本文整理汇总了Python中OpenSSL.crypto.X509StoreContext方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.X509StoreContext方法的具体用法?Python crypto.X509StoreContext怎么用?Python crypto.X509StoreContext使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.crypto的用法示例。
在下文中一共展示了crypto.X509StoreContext方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _is_trusted_x509_attestation_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def _is_trusted_x509_attestation_cert(trust_path, trust_anchors):
if not trust_path or not isinstance(trust_path, list) or not trust_anchors or not isinstance(trust_anchors, list):
return False
attestation_cert = trust_path[0]
store = crypto.X509Store()
for i in trust_anchors:
store.add_cert(i)
store_ctx = crypto.X509StoreContext(store, attestation_cert)
try:
store_ctx.verify_certificate()
return True
except Exception as e:
log.info('Unable to verify certificate: {}'.format(e))
return False 示例2: test_modification_pre_verify
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_modification_pre_verify(self):
"""
:py:obj:`verify_certificate` can use a store context modified after
instantiation.
"""
store_bad = X509Store()
store_bad.add_cert(self.intermediate_cert)
store_good = X509Store()
store_good.add_cert(self.root_cert)
store_good.add_cert(self.intermediate_cert)
store_ctx = X509StoreContext(store_bad, self.intermediate_server_cert)
e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
self.assertEqual(e.args[0][2], 'unable to get issuer certificate')
self.assertEqual(e.certificate.get_subject().CN, 'intermediate')
store_ctx.set_store(store_good)
self.assertEqual(store_ctx.verify_certificate(), None) 示例3: _verify_ca
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def _verify_ca(self):
"""
(internal use only)
verifies the current x509 is signed
by the associated CA
"""
store = crypto.X509Store()
store.add_cert(self.ca.x509)
store_ctx = crypto.X509StoreContext(store, self.x509)
try:
store_ctx.verify_certificate()
except crypto.X509StoreContextError as e:
raise ValidationError(
_("CA doesn't match, got the " 'following error from pyOpenSSL: "%s"')
% e.args[0][2]
) 示例4: assertSignature
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def assertSignature(self, chain, cert):
# see: http://stackoverflow.com/questions/30700348
store = X509Store()
# set the time of the OpenSSL context - freezegun doesn't work, because timestamp comes from OpenSSL
now = datetime.utcnow()
store.set_time(now)
for elem in chain:
ca = load_certificate(FILETYPE_PEM, elem.dump_certificate())
store.add_cert(ca)
# Verify that the CA itself is valid
store_ctx = X509StoreContext(store, ca)
self.assertIsNone(store_ctx.verify_certificate())
cert = load_certificate(FILETYPE_PEM, cert.dump_certificate())
store_ctx = X509StoreContext(store, cert)
self.assertIsNone(store_ctx.verify_certificate()) 示例5: verify_certificate
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def verify_certificate(self, crt=None, cacrt=None):
try:
cert = load_certificate(FILETYPE_PEM, crt)
intermediate_cert = load_certificate(FILETYPE_PEM, cacrt)
validation_cert = load_certificate(FILETYPE_PEM, cacrt)
store = X509Store()
store.add_cert(intermediate_cert)
store.add_cert(cert)
store_ctx = X509StoreContext(store, validation_cert)
if(store_ctx.verify_certificate() == None):
print "Certificate verification Passed on Client side"
return True
else:
raise Exception("Certificate Verification Failed on Client side")
except Exception as e:
raise Exception("Certificate Validation Failed on Client side", e) 示例6: verify_certificate
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def verify_certificate(self, crt=None, cacrt=None):
try:
cert = load_certificate(FILETYPE_PEM, crt)
intermediate_cert = load_certificate(FILETYPE_PEM, cacrt)
validation_cert = load_certificate(FILETYPE_PEM, cacrt)
store = X509Store()
store.add_cert(intermediate_cert)
store.add_cert(cert)
store_ctx = X509StoreContext(store, validation_cert)
if(store_ctx.verify_certificate() == None):
LOG.info("Certificate verification Passed on Server side")
return True
else:
raise Exception("Certificate Verification Failed on Server side")
except Exception as e:
LOG.error(str(e))
raise Exception("Certificate Validation Failed on Server side", e) 示例7: _is_trusted_attestation_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def _is_trusted_attestation_cert(trust_path, trust_anchors):
if not trust_path or not isinstance(trust_path, list):
return False
# NOTE: Only using the first attestation cert in the
# attestation trust path for now, but should be
# able to build a chain.
attestation_cert = trust_path[0]
store = crypto.X509Store()
for _ta in trust_anchors:
store.add_cert(_ta)
store_ctx = crypto.X509StoreContext(store, attestation_cert)
try:
store_ctx.verify_certificate()
return True
except Exception as e:
print('Unable to verify certificate: {}.'.format(e), file=sys.stderr)
return False 示例8: verify_trust_chain
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def verify_trust_chain(certificate, ca):
cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
store = crypto.X509Store()
store_ctx = crypto.X509StoreContext(store, cert)
result = store_ctx.verify_certificate() 示例9: test_valid
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_valid(self):
"""
:py:obj:`verify_certificate` returns ``None`` when called with a certificate
and valid chain.
