当前位置: 首页>>代码示例>>Python>>正文


Python x509.BasicConstraints方法代码示例

本文整理汇总了Python中cryptography.x509.BasicConstraints方法的典型用法代码示例。如果您正苦于以下问题:Python x509.BasicConstraints方法的具体用法?Python x509.BasicConstraints怎么用?Python x509.BasicConstraints使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cryptography.x509的用法示例。


在下文中一共展示了x509.BasicConstraints方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: build_csr

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def build_csr(self, hostname, **kwargs):
        realm = self.plugin.ipa.env.realm
        builder = x509.CertificateSigningRequestBuilder()
        builder = builder.subject_name(
            x509.Name([
                x509.NameAttribute(oid.NameOID.COMMON_NAME, hostname),
                x509.NameAttribute(oid.NameOID.ORGANIZATION_NAME, realm),
            ])
        )
        build = builder.add_extension(
            x509.BasicConstraints(ca=False, path_length=None), critical=True,
        )
        build = builder.add_extension(
            x509.ExtendedKeyUsage([TLS_SERVERAUTH]), critical=True
        )
        builder = build.add_extension(
            x509.SubjectAlternativeName([x509.DNSName(hostname)]),
            critical=False
        )
        return builder

    # pylint: disable=arguments-differ 
开发者ID:latchset,项目名称:custodia,代码行数:24,代码来源:certrequest.py

示例2: create_cert_builder

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def create_cert_builder(subject, issuer_name, public_key, days=365, is_ca=False):
    """
    The method to create a builder for all types of certificates.
    :param subject: The subject of the certificate.
    :param issuer_name: The name of the issuer.
    :param public_key: The public key of the certificate.
    :param days: The number of days for which the certificate is valid. The default is 1 year or 365 days.
    :param is_ca: Boolean to indicate if a cert is ca or non ca.
    :return: The certificate builder.
    :rtype: :class `x509.CertificateBuilder`
    """
    builder = x509.CertificateBuilder()

    builder = builder.subject_name(subject)
    builder = builder.issuer_name(issuer_name)
    builder = builder.public_key(public_key)
    builder = builder.not_valid_before(datetime.today())

    builder = builder.not_valid_after(datetime.today() + timedelta(days=days))
    builder = builder.serial_number(int(uuid.uuid4()))
    builder = builder.add_extension(
        x509.BasicConstraints(ca=is_ca, path_length=None), critical=True
    )
    return builder 
开发者ID:Azure,项目名称:azure-iot-sdk-python,代码行数:26,代码来源:create_x509_chain_crypto.py

示例3: create_self_signed_certificate

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def create_self_signed_certificate(subject_name, private_key, days_valid=365):
    subject = x509.Name([
        x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."),
        x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name)
    ])
    certificate = x509.CertificateBuilder().subject_name(
        subject
    ).issuer_name(
        subject
    ).public_key(
        private_key.public_key()
    ).serial_number(
        x509.random_serial_number()
    ).add_extension(
        x509.BasicConstraints(ca=True, path_length=None), critical=True
    ).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=days_valid)
    ).sign(private_key, hashes.SHA256(), backends.default_backend())

    return certificate 
开发者ID:OpenKMIP,项目名称:PyKMIP,代码行数:24,代码来源:create_certificates.py

示例4: certificate

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate:
    b = x509.CertificateBuilder()
    name = x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
        x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"),
    ])

    cer = b.subject_name(name).issuer_name(name).public_key(
        private_key.public_key()
    ).serial_number(1).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=10)
    ).add_extension(
        x509.BasicConstraints(ca=False, path_length=None), True
    ).sign(private_key, hashes.SHA256(), default_backend())

