当前位置: 首页>>代码示例>>Python>>正文


Python crypto.X509Store方法代码示例

本文整理汇总了Python中OpenSSL.crypto.X509Store方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.X509Store方法的具体用法?Python crypto.X509Store怎么用?Python crypto.X509Store使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在OpenSSL.crypto的用法示例。


在下文中一共展示了crypto.X509Store方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _is_trusted_x509_attestation_cert

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def _is_trusted_x509_attestation_cert(trust_path, trust_anchors):
    if not trust_path or not isinstance(trust_path, list) or not trust_anchors or not isinstance(trust_anchors, list):
        return False

    attestation_cert = trust_path[0]
    store = crypto.X509Store()
    for i in trust_anchors:
        store.add_cert(i)
    store_ctx = crypto.X509StoreContext(store, attestation_cert)

    try:
        store_ctx.verify_certificate()
        return True
    except Exception as e:
        log.info('Unable to verify certificate: {}'.format(e))

    return False 
开发者ID:privacyidea,项目名称:privacyidea,代码行数:19,代码来源:webauthn.py

示例2: _verify_ca

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def _verify_ca(self):
        """
        (internal use only)
        verifies the current x509 is signed
        by the associated CA
        """
        store = crypto.X509Store()
        store.add_cert(self.ca.x509)
        store_ctx = crypto.X509StoreContext(store, self.x509)
        try:
            store_ctx.verify_certificate()
        except crypto.X509StoreContextError as e:
            raise ValidationError(
                _("CA doesn't match, got the " 'following error from pyOpenSSL: "%s"')
                % e.args[0][2]
            ) 
开发者ID:openwisp,项目名称:django-x509,代码行数:18,代码来源:models.py

示例3: assertSignature

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def assertSignature(self, chain, cert):
        # see: http://stackoverflow.com/questions/30700348
        store = X509Store()

        # set the time of the OpenSSL context - freezegun doesn't work, because timestamp comes from OpenSSL
        now = datetime.utcnow()
        store.set_time(now)

        for elem in chain:
            ca = load_certificate(FILETYPE_PEM, elem.dump_certificate())
            store.add_cert(ca)

            # Verify that the CA itself is valid
            store_ctx = X509StoreContext(store, ca)
            self.assertIsNone(store_ctx.verify_certificate())

        cert = load_certificate(FILETYPE_PEM, cert.dump_certificate())
        store_ctx = X509StoreContext(store, cert)
        self.assertIsNone(store_ctx.verify_certificate()) 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:21,代码来源:base.py

示例4: verify_certificate

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def verify_certificate(self, crt=None, cacrt=None):
        try:
            cert = load_certificate(FILETYPE_PEM, crt)
            intermediate_cert = load_certificate(FILETYPE_PEM, cacrt)
            validation_cert = load_certificate(FILETYPE_PEM, cacrt)
            store = X509Store()
            store.add_cert(intermediate_cert)
            store.add_cert(cert)
            store_ctx = X509StoreContext(store, validation_cert)
            if(store_ctx.verify_certificate() == None):
                print "Certificate verification Passed on Client side"
                return True
            else:
                raise Exception("Certificate Verification Failed on Client side")
        except Exception as e:
            raise Exception("Certificate Validation Failed on Client side", e) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:18,代码来源:sgx.py

示例5: verify_certificate

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def verify_certificate(self, crt=None, cacrt=None):
        try:
            cert = load_certificate(FILETYPE_PEM, crt)
            intermediate_cert = load_certificate(FILETYPE_PEM, cacrt)
            validation_cert = load_certificate(FILETYPE_PEM, cacrt)
            store = X509Store()
            store.add_cert(intermediate_cert)
            store.add_cert(cert)
            store_ctx = X509StoreContext(store, validation_cert)
            if(store_ctx.verify_certificate() == None):
                LOG.info("Certificate verification Passed on Server side")
                return True
            else:
                raise Exception("Certificate Verification Failed on Server side")
        except Exception as e:
            LOG.error(str(e))
            raise Exception("Certificate Validation Failed on Server side", e) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:19,代码来源:sgx.py

示例6: _is_trusted_attestation_cert

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def _is_trusted_attestation_cert(trust_path, trust_anchors):
    if not trust_path or not isinstance(trust_path, list):
        return False
    # NOTE: Only using the first attestation cert in the
    #       attestation trust path for now, but should be
    #       able to build a chain.
    attestation_cert = trust_path[0]
    store = crypto.X509Store()
    for _ta in trust_anchors:
        store.add_cert(_ta)
    store_ctx = crypto.X509StoreContext(store, attestation_cert)

    try:
        store_ctx.verify_certificate()
        return True
    except Exception as e:
        print('Unable to verify certificate: {}.'.format(e), file=sys.stderr)

    return False 
开发者ID:duo-labs,项目名称:py_webauthn,代码行数:21,代码来源:webauthn.py

示例7: verify_trust_chain

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def verify_trust_chain(certificate, ca):
		cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
		store = crypto.X509Store()
		store_ctx = crypto.X509StoreContext(store, cert)
		result = store_ctx.verify_certificate() 
开发者ID:BishopFox,项目名称:IDontSpeakSSL,代码行数:7,代码来源:certificate_checker.py

