当前位置: 首页>>代码示例>>Python>>正文


Python crypto.X509StoreContextError方法代码示例

本文整理汇总了Python中OpenSSL.crypto.X509StoreContextError方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.X509StoreContextError方法的具体用法?Python crypto.X509StoreContextError怎么用?Python crypto.X509StoreContextError使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在OpenSSL.crypto的用法示例。


在下文中一共展示了crypto.X509StoreContextError方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: test_modification_pre_verify

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def test_modification_pre_verify(self):
        """
        :py:obj:`verify_certificate` can use a store context modified after
        instantiation.
        """
        store_bad = X509Store()
        store_bad.add_cert(self.intermediate_cert)
        store_good = X509Store()
        store_good.add_cert(self.root_cert)
        store_good.add_cert(self.intermediate_cert)
        store_ctx = X509StoreContext(store_bad, self.intermediate_server_cert)
        e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
        self.assertEqual(e.args[0][2], 'unable to get issuer certificate')
        self.assertEqual(e.certificate.get_subject().CN, 'intermediate')
        store_ctx.set_store(store_good)
        self.assertEqual(store_ctx.verify_certificate(), None) 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:18,代码来源:test_crypto.py

示例2: _verify_ca

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def _verify_ca(self):
        """
        (internal use only)
        verifies the current x509 is signed
        by the associated CA
        """
        store = crypto.X509Store()
        store.add_cert(self.ca.x509)
        store_ctx = crypto.X509StoreContext(store, self.x509)
        try:
            store_ctx.verify_certificate()
        except crypto.X509StoreContextError as e:
            raise ValidationError(
                _("CA doesn't match, got the " 'following error from pyOpenSSL: "%s"')
                % e.args[0][2]
            ) 
开发者ID:openwisp,项目名称:django-x509,代码行数:18,代码来源:models.py

示例3: test_untrusted_self_signed

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def test_untrusted_self_signed(self):
        """
        :py:obj:`verify_certificate` raises error when a self-signed certificate is
        verified without itself in the chain.
        """
        store = X509Store()
        store_ctx = X509StoreContext(store, self.root_cert)
        e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
        self.assertEqual(e.args[0][2], 'self signed certificate')
        self.assertEqual(e.certificate.get_subject().CN, 'Testing Root CA') 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:12,代码来源:test_crypto.py

示例4: test_invalid_chain_no_root

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def test_invalid_chain_no_root(self):
        """
        :py:obj:`verify_certificate` raises error when a root certificate is missing
        from the chain.
        """
        store = X509Store()
        store.add_cert(self.intermediate_cert)
        store_ctx = X509StoreContext(store, self.intermediate_server_cert)
        e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
        self.assertEqual(e.args[0][2], 'unable to get issuer certificate')
        self.assertEqual(e.certificate.get_subject().CN, 'intermediate') 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:13,代码来源:test_crypto.py

示例5: test_invalid_chain_no_intermediate

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def test_invalid_chain_no_intermediate(self):
        """
        :py:obj:`verify_certificate` raises error when an intermediate certificate is
        missing from the chain.
        """
        store = X509Store()
        store.add_cert(self.root_cert)
        store_ctx = X509StoreContext(store, self.intermediate_server_cert)
        e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate)
        self.assertEqual(e.args[0][2], 'unable to get local issuer certificate')
        self.assertEqual(e.certificate.get_subject().CN, 'intermediate-service') 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:13,代码来源:test_crypto.py

示例6: verify_certificate_chain

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def verify_certificate_chain(cert_bytes, trusted_certs, ignore_self_signed=True):
    """Verify a given certificate against a trust store."""