    return cer 
开发者ID:cmdmnt,项目名称:commandment,代码行数:23,代码来源:conftest.py

示例5: ca_cert_builder

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def ca_cert_builder(
        public_key,
        common_name="Root CA",
        issuer=None,
        basic_constraints=x509.BasicConstraints(
            ca=True, path_length=None),
        key_usage=cert_key_usage(
            key_cert_sign=True),
        subject_alternative_names=None,
        not_valid_before=None,
        not_valid_after=None,
        valid_days=3650,
        ):
    return cert_builder(
        public_key=public_key,
        common_name=common_name,
        issuer=issuer,
        basic_constraints=basic_constraints,
        key_usage=key_usage,
        subject_alternative_names=subject_alternative_names,
        not_valid_before=not_valid_before,
        not_valid_after=not_valid_after,
        valid_days=valid_days,
    ) 
开发者ID:dcos,项目名称:dcos-e2e,代码行数:26,代码来源:tls.py

示例6: _generate_csr

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def _generate_csr(cls, cn, private_key, passphrase=None):
        pk = serialization.load_pem_private_key(
            data=private_key, password=passphrase,
            backend=backends.default_backend())
        csr = x509.CertificateSigningRequestBuilder().subject_name(
            x509.Name([
                x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, cn),
            ])
        )
        csr = csr.add_extension(
            x509.BasicConstraints(
                ca=False,
                path_length=None
            ),
            critical=True
        )
        csr = csr.add_extension(
            x509.KeyUsage(
                digital_signature=True,
                key_encipherment=True,
                data_encipherment=True,
                key_agreement=True,
                content_commitment=False,
                key_cert_sign=False,
                crl_sign=False,
                encipher_only=False,
                decipher_only=False
            ),
            critical=True
        )
        csr = csr.add_extension(
            x509.SubjectAlternativeName([x509.DNSName(cn)]),
            critical=False
        )
        signed_csr = csr.sign(
            pk,
            getattr(hashes, CONF.certificates.signing_digest.upper())(),
            backends.default_backend())
        return signed_csr.public_bytes(serialization.Encoding.PEM) 
开发者ID:openstack,项目名称:octavia,代码行数:41,代码来源:local.py

示例7: test_sign_cert

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def test_sign_cert(self):
        # Attempt sign a cert
        signed_cert = self.cert_generator.sign_cert(
            csr=self.certificate_signing_request,
            validity=2 * 365 * 24 * 60 * 60,
            ca_cert=self.ca_certificate,
            ca_key=self.ca_private_key,
            ca_key_pass=self.ca_private_key_passphrase,
            ca_digest=self.signing_digest
        )

        self.assertIn("-----BEGIN CERTIFICATE-----",
                      signed_cert.decode('ascii'))

        # Load the cert for specific tests
        cert = x509.load_pem_x509_certificate(
            data=signed_cert, backend=backends.default_backend())

        # Make sure expiry time is accurate
        should_expire = (datetime.datetime.utcnow() +
                         datetime.timedelta(seconds=2 * 365 * 24 * 60 * 60))
        diff = should_expire - cert.not_valid_after
        self.assertLess(diff, datetime.timedelta(seconds=10))

        # Make sure this is a version 3 X509.
        self.assertEqual('v3', cert.version.name)

        # Make sure this cert is marked as Server and Client Cert via the
        # extended Key Usage extension
        self.assertIn(x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
                      cert.extensions.get_extension_for_class(
                          x509.ExtendedKeyUsage).value._usages)
        self.assertIn(x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH,
                      cert.extensions.get_extension_for_class(
                          x509.ExtendedKeyUsage).value._usages)

        # Make sure this cert can't sign other certs
        self.assertFalse(cert.extensions.get_extension_for_class(
            x509.BasicConstraints).value.ca) 
开发者ID:openstack,项目名称:octavia,代码行数:41,代码来源:test_local.py