示例8: test_get_cert_store

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def test_get_cert_store(self):
        """
        :py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.
        """
        context = Context(TLSv1_METHOD)
        store = context.get_cert_store()
        self.assertIsInstance(store, X509Store) 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:9,代码来源:test_ssl.py

示例9: test_new

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def test_new(self):
        cert = self._create_cert()
        self.assertNotEqual(cert.certificate, '')
        self.assertNotEqual(cert.private_key, '')
        x509 = cert.x509
        self.assertEqual(x509.get_serial_number(), cert.serial_number)
        subject = x509.get_subject()
        # check subject
        self.assertEqual(subject.countryName, cert.country_code)
        self.assertEqual(subject.stateOrProvinceName, cert.state)
        self.assertEqual(subject.localityName, cert.city)
        self.assertEqual(subject.organizationName, cert.organization_name)
        self.assertEqual(subject.emailAddress, cert.email)
        self.assertEqual(subject.commonName, cert.common_name)
        # check issuer
        issuer = x509.get_issuer()
        ca = cert.ca
        self.assertEqual(issuer.countryName, ca.country_code)
        self.assertEqual(issuer.stateOrProvinceName, ca.state)
        self.assertEqual(issuer.localityName, ca.city)
        self.assertEqual(issuer.organizationName, ca.organization_name)
        self.assertEqual(issuer.emailAddress, ca.email)
        self.assertEqual(issuer.commonName, ca.common_name)
        # check signature
        store = crypto.X509Store()
        store.add_cert(ca.x509)
        store_ctx = crypto.X509StoreContext(store, cert.x509)
        store_ctx.verify_certificate()
        # ensure version is 3 (indexed 0 based counting)
        self.assertEqual(x509.get_version(), 2)
        # basic constraints
        e = cert.x509.get_extension(0)
        self.assertEqual(e.get_critical(), 0)
        self.assertEqual(e.get_short_name().decode(), 'basicConstraints')
        self.assertEqual(e.get_data(), b'0\x00') 
开发者ID:openwisp,项目名称:django-x509,代码行数:37,代码来源:test_cert.py

示例10: verify_certificate_chain

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def verify_certificate_chain(cert_bytes, trusted_certs, ignore_self_signed=True):
    """Verify a given certificate against a trust store."""

    # Load the certificate
    certificate = crypto.load_certificate(crypto.FILETYPE_ASN1, cert_bytes)

    # Create a certificate store and add your trusted certs
    try:
        store = crypto.X509Store()

        if ignore_self_signed:
            store.add_cert(certificate)

        # Assuming the certificates are in PEM format in a trusted_certs list
        for _cert in trusted_certs:
            store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, _cert))

        # Create a certificate context using the store and the certificate
        store_ctx = crypto.X509StoreContext(store, certificate)

        # Verify the certificate, returns None if certificate is not valid
        store_ctx.verify_certificate()

        return True

    except crypto.X509StoreContextError as e:
        raise AS2Exception(
            "Partner Certificate Invalid: %s" % e.args[-1][-1], "invalid-certificate"
        ) 
开发者ID:abhishek-ram,项目名称:pyas2-lib,代码行数:31,代码来源:utils.py

示例11: get_apple_pki_store

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def get_apple_pki_store():
    store = crypto.X509Store()
    # add apple CA
    for filename in ("Apple_iPhone_Device_CA.pem",
                     "Apple_iPhone_Certification_Authority.pem",
                     "Apple_Root_CA.pem"):
        with open(os.path.join(APPLE_PKI_DIR, filename), "rb") as f:
            store.add_cert(crypto.load_certificate(crypto.FILETYPE_PEM, f.read()))
    return store 
开发者ID:zentralopensource,项目名称:zentral,代码行数:11,代码来源:cms.py

示例12: test_get_cert_store

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def test_get_cert_store(self):
        """
        `Context.get_cert_store` returns a `X509Store` instance.
        """
        context = Context(TLSv1_METHOD)
        store = context.get_cert_store()
        assert isinstance(store, X509Store) 
开发者ID:pyca,项目名称:pyopenssl,代码行数:9,代码来源:test_ssl.py

示例13: verify_certs_chain

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def verify_certs_chain(certs_chain: List[crypto.X509], amazon_cert: crypto.X509) -> bool:
    """Verifies if Amazon and additional certificates creates chain of trust to a root CA.

