returns a connection to the specified interface. Use the specified
credential to determine the caller and look for the caller's key/cert
in the registry hierarchy cache.
"""
from sfa.trust.hierarchy import Hierarchy
if not isinstance(cred, Credential):
cred_obj = Credential(string=cred)
else:
cred_obj = cred
caller_gid = cred_obj.get_gid_caller()
hierarchy = Hierarchy()
auth_info = hierarchy.get_auth_info(caller_gid.get_hrn())
key_file = auth_info.get_privkey_filename()
cert_file = auth_info.get_gid_filename()
server = interface.get_server(key_file, cert_file, timeout)
return server
def getCredential(self):
"""
Return a valid credential for this interface.
"""
type = 'authority'
path = self.config.SFA_DATA_DIR
filename = ".".join([self.interface, self.hrn, type, "cred"])
cred_filename = path + os.sep + filename
cred = None
if os.path.isfile(cred_filename):
cred = Credential(filename = cred_filename)
# make sure cred isnt expired
if not cred.get_expiration or \
datetime.datetime.utcnow() < cred.get_expiration():
return cred.save_to_string(save_parents=True)
# get a new credential
if self.interface in ['registry']:
cred = self.__getCredentialRaw()
else:
#.........这里部分代码省略.........