本文整理汇总了Python中OpenSSL.crypto.load_pkcs12方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.load_pkcs12方法的具体用法?Python crypto.load_pkcs12怎么用?Python crypto.load_pkcs12使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.crypto
的用法示例。
在下文中一共展示了crypto.load_pkcs12方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: from_string
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def from_string(key, password='notasecret'):
"""Construct a Signer instance from a string.
Args:
key: string, private key in PKCS12 or PEM format.
password: string, password for the private key file.
Returns:
Signer instance.
Raises:
OpenSSL.crypto.Error if the key can't be parsed.
"""
parsed_pem_key = _parse_pem_key(key)
if parsed_pem_key:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
else:
pkey = crypto.load_pkcs12(key, password.encode('utf8')).get_privatekey()
return OpenSSLSigner(pkey)
示例2: from_string
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def from_string(key, password='notasecret'):
"""Construct a Signer instance from a string.
Args:
key: string, private key in PKCS12 or PEM format.
password: string, password for the private key file.
Returns:
Signer instance.
Raises:
OpenSSL.crypto.Error if the key can't be parsed.
"""
if key.startswith('-----BEGIN '):
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
else:
pkey = crypto.load_pkcs12(key, password).get_privatekey()
return OpenSSLSigner(pkey)
示例3: test_key_only
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_key_only(self):
"""
A :py:obj:`PKCS12` with only a private key can be exported using
:py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`.
"""
passwd = b"blah"
p12 = PKCS12()
pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
p12.set_privatekey(pkey)
self.assertEqual(None, p12.get_certificate())
self.assertEqual(pkey, p12.get_privatekey())
try:
dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
except Error:
# Some versions of OpenSSL will throw an exception
# for this nearly useless PKCS12 we tried to generate:
# [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
return
p12 = load_pkcs12(dumped_p12, passwd)
self.assertEqual(None, p12.get_ca_certificates())
self.assertEqual(None, p12.get_certificate())
# OpenSSL fails to bring the key back to us. So sad. Perhaps in the
# future this will be improved.
self.assertTrue(isinstance(p12.get_privatekey(), (PKey, type(None))))
示例4: test_load_pkcs12_text_passphrase
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_load_pkcs12_text_passphrase(self):
"""
A PKCS12 string generated using the openssl command line can be loaded
with :py:obj:`load_pkcs12` and its components extracted and examined.
Using text as passphrase instead of bytes. DeprecationWarning expected.
"""
pem = client_key_pem + client_cert_pem
passwd = b"whatever"
p12_str = _runopenssl(pem, b"pkcs12", b"-export", b"-clcerts",
b"-passout", b"pass:" + passwd)
with catch_warnings(record=True) as w:
simplefilter("always")
p12 = load_pkcs12(p12_str, passphrase=b"whatever".decode("ascii"))
self.assertEqual(
"{0} for passphrase is no longer accepted, use bytes".format(
WARNING_TYPE_EXPECTED
),
str(w[-1].message)
)
self.assertIs(w[-1].category, DeprecationWarning)
self.verify_pkcs12_container(p12)
示例5: test_load_without_mac
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_load_without_mac(self):
"""
Loading a PKCS12 without a MAC does something other than crash.
"""
passwd = b"Lake Michigan"
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
try:
recovered_p12 = load_pkcs12(dumped_p12, passwd)
# The person who generated this PCKS12 should be flogged,
# or better yet we should have a means to determine
# whether a PCKS12 had a MAC that was verified.
# Anyway, libopenssl chooses to allow it, so the
# pyopenssl binding does as well.
self.assertTrue(isinstance(recovered_p12, PKCS12))
except Error:
# Failing here with an exception is preferred as some openssl
# versions do.
pass
示例6: from_string
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def from_string(key, password=b'notasecret'):
"""Construct a Signer instance from a string.
Args:
key: string, private key in PKCS12 or PEM format.
password: string, password for the private key file.