    Args:
        certs_chain: List of pycrypto X509 intermediate certificates from signature chain URL.
        amazon_cert: Pycrypto X509 Amazon certificate.

    Returns:
        result: True if verification was successful, False if not.
    """
    store = crypto.X509Store()

    # add certificates from Amazon provided certs chain
    for cert in certs_chain:
        store.add_cert(cert)

    # add CA certificates
    default_verify_paths = ssl.get_default_verify_paths()

    default_verify_file = default_verify_paths.cafile
    default_verify_file = Path(default_verify_file).resolve() if default_verify_file else None

    default_verify_path = default_verify_paths.capath
    default_verify_path = Path(default_verify_path).resolve() if default_verify_path else None

    ca_files = [ca_file for ca_file in default_verify_path.iterdir()] if default_verify_path else []
    if default_verify_file:
        ca_files.append(default_verify_file)

    for ca_file in ca_files:
        ca_file: Path
        if ca_file.is_file():
            with ca_file.open('r', encoding='ascii') as crt_f:
                ca_certs_txt = crt_f.read()
                ca_certs = extract_certs(ca_certs_txt)
                for cert in ca_certs:
                    store.add_cert(cert)

    # add CA certificates (Windows)
    ssl_context = ssl.create_default_context()
    der_certs = ssl_context.get_ca_certs(binary_form=True)
    pem_certs = '\n'.join([ssl.DER_cert_to_PEM_cert(der_cert) for der_cert in der_certs])
    ca_certs = extract_certs(pem_certs)
    for ca_cert in ca_certs:
        store.add_cert(ca_cert)

    store_context = crypto.X509StoreContext(store, amazon_cert)

    try:
        store_context.verify_certificate()
        result = True
    except crypto.X509StoreContextError:
        result = False

    return result 
开发者ID:deepmipt,项目名称:DeepPavlov,代码行数:57,代码来源:ssl_tools.py

示例14: basic_assertions

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509Store [as 别名]
def basic_assertions(self, cdir, cert, key, cacert=None):
        '''
        test basic certificate assumptions

        Args:
            cdir (s_certdir.CertDir): certdir object
            cert (crypto.X509): Cert to test
            key (crypto.PKey): Key for the certification
            cacert (crypto.X509): Corresponding CA cert (optional)
        '''
        self.nn(cert)
        self.nn(key)

        # Make sure the certs were generated with the expected number of bits
        self.eq(cert.get_pubkey().bits(), cdir.crypto_numbits)
        self.eq(key.bits(), cdir.crypto_numbits)

        # Make sure the certs were generated with the correct version number
        self.eq(cert.get_version(), 2)

        # ensure we can sign / verify data with our keypair
        buf = b'The quick brown fox jumps over the lazy dog.'
        sig = crypto.sign(key, buf, 'sha256')
        sig2 = crypto.sign(key, buf + b'wut', 'sha256')
        self.none(crypto.verify(cert, sig, buf, 'sha256'))
        self.raises(crypto.Error, crypto.verify, cert, sig2, buf, 'sha256')

        # ensure that a ssl context using both cert/key match
        sslcontext = SSL.Context(SSL.TLSv1_2_METHOD)
        sslcontext.use_certificate(cert)
        sslcontext.use_privatekey(key)
        self.none(sslcontext.check_privatekey())

        if cacert:

            # Make sure the cert was signed by the CA
            self.eq(cert.get_issuer().der(), cacert.get_subject().der())

            store = crypto.X509Store()
            ctx = crypto.X509StoreContext(store, cert)

            # OpenSSL should NOT be able to verify the certificate if its CA is not loaded
            store.add_cert(cert)
            self.raises(crypto.X509StoreContextError, ctx.verify_certificate)  # unable to get local issuer certificate

            # Generate a separate CA that did not sign the certificate
            try:
                cdir.genCaCert('otherca')
            except s_exc.DupFileName:
                pass

            # OpenSSL should NOT be able to verify the certificate if its CA is not loaded
            store.add_cert(cdir.getCaCert('otherca'))
            self.raises(crypto.X509StoreContextError, ctx.verify_certificate)  # unable to get local issuer certificate

            # OpenSSL should be able to verify the certificate, once its CA is loaded
            store.add_cert(cacert)
            self.none(ctx.verify_certificate())  # valid 
开发者ID:vertexproject,项目名称:synapse,代码行数:60,代码来源:test_lib_certdir.py


注:本文中的OpenSSL.crypto.X509Store方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。