本文整理汇总了Python中OpenSSL.crypto.load_certificate方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.load_certificate方法的具体用法?Python crypto.load_certificate怎么用?Python crypto.load_certificate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.crypto的用法示例。
在下文中一共展示了crypto.load_certificate方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: is_real_certificate_installed
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def is_real_certificate_installed(self):
if not os.path.exists(self.platform_config.get_ssl_certificate_file()):
return False
cert = crypto.load_certificate(
crypto.FILETYPE_PEM, open(self.platform_config.get_ssl_certificate_file()).read())
if cert.get_issuer().CN == cert.get_subject().CN:
self.log.info('issuer: {0}'.format(cert.get_issuer().CN))
self.log.info('self signed certificate')
return False
if 'Fake' in cert.get_issuer().CN:
self.log.info('issuer: {0}'.format(cert.get_issuer().CN))
self.log.info('test certificate')
return False
self.log.info('real certificate')
self.log.info('issuer: {0}, subject: {1}'.format(cert.get_issuer().CN, cert.get_subject().CN))
return True 示例2: from_string
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def from_string(key_pem, is_x509_cert):
"""Construct a Verified instance from a string.
Args:
key_pem: string, public key in PEM format.
is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is
expected to be an RSA key in PEM format.
Returns:
Verifier instance.
Raises:
OpenSSL.crypto.Error if the key_pem can't be parsed.
"""
if is_x509_cert:
pubkey = crypto.load_certificate(crypto.FILETYPE_PEM, key_pem)
else:
pubkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key_pem)
return OpenSSLVerifier(pubkey) 示例3: gen_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def gen_cert(self, cn, key_size=2048, days=9999):
logging.debug("Generating cert for " + cn)
cacert = crypto.load_certificate(crypto.FILETYPE_PEM, self.cert)
cakey = crypto.load_privatekey(crypto.FILETYPE_PEM, self.key)
pkey = createKeyPair(crypto.TYPE_RSA, key_size)
req = createCertRequest(pkey, CN=cn)
cert = createCertificate(req, (cacert, cakey), 1, (0, 60*60*24*days))
key_data = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
cert_data = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
return Cert(key_data, cert_data, self.cert)
#
# Multi-Threaded Generator Plumbing
# 示例4: test_execute
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_execute(self):
"""Tests executing of cron job."""
# Defer import to avoid issues on Python 2.
from OpenSSL import crypto
self.app.get('/generate-certs')
# New cert.
tls_cert = ndb.Key(data_types.WorkerTlsCert, 'project1').get()
cert = crypto.load_certificate(crypto.FILETYPE_PEM, tls_cert.cert_contents)
self.assertEqual('US', cert.get_subject().C)
self.assertEqual('*.c.test-clusterfuzz.internal', cert.get_subject().CN)
self.assertEqual('project1', cert.get_subject().O)
self.assertEqual(9001, cert.get_serial_number())
self.assertEqual(b'20000101000000Z', cert.get_notBefore())
self.assertEqual(b'21000101000000Z', cert.get_notAfter())
private_key = crypto.load_privatekey(crypto.FILETYPE_PEM,
tls_cert.key_contents)
self.assertTrue(private_key.check())
# Should be unchanged.
tls_cert = ndb.Key(data_types.WorkerTlsCert, 'project2').get()
self.assertEqual(b'cert_contents', tls_cert.cert_contents)
self.assertEqual(b'key_contents', tls_cert.key_contents) 示例5: _create_pkcs12_bin
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def _create_pkcs12_bin(self):
"""
Helper function to create an encrypted pkcs12 binary for download
:return: PKCS12 binary
"""
certificate = self.get_tokeninfo("certificate")
privatekey = self.get_tokeninfo("privatekey")
pkcs12 = crypto.PKCS12()
pkcs12.set_certificate(crypto.load_certificate(
crypto.FILETYPE_PEM, certificate))
pkcs12.set_privatekey(crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey))
# TODO define a random passphrase and hand it to the user
passphrase = self.token.get_pin()
if passphrase == -1:
passphrase = ""
pkcs12_bin = pkcs12.export(passphrase=passphrase)
return pkcs12_bin 示例6: extract_domains_from_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def extract_domains_from_cert(cls, target, certificate_pem, report_folder):
domains = []
certificate = crypto.load_certificate(crypto.FILETYPE_PEM, certificate_pem)
ext_count = certificate.get_extension_count()
for i in range(0,ext_count):
try:
extension = certificate.get_extension(i).__str__()
# might be subject to error if pyopenssl change the representation of data
# if it happens, use the extension,get_data() instead
if(extension.startswith("DNS:")):
for domain in extension.split(' '):
domains.append(domain[4:])
except:
pass
for subject_component in certificate.get_subject().get_components():
if(b'CN' in subject_component):
for CN_component in subject_component:
if(not CN_component == b'CN'):
domains.append(CN_component.decode('utf8'))
if(domains):
with open('{}/certificates_domains.txt'.format(report_folder), 'a') as domains_file:
url = target.replace('_',':')
domains_file.write("{}: {}".format(url, ", ".join(domains))) 示例7: validate_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def validate_cert(cert_file_path):
with open(cert_file_path, "r") as f:
cert_buf = f.read()
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_buf)
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
not_before = datetime.strptime(cert.get_notBefore().decode(encoding), date_format)
not_after = datetime.strptime(cert.get_notAfter().decode(encoding), date_format)
now = datetime.now()
https_error = "Error using HTTPS: "
if now < not_before:
msg = https_error + f"The certificate provided is not valid until {not_before}."
logger.critical(msg)
raise RuntimeError(msg)
if now > not_after:
msg = https_error + f"The certificate provided expired on {not_after}."
logger.critical(msg)
raise RuntimeError(msg) 示例8: test_set_verify_callback_exception
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_set_verify_callback_exception(self):
"""
If the verify callback passed to :py:obj:`Context.set_verify` raises an
exception, verification fails and the exception is propagated to the
caller of :py:obj:`Connection.do_handshake`.