示例8: certificate_template

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def certificate_template(
    subject: x509.name.Name,
    issuer: x509.name.Name,
    public_key: x509.name.Name,
    certauthority: bool = False,
) -> x509.base.CertificateBuilder:

    if certauthority:
        not_valid_after = datetime.datetime.utcnow() + datetime.timedelta(days=365 * 10)

    else:  # shorter valid length for on-the-fly certificates
        not_valid_after = datetime.datetime.utcnow() + datetime.timedelta(days=7)

    return (
        x509.CertificateBuilder()
        .subject_name(subject)
        .issuer_name(issuer)
        .public_key(public_key)
        .serial_number(x509.random_serial_number())
        .not_valid_before(datetime.datetime.utcnow())
        .not_valid_after(not_valid_after)
        .add_extension(
            x509.SubjectAlternativeName([x509.DNSName("localhost")]), critical=True
        )
        .add_extension(
            x509.BasicConstraints(ca=certauthority, path_length=None), critical=True
        )
    ) 
开发者ID:equinor,项目名称:webviz-config,代码行数:30,代码来源:_certificate_generator.py

示例9: _decode_basic_constraints

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def _decode_basic_constraints(backend, bc_st):
    basic_constraints = backend._ffi.cast("BASIC_CONSTRAINTS *", bc_st)
    basic_constraints = backend._ffi.gc(
        basic_constraints, backend._lib.BASIC_CONSTRAINTS_free
    )
    # The byte representation of an ASN.1 boolean true is \xff. OpenSSL
    # chooses to just map this to its ordinal value, so true is 255 and
    # false is 0.
    ca = basic_constraints.ca == 255
    if basic_constraints.pathlen == backend._ffi.NULL:
        path_length = None
    else:
        path_length = backend._asn1_integer_to_int(basic_constraints.pathlen)

    return x509.BasicConstraints(ca, path_length) 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:17,代码来源:x509.py

示例10: _decode_basic_constraints

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def _decode_basic_constraints(backend, bc_st):
    basic_constraints = backend._ffi.cast("BASIC_CONSTRAINTS *", bc_st)
    basic_constraints = backend._ffi.gc(
        basic_constraints, backend._lib.BASIC_CONSTRAINTS_free
    )
    # The byte representation of an ASN.1 boolean true is \xff. OpenSSL
    # chooses to just map this to its ordinal value, so true is 255 and
    # false is 0.
    ca = basic_constraints.ca == 255
    path_length = _asn1_integer_to_int_or_none(
        backend, basic_constraints.pathlen
    )

    return x509.BasicConstraints(ca, path_length) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:16,代码来源:decode_asn1.py

示例11: create_csr

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def create_csr(private_key, csr_file, subject, is_ca=False):
    """
    Method to create a certificate signing request.
    :param private_key: The private key to the certificate.
    :param csr_file: The file name of the certificate signing request.
    :param subject: The subject fo the certificate signing request.
    :param is_ca: Boolean to indicate if a cert is ca or non ca.
    :return: The certificate signing request.
    :rtype: :class `x509.CertificateSigningRequest`
    """
    builder = (
        x509.CertificateSigningRequestBuilder()
        .subject_name(
            x509.Name(
                [
                    # Provide various details about who we are.
                    x509.NameAttribute(NameOID.COMMON_NAME, str.encode(subject).decode("utf-8"))
                ]
            )
        )
        .add_extension(x509.BasicConstraints(ca=is_ca, path_length=None), critical=False)
    )

    csr = builder.sign(
        private_key=private_key, algorithm=hashes.SHA256(), backend=default_backend()
    )

    with open(csr_file, "wb") as f:
        f.write(csr.public_bytes(serialization.Encoding.PEM))

    return csr 
开发者ID:Azure,项目名称:azure-iot-sdk-python,代码行数:33,代码来源:create_x509_chain_crypto.py

