本文整理汇总了Python中OpenSSL.crypto.X509Extension方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.X509Extension方法的具体用法?Python crypto.X509Extension怎么用?Python crypto.X509Extension使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.crypto
的用法示例。
在下文中一共展示了crypto.X509Extension方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: assert_has_extension
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def assert_has_extension(test, credential, name, value):
"""
Assert that the ``X509Extension`` with the matching name from the
certificate has the given value.
:param TestCase test: The current test.
:param FlockerCredential certificate: Credential whose certificate we
should inspect.
:param bytes name: The name of the extension.
:param bytes value: The data encoded in the extension.
:raises AssertionError: If the extension is not found or has the wrong
value.
"""
expected = X509Extension(name, False, value)
x509 = credential.certificate.original
values = []
for i in range(x509.get_extension_count()):
extension = x509.get_extension(i)
if extension.get_short_name() == name:
values.append(extension.get_data())
test.assertIn(expected.get_data(), values)
示例2: __init__
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def __init__(self, typename=None, critical=None, value=None,
subject=None, issuer=None, _ext=None):
if _ext is not None:
ext = _ext
# The following is necessary due to the nature of the
# underlying C implementation.
elif subject is None and issuer is None:
ext = crypto.X509Extension(typename, critical, value)
elif subject is not None and issuer is None:
subject = subject._cert
ext = crypto.X509Extension(typename, critical, value,
subject=subject)
elif subject is None and issuer is not None:
issuer = issuer._cert
ext = crypto.X509Extension(typename, critical, value,
issuer=issuer)
elif subject is not None and issuer is not None:
issuer = issuer._cert
ext = crypto.X509Extension(typename, critical, value,
subject=subject, issuer=issuer)
self._ext = ext
示例3: user_assertions
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def user_assertions(self, cdir, cert, key, cacert=None):
'''
test basic certificate assumptions for a host certificate
Args:
cdir (s_certdir.CertDir): certdir object
cert (crypto.X509): Cert to test
key (crypto.PKey): Key for the certification
cacert (crypto.X509): Corresponding CA cert (optional)
'''
nextensions = cert.get_extension_count()
exts = {ext.get_short_name(): ext.get_data() for ext in [cert.get_extension(i) for i in range(nextensions)]}
nscertext = crypto.X509Extension(b'nsCertType', False, b'client')
keyuseext = crypto.X509Extension(b'keyUsage', False, b'digitalSignature')
extkeyuseext = crypto.X509Extension(b'extendedKeyUsage', False, b'clientAuth')
basicconext = crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE')
self.eq(exts[b'nsCertType'], nscertext.get_data())
self.eq(exts[b'keyUsage'], keyuseext.get_data())
self.eq(exts[b'extendedKeyUsage'], extkeyuseext.get_data())
self.eq(exts[b'basicConstraints'], basicconext.get_data())
self.notin(b'subjectAltName', exts)
示例4: host_assertions
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def host_assertions(self, cdir, cert, key, cacert=None):
'''
test basic certificate assumptions for a host certificate
Args:
cdir (s_certdir.CertDir): certdir object
cert (crypto.X509): Cert to test
key (crypto.PKey): Key for the certification
cacert (crypto.X509): Corresponding CA cert (optional)
'''
nextensions = cert.get_extension_count()
exts = {ext.get_short_name(): ext.get_data() for ext in [cert.get_extension(i) for i in range(nextensions)]}
nscertext = crypto.X509Extension(b'nsCertType', False, b'server')
keyuseext = crypto.X509Extension(b'keyUsage', False, b'digitalSignature,keyEncipherment')
extkeyuseext = crypto.X509Extension(b'extendedKeyUsage', False, b'serverAuth')
basicconext = crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE')
self.eq(exts[b'nsCertType'], nscertext.get_data())
self.eq(exts[b'keyUsage'], keyuseext.get_data())
self.eq(exts[b'extendedKeyUsage'], extkeyuseext.get_data())
self.eq(exts[b'basicConstraints'], basicconext.get_data())
self.isin(b'subjectAltName', exts)
示例5: test_subject_key_identifier
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_subject_key_identifier(self):
ca = self._create_ca()
e = ca.x509.get_extension(2)
self.assertEqual(e.get_short_name().decode(), 'subjectKeyIdentifier')
self.assertEqual(e.get_critical(), False)
e2 = crypto.X509Extension(
b'subjectKeyIdentifier', False, b'hash', subject=ca.x509
