当前位置: 首页>>代码示例>>Python>>正文


Python crypto.X509Extension方法代码示例

本文整理汇总了Python中OpenSSL.crypto.X509Extension方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.X509Extension方法的具体用法?Python crypto.X509Extension怎么用?Python crypto.X509Extension使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在OpenSSL.crypto的用法示例。


在下文中一共展示了crypto.X509Extension方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: assert_has_extension

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def assert_has_extension(test, credential, name, value):
    """
    Assert that the ``X509Extension`` with the matching name from the
    certificate has the given value.

    :param TestCase test: The current test.
    :param FlockerCredential certificate: Credential whose certificate we
        should inspect.
    :param bytes name: The name of the extension.
    :param bytes value: The data encoded in the extension.

    :raises AssertionError: If the extension is not found or has the wrong
        value.
    """
    expected = X509Extension(name, False, value)
    x509 = credential.certificate.original
    values = []
    for i in range(x509.get_extension_count()):
        extension = x509.get_extension(i)
        if extension.get_short_name() == name:
            values.append(extension.get_data())
    test.assertIn(expected.get_data(), values) 
开发者ID:ClusterHQ,项目名称:flocker,代码行数:24,代码来源:testtools.py

示例2: __init__

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def __init__(self, typename=None, critical=None, value=None,
                 subject=None, issuer=None, _ext=None):
        if _ext is not None:
            ext = _ext
        # The following is necessary due to the nature of the
        # underlying C implementation.
        elif subject is None and issuer is None:
            ext = crypto.X509Extension(typename, critical, value)
        elif subject is not None and issuer is None:
            subject = subject._cert
            ext = crypto.X509Extension(typename, critical, value,
                                       subject=subject)
        elif subject is None and issuer is not None:
            issuer = issuer._cert
            ext = crypto.X509Extension(typename, critical, value,
                                       issuer=issuer)
        elif subject is not None and issuer is not None:
            issuer = issuer._cert
            ext = crypto.X509Extension(typename, critical, value,
                                       subject=subject, issuer=issuer)
        self._ext = ext 
开发者ID:kdart,项目名称:pycopia,代码行数:23,代码来源:certs.py

示例3: user_assertions

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def user_assertions(self, cdir, cert, key, cacert=None):
        '''
        test basic certificate assumptions for a host certificate

        Args:
            cdir (s_certdir.CertDir): certdir object
            cert (crypto.X509): Cert to test
            key (crypto.PKey): Key for the certification
            cacert (crypto.X509): Corresponding CA cert (optional)
        '''
        nextensions = cert.get_extension_count()
        exts = {ext.get_short_name(): ext.get_data() for ext in [cert.get_extension(i) for i in range(nextensions)]}

        nscertext = crypto.X509Extension(b'nsCertType', False, b'client')
        keyuseext = crypto.X509Extension(b'keyUsage', False, b'digitalSignature')
        extkeyuseext = crypto.X509Extension(b'extendedKeyUsage', False, b'clientAuth')
        basicconext = crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE')
        self.eq(exts[b'nsCertType'], nscertext.get_data())
        self.eq(exts[b'keyUsage'], keyuseext.get_data())
        self.eq(exts[b'extendedKeyUsage'], extkeyuseext.get_data())
        self.eq(exts[b'basicConstraints'], basicconext.get_data())
        self.notin(b'subjectAltName', exts) 
开发者ID:vertexproject,项目名称:synapse,代码行数:24,代码来源:test_lib_certdir.py

示例4: host_assertions

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def host_assertions(self, cdir, cert, key, cacert=None):
        '''
        test basic certificate assumptions for a host certificate