示例12: _generate_ca_cert

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def _generate_ca_cert(self):
        """
        Generate a CA cert/key.
        """
        if self._ca_key is None:
            self._ca_key = generate_private_key(u'rsa')
        self._ca_name = x509.Name([
            x509.NameAttribute(NameOID.COMMON_NAME, u'ACME Snake Oil CA')])
        self._ca_cert = (
            x509.CertificateBuilder()
            .subject_name(self._ca_name)
            .issuer_name(self._ca_name)
            .not_valid_before(self._now() - timedelta(seconds=3600))
            .not_valid_after(self._now() + timedelta(days=3650))
            .public_key(self._ca_key.public_key())
            .serial_number(int(uuid4()))
            .add_extension(
                x509.BasicConstraints(ca=True, path_length=0),
                critical=True)
            .add_extension(
                x509.SubjectKeyIdentifier.from_public_key(
                    self._ca_key.public_key()),
                critical=False)
            .sign(
                private_key=self._ca_key,
                algorithm=hashes.SHA256(),
                backend=default_backend()))
        self._ca_aki = x509.AuthorityKeyIdentifier.from_issuer_public_key(
            self._ca_key.public_key()) 
开发者ID:twisted,项目名称:txacme,代码行数:31,代码来源:testing.py

示例13: _deserialize

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def _deserialize(self, value, attr, data):
        ca = value.get("ca", False)
        path_length = value.get("path_length", None)

        if ca:
            if not isinstance(path_length, (type(None), int)):
                raise ValidationError(
                    "A CA certificate path_length (for BasicConstraints) must be None or an integer."
                )
            return x509.BasicConstraints(ca=True, path_length=path_length)
        else:
            return x509.BasicConstraints(ca=False, path_length=None) 
开发者ID:Netflix,项目名称:lemur,代码行数:14,代码来源:fields.py

示例14: generate_selfsigned_cert

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def generate_selfsigned_cert(hostname="/CN=Chia Blockchain CA", key=None):
    """Generates self signed certificate for a hostname, and optional IP addresses."""

    # Generate our key
    if key is None:
        key = rsa.generate_private_key(
            public_exponent=65537, key_size=2048, backend=default_backend(),
        )

    name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)])

    # path_len=0 means this cert can only sign itself, not other certs.
    basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
    now = datetime.utcnow()
    cert = (
        x509.CertificateBuilder()
        .subject_name(name)
        .issuer_name(name)
        .public_key(key.public_key())
        .serial_number(1000)
        .not_valid_before(now)
        .not_valid_after(now + timedelta(days=10 * 365))
        .add_extension(basic_contraints, False)
        .sign(key, hashes.SHA256(), default_backend())
    )
    cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
    key_pem = key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.TraditionalOpenSSL,
        encryption_algorithm=serialization.NoEncryption(),
    )

    return cert_pem.decode(), key_pem.decode() 
开发者ID:Chia-Network,项目名称:chia-blockchain,代码行数:35,代码来源:create_ssl.py

示例15: generate_cert

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import BasicConstraints [as 别名]
def generate_cert(service, namespace, private_key):
    name = x509.Name([
        x509.NameAttribute(x509.oid.NameOID.COMMON_NAME,
                           "{0}.{1}.svc".format(service, namespace))
    ])

    subj_alternative_names = x509.SubjectAlternativeName([
        x509.DNSName("{0}".format(service)),
        x509.DNSName("{0}.{1}".format(service, namespace)),
        x509.DNSName("{0}.{1}.svc".format(service, namespace)),
    ])

    constraints = x509.BasicConstraints(ca=True, path_length=None)

    now = datetime.now()

    cert_builder = x509.CertificateBuilder()
    cert_builder = (cert_builder.subject_name(name)
                                .issuer_name(name)
                                .add_extension(subj_alternative_names, False)
                                .add_extension(constraints, False)
                                .not_valid_before(now)
                                .not_valid_after(now + timedelta(days=36500))
                                .public_key(private_key.public_key())
                                .serial_number(x509.random_serial_number()))

    cert = cert_builder.sign(private_key, hashes.SHA256(), default_backend())
    return cert 
开发者ID:intel,项目名称:CPU-Manager-for-Kubernetes,代码行数:30,代码来源:util.py


注:本文中的cryptography.x509.BasicConstraints方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。