)
self.assertEqual(e.get_data(), e2.get_data())
示例6: test_authority_key_identifier
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_authority_key_identifier(self):
ca = self._create_ca()
e = ca.x509.get_extension(3)
self.assertEqual(e.get_short_name().decode(), 'authorityKeyIdentifier')
self.assertEqual(e.get_critical(), False)
e2 = crypto.X509Extension(
b'authorityKeyIdentifier',
False,
b'keyid:always,issuer:always',
issuer=ca.x509,
)
self.assertEqual(e.get_data(), e2.get_data())
示例7: test_subject_key_identifier
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_subject_key_identifier(self):
cert = self._create_cert()
e = cert.x509.get_extension(2)
self.assertEqual(e.get_short_name().decode(), 'subjectKeyIdentifier')
self.assertEqual(e.get_critical(), False)
e2 = crypto.X509Extension(
b'subjectKeyIdentifier', False, b'hash', subject=cert.x509
)
self.assertEqual(e.get_data(), e2.get_data())
示例8: test_authority_key_identifier
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def test_authority_key_identifier(self):
cert = self._create_cert()
e = cert.x509.get_extension(3)
self.assertEqual(e.get_short_name().decode(), 'authorityKeyIdentifier')
self.assertEqual(e.get_critical(), False)
e2 = crypto.X509Extension(
b'authorityKeyIdentifier',
False,
b'keyid:always,issuer:always',
issuer=cert.ca.x509,
)
self.assertEqual(e.get_data(), e2.get_data())
示例9: initialize
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def initialize(cls, output_path, authority, username, begin=None):
"""
Generate a certificate signed by the supplied root certificate.
:param FilePath output_path: Directory where the certificate will be
written.
:param CertificateAuthority authority: The certificate authority with
which this certificate will be signed.
:param unicode username: A UTF-8 encoded username to be included in
the certificate.
:param datetime begin: The datetime from which the generated
certificate should be valid.
"""
key_filename = username + u".key"
cert_filename = username + u".crt"
# The common name for the node certificate.
name = u"user-" + username
# The organizational unit is set to the common name of the
# authority, which in our case is a byte string identifying
# the cluster.
organizational_unit = authority.organizational_unit
dn = DistinguishedName(
commonName=name, organizationalUnitName=organizational_unit
)
keypair = flocker_keypair()
request = keypair.keypair.requestObject(dn)
serial = os.urandom(16).encode(b"hex")
serial = int(serial, 16)
cert = sign_certificate_request(
authority.credential.keypair.keypair,
authority.credential.certificate.original.get_subject(), request,
serial, EXPIRY_20_YEARS, b'sha256', start=begin,
additional_extensions=[crypto.X509Extension(
b"extendedKeyUsage", False, b"clientAuth")])
credential = FlockerCredential(
path=output_path, keypair=keypair, certificate=cert
)
credential.write_credential_files(key_filename, cert_filename)
instance = cls(credential=credential, username=username)
return instance
示例10: __init__
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def __init__(self):
# CA key
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# CA cert
cert = crypto.X509()
cert.set_serial_number(self.__next_serial)
cert.set_version(2)
cert.set_pubkey(key)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cacert_subject = cert.get_subject()
cacert_subject.O = 'kOVHernetes'
cacert_subject.OU = 'kOVHernetes Certificate Authority'
cacert_subject.CN = 'kOVHernetes Root CA'
cert.set_issuer(cacert_subject)
cert.add_extensions((crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert),))
cacert_ext = []
cacert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', True, b'keyid:always,issuer', issuer=cert))
cacert_ext.append(crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE'))
cacert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, cRLSign, keyCertSign'))
cert.add_extensions(cacert_ext)
# sign CA cert with CA key
cert.sign(key, 'sha256')
type(self).__next_serial += 1
self.cert = cert
self.key = key
示例11: create_client_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_client_cert(self, key, o, cn):
"""Issue a X.509 client certificate"""
cert = crypto.X509()
cert.set_serial_number(self.__next_serial)
cert.set_version(2)
cert.set_pubkey(key)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert_subject = cert.get_subject()
cert_subject.O = o
cert_subject.OU = 'kOVHernetes'
cert_subject.CN = cn
cert.set_issuer(self.cert.get_issuer())
cert_ext = []
cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer', issuer=self.cert))
cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'nonRepudiation, digitalSignature, keyEncipherment'))
cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'clientAuth'))
cert.add_extensions(cert_ext)
# sign cert with CA key
cert.sign(self.key, 'sha256')
type(self).__next_serial += 1
return cert
示例12: create_server_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_server_cert(self, key, o, cn, san=[]):
"""Issue a X.509 server certificate"""
cert = crypto.X509()
cert.set_serial_number(self.__next_serial)
cert.set_version(2)
cert.set_pubkey(key)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert_subject = cert.get_subject()
cert_subject.O = o
cert_subject.OU = 'kOVHernetes'
cert_subject.CN = cn
cert.set_issuer(self.cert.get_issuer())
cert_ext = []
cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer:always', issuer=self.cert))
cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyEncipherment'))
cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth'))
if san:
cert_ext.append(crypto.X509Extension(b'subjectAltName', False, ','.join(san).encode()))
cert.add_extensions(cert_ext)
# sign cert with CA key
cert.sign(self.key, 'sha256')
type(self).__next_serial += 1
return cert
示例13: create_client_pair
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_client_pair(self, o, cn):
"""Issue a X.509 client key/certificate pair"""
# key
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# cert
cert = crypto.X509()
cert.set_serial_number(self.__next_serial)
cert.set_version(2)
cert.set_pubkey(key)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert_subject = cert.get_subject()
cert_subject.O = o
cert_subject.OU = 'kOVHernetes'
cert_subject.CN = cn
cert.set_issuer(self.cert.get_issuer())
cert_ext = []
cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer', issuer=self.cert))
cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'nonRepudiation, digitalSignature, keyEncipherment'))
cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'clientAuth'))
cert.add_extensions(cert_ext)
# sign cert with CA key
cert.sign(self.key, 'sha256')
type(self).__next_serial += 1
return key, cert
示例14: create_server_pair
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def create_server_pair(self, o, cn, san=[]):
"""Issue a X.509 server key/certificate pair"""
# key
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# cert
cert = crypto.X509()
cert.set_serial_number(self.__next_serial)
cert.set_version(2)
cert.set_pubkey(key)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert_subject = cert.get_subject()
cert_subject.O = o
cert_subject.OU = 'kOVHernetes'
cert_subject.CN = cn
cert.set_issuer(self.cert.get_issuer())
cert_ext = []
cert_ext.append(crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', cert))
cert_ext.append(crypto.X509Extension(b'authorityKeyIdentifier', False, b'keyid,issuer:always', issuer=self.cert))
cert_ext.append(crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'))
cert_ext.append(crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyEncipherment'))
cert_ext.append(crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth'))
if san: cert_ext.append(crypto.X509Extension(b'subjectAltName', False, ','.join(san).encode()))
cert.add_extensions(cert_ext)
# sign cert with CA key
cert.sign(self.key, 'sha256')
type(self).__next_serial += 1
return key, cert
示例15: generate
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Extension [as 别名]
def generate(self, module):
'''Generate the certificate signing request.'''
if not os.path.exists(self.path) or self.force:
req = crypto.X509Req()
req.set_version(self.version)
subject = req.get_subject()
for (key, value) in self.subject.items():
if value is not None:
setattr(subject, key, value)
if self.subjectAltName is not None:
req.add_extensions([crypto.X509Extension(
b"subjectAltName", False,
self.subjectAltName.encode('ascii'))])
privatekey_content = open(self.privatekey_path).read()
self.privatekey = crypto.load_privatekey(
crypto.FILETYPE_PEM, privatekey_content)
req.set_pubkey(self.privatekey)
req.sign(self.privatekey, self.digest)
self.request = req
try:
csr_file = open(self.path, 'wb')
csr_file.write(crypto.dump_certificate_request(
crypto.FILETYPE_PEM, self.request))
csr_file.close()
except (IOError, OSError) as exc:
raise CertificateSigningRequestError(exc)
else:
self.changed = False
file_args = module.load_file_common_arguments(module.params)
if module.set_fs_attributes_if_different(file_args, False):
self.changed = True