        Args:
            cdir (s_certdir.CertDir): certdir object
            cert (crypto.X509): Cert to test
            key (crypto.PKey): Key for the certification
            cacert (crypto.X509): Corresponding CA cert (optional)
        '''
        nextensions = cert.get_extension_count()
        exts = {ext.get_short_name(): ext.get_data() for ext in [cert.get_extension(i) for i in range(nextensions)]}

        nscertext = crypto.X509Extension(b'nsCertType', False, b'server')
        keyuseext = crypto.X509Extension(b'keyUsage', False, b'digitalSignature,keyEncipherment')
        extkeyuseext = crypto.X509Extension(b'extendedKeyUsage', False, b'serverAuth')
        basicconext = crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE')

        self.eq(exts[b'nsCertType'], nscertext.get_data())
        self.eq(exts[b'keyUsage'], keyuseext.get_data())
        self.eq(exts[b'extendedKeyUsage'], extkeyuseext.get_data())
        self.eq(exts[b'basicConstraints'], basicconext.get_data())
        self.isin(b'subjectAltName', exts) 
开发者ID:vertexproject,项目名称:synapse,代码行数:25,代码来源:test_lib_certdir.py

示例5: test_subject_key_identifier

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_subject_key_identifier(self):
        ca = self._create_ca()
        e = ca.x509.get_extension(2)
        self.assertEqual(e.get_short_name().decode(), 'subjectKeyIdentifier')
        self.assertEqual(e.get_critical(), False)
        e2 = crypto.X509Extension(
            b'subjectKeyIdentifier', False, b'hash', subject=ca.x509
        )
        self.assertEqual(e.get_data(), e2.get_data()) 
开发者ID:openwisp,项目名称:django-x509,代码行数:11,代码来源:test_ca.py

示例6: test_authority_key_identifier

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_authority_key_identifier(self):
        ca = self._create_ca()
        e = ca.x509.get_extension(3)
        self.assertEqual(e.get_short_name().decode(), 'authorityKeyIdentifier')
        self.assertEqual(e.get_critical(), False)
        e2 = crypto.X509Extension(
            b'authorityKeyIdentifier',
            False,
            b'keyid:always,issuer:always',
            issuer=ca.x509,
        )
        self.assertEqual(e.get_data(), e2.get_data()) 
开发者ID:openwisp,项目名称:django-x509,代码行数:14,代码来源:test_ca.py

示例7: test_subject_key_identifier

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_subject_key_identifier(self):
        cert = self._create_cert()
        e = cert.x509.get_extension(2)
        self.assertEqual(e.get_short_name().decode(), 'subjectKeyIdentifier')
        self.assertEqual(e.get_critical(), False)
        e2 = crypto.X509Extension(
            b'subjectKeyIdentifier', False, b'hash', subject=cert.x509
        )
        self.assertEqual(e.get_data(), e2.get_data()) 
开发者ID:openwisp,项目名称:django-x509,代码行数:11,代码来源:test_cert.py

示例8: test_authority_key_identifier

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_authority_key_identifier(self):
        cert = self._create_cert()
        e = cert.x509.get_extension(3)
        self.assertEqual(e.get_short_name().decode(), 'authorityKeyIdentifier')
        self.assertEqual(e.get_critical(), False)
        e2 = crypto.X509Extension(
            b'authorityKeyIdentifier',
            False,
            b'keyid:always,issuer:always',
            issuer=cert.ca.x509,
        )
        self.assertEqual(e.get_data(), e2.get_data()) 
开发者ID:openwisp,项目名称:django-x509,代码行数:14,代码来源:test_cert.py

示例9: initialize

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def initialize(cls, output_path, authority, username, begin=None):
        """
        Generate a certificate signed by the supplied root certificate.