    # Load the certificate
    certificate = crypto.load_certificate(crypto.FILETYPE_ASN1, cert_bytes)

    # Create a certificate store and add your trusted certs
    try:
        store = crypto.X509Store()

        if ignore_self_signed:
            store.add_cert(certificate)

        # Assuming the certificates are in PEM format in a trusted_certs list
        for _cert in trusted_certs:
            store.add_cert(crypto.load_certificate(crypto.FILETYPE_ASN1, _cert))

        # Create a certificate context using the store and the certificate
        store_ctx = crypto.X509StoreContext(store, certificate)

        # Verify the certificate, returns None if certificate is not valid
        store_ctx.verify_certificate()

        return True

    except crypto.X509StoreContextError as e:
        raise AS2Exception(
            "Partner Certificate Invalid: %s" % e.args[-1][-1], "invalid-certificate"
        ) 
开发者ID:abhishek-ram,项目名称:pyas2-lib,代码行数:31,代码来源:utils.py

示例7: _add_cert_to_store

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def _add_cert_to_store(store, cert):
    from OpenSSL.crypto import X509StoreContext, X509StoreContextError, Error as OpenSSLCryptoError
    try:
        X509StoreContext(store, cert).verify_certificate()
    except X509StoreContextError as e:
        raise InvalidCertificate(e)
    try:
        store.add_cert(cert)
        return cert
    except OpenSSLCryptoError as e:
        if e.args == ([('x509 certificate routines', 'X509_STORE_add_cert', 'cert already in hash table')],):
            raise RedundantCert(e)
        raise 
开发者ID:XML-Security,项目名称:signxml,代码行数:15,代码来源:__init__.py

示例8: verify_apple_iphone_device_ca_issuer_pyopenssl

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def verify_apple_iphone_device_ca_issuer_pyopenssl(certificate_bytes):
    certificate = crypto.load_certificate(crypto.FILETYPE_ASN1, certificate_bytes)
    store_ctx = crypto.X509StoreContext(APPLE_PKI_STORE, certificate)
    try:
        store_ctx.verify_certificate()
    except crypto.X509StoreContextError:
        return False
    else:
        return True 
开发者ID:zentralopensource,项目名称:zentral,代码行数:11,代码来源:cms.py

示例9: test_certdir_valUserCert

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def test_certdir_valUserCert(self):
        with self.getCertDir() as cdir:  # type: s_certdir.CertDir
            cdir._getPathJoin()
            cdir.genCaCert('syntest')
            cdir.genCaCert('newp')
            cdir.getCaCerts()
            syntestca = cdir.getCaCert('syntest')
            newpca = cdir.getCaCert('newp')

            self.raises(crypto.Error, cdir.valUserCert, b'')

            cdir.genUserCert('cool')
            path = cdir.getUserCertPath('cool')
            byts = cdir._getPathBytes(path)

            self.raises(crypto.X509StoreContextError, cdir.valUserCert, byts)

            cdir.genUserCert('cooler', signas='syntest')
            path = cdir.getUserCertPath('cooler')
            byts = cdir._getPathBytes(path)
            self.nn(cdir.valUserCert(byts))
            self.nn(cdir.valUserCert(byts, cacerts=(syntestca,)))
            self.raises(crypto.X509StoreContextError, cdir.valUserCert, byts, cacerts=(newpca,))
            self.raises(crypto.X509StoreContextError, cdir.valUserCert, byts, cacerts=())

            cdir.genUserCert('coolest', signas='newp')
            path = cdir.getUserCertPath('coolest')
            byts = cdir._getPathBytes(path)
            self.nn(cdir.valUserCert(byts))
            self.nn(cdir.valUserCert(byts, cacerts=(newpca,)))
            self.raises(crypto.X509StoreContextError, cdir.valUserCert, byts, cacerts=(syntestca,))
            self.raises(crypto.X509StoreContextError, cdir.valUserCert, byts, cacerts=()) 
开发者ID:vertexproject,项目名称:synapse,代码行数:34,代码来源:test_lib_certdir.py

示例10: verify_certs_chain

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def verify_certs_chain(certs_chain: List[crypto.X509], amazon_cert: crypto.X509) -> bool:
    """Verifies if Amazon and additional certificates creates chain of trust to a root CA.

    Args:
        certs_chain: List of pycrypto X509 intermediate certificates from signature chain URL.
        amazon_cert: Pycrypto X509 Amazon certificate.