Returns:
Signer instance.
Raises:
OpenSSL.crypto.Error if the key can't be parsed.
"""
key = _to_bytes(key)
parsed_pem_key = _parse_pem_key(key)
if parsed_pem_key:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
else:
password = _to_bytes(password, encoding='utf-8')
pkey = crypto.load_pkcs12(key, password).get_privatekey()
return OpenSSLSigner(pkey)
示例7: test_sign
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_sign(self):
root = parse_xml("data/unsigned-sample.xml")
sign = root.xpath("//ds:Signature", namespaces={"ds": xmlsig.constants.DSigNs})[
0
]
policy = GenericPolicyId(
"http://www.facturae.es/politica_de_firma_formato_facturae/"
"politica_de_firma_formato_facturae_v3_1.pdf",
u"Politica de Firma FacturaE v3.1",
xmlsig.constants.TransformSha1,
)
ctx = XAdESContext(policy)
with open(path.join(BASE_DIR, "data/keyStore.p12"), "rb") as key_file:
ctx.load_pkcs12(crypto.load_pkcs12(key_file.read()))
with patch("xades.policy.urllib.urlopen") as mock:
mock.return_value = UrllibMock()
ctx.sign(sign)
ctx.verify(sign)
示例8: dump_pkcs12_cert
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def dump_pkcs12_cert(self, password: str):
"""Get the private key and cert from pkcs12 cert
Args:
password (str): Password for certificate
Returns:
Chepy: The Chepy object.
"""
if isinstance(password, str):
password = password.encode()
pk12 = _pyssl_crypto.load_pkcs12(self._convert_to_bytes(), password)
self.state = {
"private": _pyssl_crypto.dump_privatekey(
_pyssl_crypto.FILETYPE_PEM, pk12.get_privatekey()
),
"cert": _pyssl_crypto.dump_certificate(
_pyssl_crypto.FILETYPE_PEM, pk12.get_certificate()
),
}
return self
示例9: from_string
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def from_string(key, password=b'notasecret'):
"""Construct a Signer instance from a string.
Args:
key: string, private key in PKCS12 or PEM format.
password: string, password for the private key file.
Returns:
Signer instance.
Raises:
OpenSSL.crypto.Error if the key can't be parsed.
"""
key = _helpers._to_bytes(key)
parsed_pem_key = _helpers._parse_pem_key(key)
if parsed_pem_key:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
else:
password = _helpers._to_bytes(password, encoding='utf-8')
pkey = crypto.load_pkcs12(key, password).get_privatekey()
return OpenSSLSigner(pkey)
示例10: extrair_certificado_a1
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def extrair_certificado_a1(self, arquivo, senha):
'''
Extrai o conteúdo do certificado A1
@param arquivo:arquivo binário do certificado
@param senha: senha do certificado.
@return: dicionário com a string do certificado, chave privada, emissor, proprietario, data_inicio_validade e
data_final_validade.