"""
serverContext = Context(TLSv1_METHOD)
serverContext.use_privatekey(
load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
serverContext.use_certificate(
load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
clientContext = Context(TLSv1_METHOD)
def verify_callback(*args):
raise Exception("silly verify failure")
clientContext.set_verify(VERIFY_PEER, verify_callback)
exc = self.assertRaises(
Exception, self._handshake_test, serverContext, clientContext)
self.assertEqual("silly verify failure", str(exc)) 示例9: test_accept
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_accept(self):
"""
:py:obj:`Connection.accept` accepts a pending connection attempt and returns a
tuple of a new :py:obj:`Connection` (the accepted client) and the address the
connection originated from.
"""
ctx = Context(TLSv1_METHOD)
ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
port = socket()
portSSL = Connection(ctx, port)
portSSL.bind(('', 0))
portSSL.listen(3)
clientSSL = Connection(Context(TLSv1_METHOD), socket())
# Calling portSSL.getsockname() here to get the server IP address sounds
# great, but frequently fails on Windows.
clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))
serverSSL, address = portSSL.accept()
self.assertTrue(isinstance(serverSSL, Connection))
self.assertIdentical(serverSSL.get_context(), ctx)
self.assertEquals(address, clientSSL.getsockname()) 示例10: test_shutdown_truncated
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_shutdown_truncated(self):
"""
If the underlying connection is truncated, :obj:`Connection.shutdown`
raises an :obj:`Error`.
"""
server_ctx = Context(TLSv1_METHOD)
client_ctx = Context(TLSv1_METHOD)
server_ctx.use_privatekey(
load_privatekey(FILETYPE_PEM, server_key_pem))
server_ctx.use_certificate(
load_certificate(FILETYPE_PEM, server_cert_pem))
server = Connection(server_ctx, None)
client = Connection(client_ctx, None)
self._handshakeInMemory(client, server)
self.assertEqual(server.shutdown(), False)
self.assertRaises(WantReadError, server.shutdown)
server.bio_shutdown()
self.assertRaises(Error, server.shutdown) 示例11: _server
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def _server(self, sock):
"""
Create a new server-side SSL :py:obj:`Connection` object wrapped around
:py:obj:`sock`.
"""
# Create the server side Connection. This is mostly setup boilerplate
# - use TLSv1, use a particular certificate, etc.
server_ctx = Context(TLSv1_METHOD)
server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
server_store = server_ctx.get_cert_store()
server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
server_ctx.check_privatekey()
server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
# Here the Connection is actually created. If None is passed as the 2nd
# parameter, it indicates a memory BIO should be created.
server_conn = Connection(server_ctx, sock)
server_conn.set_accept_state()
return server_conn 示例12: _client
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def _client(self, sock):
"""
Create a new client-side SSL :py:obj:`Connection` object wrapped around
:py:obj:`sock`.
"""
# Now create the client side Connection. Similar boilerplate to the
# above.
client_ctx = Context(TLSv1_METHOD)
client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )
client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)
client_store = client_ctx.get_cert_store()
client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))
client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))
client_ctx.check_privatekey()
client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))
client_conn = Connection(client_ctx, sock)
client_conn.set_connect_state()
return client_conn 示例13: test_set_multiple_ca_list
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_set_multiple_ca_list(self):
"""
If passed a list containing multiple X509Name objects,
:py:obj:`Context.set_client_ca_list` configures the context to send those CA
names to the client and, on both the server and client sides,
:py:obj:`Connection.get_client_ca_list` returns a list containing those
X509Names after the connection is set up.
"""
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
sedesc = secert.get_subject()
cldesc = clcert.get_subject()
def multiple_ca(ctx):
L = [sedesc, cldesc]
ctx.set_client_ca_list(L)
return L
self._check_client_ca_list(multiple_ca) 示例14: test_reset_ca_list
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_reset_ca_list(self):
"""
If called multiple times, only the X509Names passed to the final call
of :py:obj:`Context.set_client_ca_list` are used to configure the CA names
sent to the client.
"""
cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
cadesc = cacert.get_subject()
sedesc = secert.get_subject()
cldesc = clcert.get_subject()
def changed_ca(ctx):
ctx.set_client_ca_list([sedesc, cldesc])
ctx.set_client_ca_list([cadesc])
return [cadesc]
self._check_client_ca_list(changed_ca) 示例15: test_multiple_add_client_ca
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_certificate [as 别名]
def test_multiple_add_client_ca(self):
"""
Multiple CA names can be sent to the client by calling
:py:obj:`Context.add_client_ca` with multiple X509 objects.
"""
cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
secert = load_certificate(FILETYPE_PEM, server_cert_pem)
cadesc = cacert.get_subject()
sedesc = secert.get_subject()
def multiple_ca(ctx):
ctx.add_client_ca(cacert)
ctx.add_client_ca(secert)
return [cadesc, sedesc]
self._check_client_ca_list(multiple_ca)