        :param FilePath output_path: Directory where the certificate will be
            written.
        :param CertificateAuthority authority: The certificate authority with
            which this certificate will be signed.
        :param unicode username: A UTF-8 encoded username to be included in
            the certificate.
        :param datetime begin: The datetime from which the generated
            certificate should be valid.
        """
        key_filename = username + u".key"
        cert_filename = username + u".crt"
        # The common name for the node certificate.
        name = u"user-" + username
        # The organizational unit is set to the common name of the
        # authority, which in our case is a byte string identifying
        # the cluster.
        organizational_unit = authority.organizational_unit
        dn = DistinguishedName(
            commonName=name, organizationalUnitName=organizational_unit
        )
        keypair = flocker_keypair()
        request = keypair.keypair.requestObject(dn)
        serial = os.urandom(16).encode(b"hex")
        serial = int(serial, 16)
        cert = sign_certificate_request(
            authority.credential.keypair.keypair,
            authority.credential.certificate.original.get_subject(), request,
            serial, EXPIRY_20_YEARS, b'sha256', start=begin,
            additional_extensions=[crypto.X509Extension(
                b"extendedKeyUsage", False, b"clientAuth")])
        credential = FlockerCredential(
            path=output_path, keypair=keypair, certificate=cert
        )
        credential.write_credential_files(key_filename, cert_filename)
        instance = cls(credential=credential, username=username)
        return instance 
开发者ID:ClusterHQ,项目名称:flocker,代码行数:42,代码来源:_ca.py

示例10: __init__

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def __init__(self):
        # CA key
        key = crypto.PKey()
        key.generate_key(crypto.TYPE_RSA, 2048)

        # CA cert
        cert = crypto.X509()
        cert.set_serial_number(self.__next_serial)
        cert.set_version(2)
        cert.set_pubkey(key)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(10*365*24*60*60)

        cacert_subject = cert.get_subject()
        cacert_subject.O = 'kOVHernetes'
        cacert_subject.OU = 'kOVHernetes Certificate Authority'
        cacert_subject.CN = 'kOVHernetes Root CA'
        cert.set_issuer(cacert_subject)

        cert.add_extensions((crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert),))
        cacert_ext = []
        cacert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', True, b'keyid:always,issuer', issuer=cert))
        cacert_ext.append(crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE'))
        cacert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, cRLSign, keyCertSign'))
        cert.add_extensions(cacert_ext)

        # sign CA cert with CA key
        cert.sign(key, 'sha256')

        type(self).__next_serial += 1

        self.cert = cert
        self.key = key 
开发者ID:antoineco,项目名称:kOVHernetes,代码行数:35,代码来源:ca.py

示例11: create_client_cert

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_client_cert(self, key, o, cn):
        """Issue a X.509 client certificate"""

        cert = crypto.X509()
        cert.set_serial_number(self.__next_serial)
        cert.set_version(2)
        cert.set_pubkey(key)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(365*24*60*60)

        cert_subject = cert.get_subject()
        cert_subject.O = o
        cert_subject.OU = 'kOVHernetes'
        cert_subject.CN = cn
        cert.set_issuer(self.cert.get_issuer())

        cert_ext = []
        cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
        cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer', issuer=self.cert))
        cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
        cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'nonRepudiation, digitalSignature, keyEncipherment'))
        cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'clientAuth'))
        cert.add_extensions(cert_ext)

        # sign cert with CA key
        cert.sign(self.key, 'sha256')

        type(self).__next_serial += 1

        return cert 
开发者ID:antoineco,项目名称:kOVHernetes,代码行数:32,代码来源:ca.py

示例12: create_server_cert

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_server_cert(self, key, o, cn, san=[]):
        """Issue a X.509 server certificate"""

        cert = crypto.X509()
        cert.set_serial_number(self.__next_serial)
        cert.set_version(2)
        cert.set_pubkey(key)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(365*24*60*60)

        cert_subject = cert.get_subject()
        cert_subject.O = o
        cert_subject.OU = 'kOVHernetes'
        cert_subject.CN = cn
        cert.set_issuer(self.cert.get_issuer())

        cert_ext = []
        cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
        cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer:always', issuer=self.cert))
        cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
        cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyEncipherment'))
        cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth'))
        if san:
            cert_ext.append(crypto.X509Extension(b'subjectAltName', False, ','.join(san).encode()))
        cert.add_extensions(cert_ext)