'''
conteudo_pkcs12 = crypto.load_pkcs12(arquivo, senha)
key_str = crypto.dump_privatekey(crypto.FILETYPE_PEM, conteudo_pkcs12.get_privatekey())
cert_str = crypto.dump_certificate(crypto.FILETYPE_PEM, conteudo_pkcs12.get_certificate())
certificado = Certificado()
certificado.prepara_certificado_txt(cert_str.decode('utf-8'))
vals = {'cert': cert_str.decode('utf-8'),
'key': key_str.decode('utf-8'),
'emissor': certificado.emissor.get('OU'),
'proprietario': certificado.proprietario.get('CN'),
'data_inicio_validade': certificado.data_inicio_validade,
'data_final_validade': certificado.data_fim_validade,
}
return vals
示例11: _dump_pfx
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def _dump_pfx(self, pfx, cert_filename, key_filename):
p12 = crypto.load_pkcs12(base64.decodestring(pfx))
pk = crypto.dump_privatekey(crypto.FILETYPE_PEM, p12.get_privatekey())
if os.getenv('DOWNLOAD_CA_CERTIFICATES','true').lower() == "true":
certs = (p12.get_certificate(),) + (p12.get_ca_certificates() or ())
else:
certs = (p12.get_certificate(),)
if (cert_filename == key_filename):
key_path = os.path.join(self._keys_output_folder, key_filename)
cert_path = os.path.join(self._certs_output_folder, cert_filename)
else:
# write to certs_keys folder when cert_filename and key_filename specified
key_path = os.path.join(self._cert_keys_output_folder, key_filename)
cert_path = os.path.join(self._cert_keys_output_folder, cert_filename)
_logger.info('Dumping key value to: %s', key_path)
with open(key_path, 'w') as key_file:
key_file.write(pk)
_logger.info('Dumping certs to: %s', cert_path)
with open(cert_path, 'w') as cert_file:
for cert in certs:
cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
示例12: test_key_only
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_key_only(self):
"""
A `PKCS12` with only a private key can be exported using
`PKCS12.export` and loaded again using `load_pkcs12`.
"""
passwd = b"blah"
p12 = PKCS12()
pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
p12.set_privatekey(pkey)
assert None is p12.get_certificate()
assert pkey == p12.get_privatekey()
try:
dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
except Error:
# Some versions of OpenSSL will throw an exception
# for this nearly useless PKCS12 we tried to generate:
# [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
return
p12 = load_pkcs12(dumped_p12, passwd)
assert None is p12.get_ca_certificates()
assert None is p12.get_certificate()
# OpenSSL fails to bring the key back to us. So sad. Perhaps in the
# future this will be improved.
assert isinstance(p12.get_privatekey(), (PKey, type(None)))
示例13: test_load_pkcs12
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_load_pkcs12(self):
"""
A PKCS12 string generated using the openssl command line can be loaded
with `load_pkcs12` and its components extracted and examined.
"""
passwd = b"whatever"
pem = client_key_pem + client_cert_pem
p12_str = _runopenssl(
pem,
b"pkcs12",
b"-export",
b"-clcerts",
b"-passout",
b"pass:" + passwd
)
p12 = load_pkcs12(p12_str, passphrase=passwd)
self.verify_pkcs12_container(p12)
示例14: test_load_pkcs12_text_passphrase
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_load_pkcs12_text_passphrase(self):
"""
A PKCS12 string generated using the openssl command line can be loaded
with `load_pkcs12` and its components extracted and examined.
Using text as passphrase instead of bytes. DeprecationWarning expected.
"""
pem = client_key_pem + client_cert_pem
passwd = b"whatever"
p12_str = _runopenssl(pem, b"pkcs12", b"-export", b"-clcerts",
b"-passout", b"pass:" + passwd)
with pytest.warns(DeprecationWarning) as w:
simplefilter("always")
p12 = load_pkcs12(p12_str, passphrase=b"whatever".decode("ascii"))
assert (
"{0} for passphrase is no longer accepted, use bytes".format(
WARNING_TYPE_EXPECTED
) == str(w[-1].message))
self.verify_pkcs12_container(p12)
示例15: test_load_without_mac
# 需要导入模块: from OpenSSL import crypto [as 别名]
# 或者: from OpenSSL.crypto import load_pkcs12 [as 别名]
def test_load_without_mac(self):
"""
Loading a PKCS12 without a MAC does something other than crash.
"""
passwd = b"Lake Michigan"
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
try:
recovered_p12 = load_pkcs12(dumped_p12, passwd)
# The person who generated this PCKS12 should be flogged,
# or better yet we should have a means to determine
# whether a PCKS12 had a MAC that was verified.
# Anyway, libopenssl chooses to allow it, so the
# pyopenssl binding does as well.
assert isinstance(recovered_p12, PKCS12)
except Error:
# Failing here with an exception is preferred as some openssl
# versions do.
pass