本文整理汇总了Python中OpenSSL.crypto.dump_publickey方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.dump_publickey方法的具体用法?Python crypto.dump_publickey怎么用?Python crypto.dump_publickey使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.crypto的用法示例。
在下文中一共展示了crypto.dump_publickey方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: keyHash
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def keyHash(self):
"""
Compute a hash of the underlying PKey object.
The purpose of this method is to allow you to determine if two
certificates share the same public key; it is not really useful for
anything else.
In versions of Twisted prior to 15.0, C{keyHash} used a technique
involving certificate requests for computing the hash that was not
stable in the face of changes to the underlying OpenSSL library.
@return: Return a 32-character hexadecimal string uniquely identifying
this public key, I{for this version of Twisted}.
@rtype: native L{str}
"""
raw = crypto.dump_publickey(crypto.FILETYPE_ASN1, self.original)
h = md5()
h.update(raw)
return h.hexdigest() 示例2: create_group_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def create_group_cert(cli):
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048) # generate RSA key-pair
cert = crypto.X509()
cert.get_subject().countryName = "US"
cert.get_subject().stateOrProvinceName = "CA"
cert.get_subject().organizationName = "mini-fulfillment"
cert.get_subject().organizationalUnitName = "demo"
cert.get_subject().commonName = "mini-fulfillment"
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(5 * 365 * 24 * 60 * 60) # 5 year expiry date
cert.set_issuer(cert.get_subject()) # self-sign this certificate
cert.set_pubkey(k)
san_list = ["IP:{0}".format(cli.ip_address)]
extension_list = [
crypto.X509Extension(type_name=b"basicConstraints",
critical=False, value=b"CA:false"),
crypto.X509Extension(type_name=b"subjectAltName",
critical=True, value=", ".join(san_list)),
# crypto.X509Extension(type_name=b"subjectKeyIdentifier",
# critical=True, value=b"hash")
]
cert.add_extensions(extension_list)
cert.sign(k, 'sha256')
prefix = str(cli.out_dir) + '/' + cli.group_name
open("{0}-server.crt".format(prefix), 'wt').write(
crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
open("{0}-server-private.key".format(prefix), 'wt').write(
crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey=k))
open("{0}-server-public.key".format(prefix), 'wt').write(
crypto.dump_publickey(crypto.FILETYPE_PEM, pkey=k)) 示例3: public_from_x509
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def public_from_x509(self):
"""Get public key from x509 certificate
Returns:
Chepy: The Chepy object.
"""
crt_obj = _pyssl_crypto.load_certificate(_pyssl_crypto.FILETYPE_PEM, self.state)
pub_key_object = crt_obj.get_pubkey()
pub_key_string = _pyssl_crypto.dump_publickey(
_pyssl_crypto.FILETYPE_PEM, pub_key_object
)
self.state = pub_key_string
return self 示例4: verify_signature
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def verify_signature(self, crt=None, sign=None, resp_body=None):
try:
x509 = load_certificate(FILETYPE_PEM, crt)
pub_key = x509.get_pubkey()
ias_public_key = dump_publickey(FILETYPE_PEM, pub_key)
public_key = load_publickey(FILETYPE_PEM, ias_public_key)
x509 = X509()
x509.set_pubkey(public_key)
if verify(x509, base64.b64decode(sign), resp_body, 'sha256') == None:
print "Signature verification Passed on Client side"
return True
except Exception as e:
raise Exception("Signature verification Failed on Client side", e) 示例5: verify_signature
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def verify_signature(self, crt=None, sign=None, resp_body=None):
try:
x509 = load_certificate(FILETYPE_PEM, crt)
pub_key = x509.get_pubkey()
ias_public_key = dump_publickey(FILETYPE_PEM, pub_key)
public_key = load_publickey(FILETYPE_PEM, ias_public_key)
x509 = X509()
x509.set_pubkey(public_key)
if verify(x509, base64.b64decode(sign), resp_body, 'sha256') == None:
LOG.info("Signature verification Passed on Server side")
return True
except Exception as e:
LOG.error(str(e))
raise Exception("Signature verification Failed on Server side", e) 示例6: test_tolerates_unicode_strings
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def test_tolerates_unicode_strings(self):
"""
load_publickey works with text strings, not just bytes.
"""
serialized = cleartextPublicKeyPEM.decode('ascii')
key = load_publickey(FILETYPE_PEM, serialized)
dumped_pem = dump_publickey(FILETYPE_PEM, key)
assert dumped_pem == cleartextPublicKeyPEM 示例7: test_dump_publickey_pem
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def test_dump_publickey_pem(self):
"""
dump_publickey writes a PEM.
"""
key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM)
dumped_pem = dump_publickey(FILETYPE_PEM, key)
assert dumped_pem == cleartextPublicKeyPEM 示例8: test_dump_publickey_asn1
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def test_dump_publickey_asn1(self):
"""
dump_publickey writes a DER.
"""
key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM)
dumped_der = dump_publickey(FILETYPE_ASN1, key)
key2 = load_publickey(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_publickey(FILETYPE_PEM, key2)
assert dumped_pem2 == cleartextPublicKeyPEM 示例9: test_dump_publickey_invalid_type
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def test_dump_publickey_invalid_type(self):
"""
dump_publickey doesn't support FILETYPE_TEXT.
"""
key = load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM)
with pytest.raises(ValueError):
dump_publickey(FILETYPE_TEXT, key) 示例10: generate_rsa_keys_if_needed
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import dump_publickey [as 别名]
def generate_rsa_keys_if_needed():
"""Generate RSA keys for MAAS.
Returns True if a new RSA key was generated.
"""
if os.path.isfile(MAAS_PRIVATE_KEY):
return False
try:
with NamedLock("RSA"):
os.makedirs(os.path.dirname(MAAS_PRIVATE_KEY), exist_ok=True)
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 4096)
with open(MAAS_PRIVATE_KEY, "wb") as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.chmod(MAAS_PRIVATE_KEY, 0o600)
with open(MAAS_PUBLIC_KEY, "wb") as f:
f.write(crypto.dump_publickey(crypto.FILETYPE_PEM, pkey))
except NamedLock.NotAvailable:
# System is running a region and rack. The other process
# is generating the key, wait up to 60s for it.
waits = 0
while not os.path.isfile(MAAS_PRIVATE_KEY) and waits < 600:
sleep(0.1)
waits += 1
assert os.path.isfile(
MAAS_PRIVATE_KEY
), "Unable to generate MAAS RSA keys!"
return True
# Cache when the start and end time a certificate is valid for so it only
# has to be read once.