        # sign cert with CA key
        cert.sign(self.key, 'sha256')

        type(self).__next_serial += 1

        return cert 
开发者ID:antoineco,项目名称:kOVHernetes,代码行数:34,代码来源:ca.py

示例13: create_client_pair

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_client_pair(self, o, cn):
        """Issue a X.509 client key/certificate pair"""

        # key
        key = crypto.PKey()
        key.generate_key(crypto.TYPE_RSA, 2048)

        # cert
        cert = crypto.X509()
        cert.set_serial_number(self.__next_serial)
        cert.set_version(2)
        cert.set_pubkey(key)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(365*24*60*60)

        cert_subject = cert.get_subject()
        cert_subject.O = o
        cert_subject.OU = 'kOVHernetes'
        cert_subject.CN = cn
        cert.set_issuer(self.cert.get_issuer())

        cert_ext = []
        cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
        cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer', issuer=self.cert))
        cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
        cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'nonRepudiation, digitalSignature, keyEncipherment'))
        cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'clientAuth'))
        cert.add_extensions(cert_ext)

        # sign cert with CA key
        cert.sign(self.key, 'sha256')

        type(self).__next_serial += 1

        return key, cert 
开发者ID:antoineco,项目名称:kOVHernetes,代码行数:37,代码来源:ca.py

示例14: create_server_pair

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_server_pair(self, o, cn, san=[]):
        """Issue a X.509 server key/certificate pair"""

        # key
        key = crypto.PKey()
        key.generate_key(crypto.TYPE_RSA, 2048)

        # cert
        cert = crypto.X509()
        cert.set_serial_number(self.__next_serial)
        cert.set_version(2)
        cert.set_pubkey(key)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(365*24*60*60)

        cert_subject = cert.get_subject()
        cert_subject.O = o
        cert_subject.OU = 'kOVHernetes'
        cert_subject.CN = cn
        cert.set_issuer(self.cert.get_issuer())

        cert_ext = []
        cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
        cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer:always', issuer=self.cert))
        cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
        cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyEncipherment'))
        cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth'))
        if san: cert_ext.append(crypto.X509Extension(b'subjectAltName', False, ','.join(san).encode()))
        cert.add_extensions(cert_ext)

        # sign cert with CA key
        cert.sign(self.key, 'sha256')

        type(self).__next_serial += 1

        return key, cert 
开发者ID:antoineco,项目名称:kOVHernetes,代码行数:38,代码来源:ca.py

示例15: generate

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def generate(self, module):
        '''Generate the certificate signing request.'''

        if not os.path.exists(self.path) or self.force:
            req = crypto.X509Req()
            req.set_version(self.version)
            subject = req.get_subject()
            for (key, value) in self.subject.items():
                if value is not None:
                    setattr(subject, key, value)

            if self.subjectAltName is not None:
                req.add_extensions([crypto.X509Extension(
                    b"subjectAltName", False,
                    self.subjectAltName.encode('ascii'))])

            privatekey_content = open(self.privatekey_path).read()
            self.privatekey = crypto.load_privatekey(
                crypto.FILETYPE_PEM, privatekey_content)

            req.set_pubkey(self.privatekey)
            req.sign(self.privatekey, self.digest)
            self.request = req

            try:
                csr_file = open(self.path, 'wb')
                csr_file.write(crypto.dump_certificate_request(
                    crypto.FILETYPE_PEM, self.request))
                csr_file.close()
            except (IOError, OSError) as exc:
                raise CertificateSigningRequestError(exc)
        else:
            self.changed = False

        file_args = module.load_file_common_arguments(module.params)
        if module.set_fs_attributes_if_different(file_args, False):
            self.changed = True 
开发者ID:mrlesmithjr,项目名称:ansible-nginx-load-balancer,代码行数:39,代码来源:openssl_csr.py


注:本文中的OpenSSL.crypto.X509Extension方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。