    Returns:
        result: True if verification was successful, False if not.
    """
    store = crypto.X509Store()

    # add certificates from Amazon provided certs chain
    for cert in certs_chain:
        store.add_cert(cert)

    # add CA certificates
    default_verify_paths = ssl.get_default_verify_paths()

    default_verify_file = default_verify_paths.cafile
    default_verify_file = Path(default_verify_file).resolve() if default_verify_file else None

    default_verify_path = default_verify_paths.capath
    default_verify_path = Path(default_verify_path).resolve() if default_verify_path else None

    ca_files = [ca_file for ca_file in default_verify_path.iterdir()] if default_verify_path else []
    if default_verify_file:
        ca_files.append(default_verify_file)

    for ca_file in ca_files:
        ca_file: Path
        if ca_file.is_file():
            with ca_file.open('r', encoding='ascii') as crt_f:
                ca_certs_txt = crt_f.read()
                ca_certs = extract_certs(ca_certs_txt)
                for cert in ca_certs:
                    store.add_cert(cert)

    # add CA certificates (Windows)
    ssl_context = ssl.create_default_context()
    der_certs = ssl_context.get_ca_certs(binary_form=True)
    pem_certs = '\n'.join([ssl.DER_cert_to_PEM_cert(der_cert) for der_cert in der_certs])
    ca_certs = extract_certs(pem_certs)
    for ca_cert in ca_certs:
        store.add_cert(ca_cert)

    store_context = crypto.X509StoreContext(store, amazon_cert)

    try:
        store_context.verify_certificate()
        result = True
    except crypto.X509StoreContextError:
        result = False

    return result 
开发者ID:deepmipt,项目名称:DeepPavlov,代码行数:57,代码来源:ssl_tools.py

示例11: basic_assertions

# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import X509StoreContextError [as 别名]
def basic_assertions(self, cdir, cert, key, cacert=None):
        '''
        test basic certificate assumptions

        Args:
            cdir (s_certdir.CertDir): certdir object
            cert (crypto.X509): Cert to test
            key (crypto.PKey): Key for the certification
            cacert (crypto.X509): Corresponding CA cert (optional)
        '''
        self.nn(cert)
        self.nn(key)

        # Make sure the certs were generated with the expected number of bits
        self.eq(cert.get_pubkey().bits(), cdir.crypto_numbits)
        self.eq(key.bits(), cdir.crypto_numbits)

        # Make sure the certs were generated with the correct version number
        self.eq(cert.get_version(), 2)

        # ensure we can sign / verify data with our keypair
        buf = b'The quick brown fox jumps over the lazy dog.'
        sig = crypto.sign(key, buf, 'sha256')
        sig2 = crypto.sign(key, buf + b'wut', 'sha256')
        self.none(crypto.verify(cert, sig, buf, 'sha256'))
        self.raises(crypto.Error, crypto.verify, cert, sig2, buf, 'sha256')

        # ensure that a ssl context using both cert/key match
        sslcontext = SSL.Context(SSL.TLSv1_2_METHOD)
        sslcontext.use_certificate(cert)
        sslcontext.use_privatekey(key)
        self.none(sslcontext.check_privatekey())

        if cacert:

            # Make sure the cert was signed by the CA
            self.eq(cert.get_issuer().der(), cacert.get_subject().der())

            store = crypto.X509Store()
            ctx = crypto.X509StoreContext(store, cert)

            # OpenSSL should NOT be able to verify the certificate if its CA is not loaded
            store.add_cert(cert)
            self.raises(crypto.X509StoreContextError, ctx.verify_certificate)  # unable to get local issuer certificate

            # Generate a separate CA that did not sign the certificate
            try:
                cdir.genCaCert('otherca')
            except s_exc.DupFileName:
                pass

            # OpenSSL should NOT be able to verify the certificate if its CA is not loaded
            store.add_cert(cdir.getCaCert('otherca'))
            self.raises(crypto.X509StoreContextError, ctx.verify_certificate)  # unable to get local issuer certificate

            # OpenSSL should be able to verify the certificate, once its CA is loaded
            store.add_cert(cacert)
            self.none(ctx.verify_certificate())  # valid 
开发者ID:vertexproject,项目名称:synapse,代码行数:60,代码来源:test_lib_certdir.py


注:本文中的OpenSSL.crypto.X509StoreContextError方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。