当前位置: 首页>>代码示例>>Python>>正文


Python x509.CRLReason方法代码示例

本文整理汇总了Python中cryptography.x509.CRLReason方法的典型用法代码示例。如果您正苦于以下问题:Python x509.CRLReason方法的具体用法?Python x509.CRLReason怎么用?Python x509.CRLReason使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cryptography.x509的用法示例。


在下文中一共展示了x509.CRLReason方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _decode_inhibit_any_policy

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CRLReason [as 别名]
def _decode_inhibit_any_policy(backend, asn1_int):
    asn1_int = backend._ffi.cast("ASN1_INTEGER *", asn1_int)
    asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free)
    skip_certs = _asn1_integer_to_int(backend, asn1_int)
    return x509.InhibitAnyPolicy(skip_certs)


#    CRLReason ::= ENUMERATED {
#        unspecified             (0),
#        keyCompromise           (1),
#        cACompromise            (2),
#        affiliationChanged      (3),
#        superseded              (4),
#        cessationOfOperation    (5),
#        certificateHold         (6),
#             -- value 7 is not used
#        removeFromCRL           (8),
#        privilegeWithdrawn      (9),
#        aACompromise           (10) } 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:21,代码来源:decode_asn1.py

示例2: get_revocation

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CRLReason [as 别名]
def get_revocation(self):
        if self.revoked is False:
            raise ValueError('Certificate is not revoked.')

        revoked_cert = x509.RevokedCertificateBuilder().serial_number(
            self.x509.serial_number).revocation_date(self.revoked_date)

        reason = self.get_revocation_reason()
        if reason != x509.ReasonFlags.unspecified:
            # RFC 5270, 5.3.1: "reason code CRL entry extension SHOULD be absent instead of using the
            # unspecified (0) reasonCode value"
            revoked_cert = revoked_cert.add_extension(x509.CRLReason(reason), critical=False)

        compromised = self.get_compromised_time()
        if compromised:
            # RFC 5280, 5.3.2 says that this extension MUST be non-critical
            revoked_cert = revoked_cert.add_extension(x509.InvalidityDate(compromised), critical=False)

        return revoked_cert.build(default_backend()) 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:21,代码来源:models.py

示例3: _decode_crl_reason

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CRLReason [as 别名]
def _decode_crl_reason(backend, enum):
    enum = backend._ffi.cast("ASN1_ENUMERATED *", enum)
    enum = backend._ffi.gc(enum, backend._lib.ASN1_ENUMERATED_free)
    code = backend._lib.ASN1_ENUMERATED_get(enum)

    try:
        return x509.CRLReason(_CRL_ENTRY_REASON_CODE_TO_ENUM[code])
    except KeyError:
        raise ValueError("Unsupported reason code: {0}".format(code)) 
开发者ID:proxysh,项目名称:Safejumper-for-Desktop,代码行数:11,代码来源:decode_asn1.py

示例4: _decode_precert_signed_certificate_timestamps

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CRLReason [as 别名]
def _decode_precert_signed_certificate_timestamps(backend, asn1_scts):
    from cryptography.hazmat.backends.openssl.x509 import (
        _SignedCertificateTimestamp
    )
    asn1_scts = backend._ffi.cast("Cryptography_STACK_OF_SCT *", asn1_scts)
    asn1_scts = backend._ffi.gc(asn1_scts, backend._lib.SCT_LIST_free)

    scts = []
    for i in range(backend._lib.sk_SCT_num(asn1_scts)):
        sct = backend._lib.sk_SCT_value(asn1_scts, i)

        scts.append(_SignedCertificateTimestamp(backend, asn1_scts, sct))
    return x509.PrecertificateSignedCertificateTimestamps(scts)


#    CRLReason ::= ENUMERATED {
#        unspecified             (0),
#        keyCompromise           (1),
#        cACompromise            (2),
#        affiliationChanged      (3),
#        superseded              (4),
#        cessationOfOperation    (5),
#        certificateHold         (6),
#             -- value 7 is not used
#        removeFromCRL           (8),
#        privilegeWithdrawn      (9),
#        aACompromise           (10) } 
开发者ID:tp4a,项目名称:teleport,代码行数:29,代码来源:decode_asn1.py

示例5: _decode_crl_reason

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CRLReason [as 别名]
def _decode_crl_reason(backend, enum):
    enum = backend._ffi.cast("ASN1_ENUMERATED *", enum)
    enum = backend._ffi.gc(enum, backend._lib.ASN1_ENUMERATED_free)
    code = backend._lib.ASN1_ENUMERATED_get(enum)

    try:
        return x509.CRLReason(_CRL_ENTRY_REASON_CODE_TO_ENUM[code])
    except KeyError:
        raise ValueError("Unsupported reason code: {}".format(code)) 
开发者ID:tp4a,项目名称:teleport,代码行数:11,代码来源:decode_asn1.py

示例6: crl_verify

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CRLReason [as 别名]
def crl_verify(cert, cert_path):
    """
    Attempts to verify a certificate using CRL.

    :param cert:
    :param cert_path:
    :return: True if certificate is valid, False otherwise
    :raise Exception: If certificate does not have CRL
    """
    try:
        distribution_points = cert.extensions.get_extension_for_oid(
            x509.OID_CRL_DISTRIBUTION_POINTS
        ).value
    except x509.ExtensionNotFound:
        current_app.logger.debug(
            "No CRLDP extension in certificate {}".format(cert.serial_number)
        )
        return None

    for p in distribution_points:
        point = p.full_name[0].value

        if point not in crl_cache:
            current_app.logger.debug("Retrieving CRL: {}".format(point))
            try:
                response = requests.get(point)

                if response.status_code != 200:
                    raise Exception("Unable to retrieve CRL: {0}".format(point))
            except InvalidSchema:
                # Unhandled URI scheme (like ldap://); skip this distribution point.
                continue
            except ConnectionError:
                raise Exception("Unable to retrieve CRL: {0}".format(point))

            crl_cache[point] = x509.load_der_x509_crl(
                response.content, backend=default_backend()
            )
        else:
            current_app.logger.debug("CRL point is cached {}".format(point))

        for r in crl_cache[point]:
            if cert.serial_number == r.serial_number:
                try:
                    reason = r.extensions.get_extension_for_class(x509.CRLReason).value
                    # Handle "removeFromCRL" revoke reason as unrevoked;
                    # continue with the next distribution point.
                    # Per RFC 5280 section 6.3.3 (k):
                    #  https://tools.ietf.org/html/rfc5280#section-6.3.3
                    if reason == x509.ReasonFlags.remove_from_crl:
                        break
                except x509.ExtensionNotFound:
                    pass

                current_app.logger.debug(
                    "CRL reports certificate " "revoked: {}".format(cert.serial_number)
                )
                return False

    return True 
开发者ID:Netflix,项目名称:lemur,代码行数:62,代码来源:verify.py


注:本文中的cryptography.x509.CRLReason方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。