"""
store = X509Store()
store.add_cert(self.root_cert)
store.add_cert(self.intermediate_cert)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
self.assertEqual(store_ctx.verify_certificate(), None) 示例10: test_reuse
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_reuse(self):
"""
:py:obj:`verify_certificate` can be called multiple times with the same
``X509StoreContext`` instance to produce the same result.
"""
store = X509Store()
store.add_cert(self.root_cert)
store.add_cert(self.intermediate_cert)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
self.assertEqual(store_ctx.verify_certificate(), None)
self.assertEqual(store_ctx.verify_certificate(), None) 示例11: test_trusted_self_signed
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_trusted_self_signed(self):
"""
:py:obj:`verify_certificate` returns ``None`` when called with a self-signed
certificate and itself in the chain.
"""
store = X509Store()
store.add_cert(self.root_cert)
store_ctx = X509StoreContext(store, self.root_cert)
self.assertEqual(store_ctx.verify_certificate(), None) 示例12: test_untrusted_self_signed
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_untrusted_self_signed(self):
"""
:py:obj:`verify_certificate` raises error when a self-signed certificate is
verified without itself in the chain.
"""
store = X509Store()
store_ctx = X509StoreContext(store, self.root_cert)
e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
self.assertEqual(e.args[0][2], 'self signed certificate')
self.assertEqual(e.certificate.get_subject().CN, 'Testing Root CA') 示例13: test_invalid_chain_no_root
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_invalid_chain_no_root(self):
"""
:py:obj:`verify_certificate` raises error when a root certificate is missing
from the chain.
"""
store = X509Store()
store.add_cert(self.intermediate_cert)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
self.assertEqual(e.args[0][2], 'unable to get issuer certificate')
self.assertEqual(e.certificate.get_subject().CN, 'intermediate') 示例14: test_new
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def test_new(self):
cert = self._create_cert()
self.assertNotEqual(cert.certificate, '')
self.assertNotEqual(cert.private_key, '')
x509 = cert.x509
self.assertEqual(x509.get_serial_number(), cert.serial_number)
subject = x509.get_subject()
# check subject
self.assertEqual(subject.countryName, cert.country_code)
self.assertEqual(subject.stateOrProvinceName, cert.state)
self.assertEqual(subject.localityName, cert.city)
self.assertEqual(subject.organizationName, cert.organization_name)
self.assertEqual(subject.emailAddress, cert.email)
self.assertEqual(subject.commonName, cert.common_name)
# check issuer
issuer = x509.get_issuer()
ca = cert.ca
self.assertEqual(issuer.countryName, ca.country_code)
self.assertEqual(issuer.stateOrProvinceName, ca.state)
self.assertEqual(issuer.localityName, ca.city)
self.assertEqual(issuer.organizationName, ca.organization_name)
self.assertEqual(issuer.emailAddress, ca.email)
self.assertEqual(issuer.commonName, ca.common_name)
# check signature
store = crypto.X509Store()
store.add_cert(ca.x509)
store_ctx = crypto.X509StoreContext(store, cert.x509)
store_ctx.verify_certificate()
# ensure version is 3 (indexed 0 based counting)
self.assertEqual(x509.get_version(), 2)
# basic constraints
e = cert.x509.get_extension(0)
self.assertEqual(e.get_critical(), 0)
self.assertEqual(e.get_short_name().decode(), 'basicConstraints')
self.assertEqual(e.get_data(), b'0\x00') 示例15: verify_certificate_chain
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContext [as 别名]
def verify_certificate_chain(cert_bytes, trusted_certs, ignore_self_signed=True):
"""Verify a given certificate against a trust store."""
# Load the certificate
certificate = crypto.load_certificate(crypto.FILETYPE_ASN1, cert_bytes)
# Create a certificate store and add your trusted certs
try:
store = crypto.X509Store()
if ignore_self_signed:
store.add_cert(certificate)
# Assuming the certificates are in PEM format in a trusted_certs list
for _cert in trusted_certs:
store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, _cert))
# Create a certificate context using the store and the certificate
store_ctx = crypto.X509StoreContext(store, certificate)
# Verify the certificate, returns None if certificate is not valid
store_ctx.verify_certificate()
return True
except crypto.X509StoreContextError as e:
raise AS2Exception(
"Partner Certificate Invalid: %s" % e.args[-1][-1], "invalid-certificate"
)