本文整理汇总了Python中cryptography.x509.CertificateSigningRequest方法的典型用法代码示例。如果您正苦于以下问题:Python x509.CertificateSigningRequest方法的具体用法?Python x509.CertificateSigningRequest怎么用?Python x509.CertificateSigningRequest使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.x509的用法示例。
在下文中一共展示了x509.CertificateSigningRequest方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: from_cryptography
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def from_cryptography(cls, crypto_req):
"""
Construct based on a ``cryptography`` *crypto_req*.
:param crypto_req: A ``cryptography`` X.509 certificate signing request
:type crypto_req: ``cryptography.x509.CertificateSigningRequest``
:rtype: X509Req
.. versionadded:: 17.1.0
"""
if not isinstance(crypto_req, x509.CertificateSigningRequest):
raise TypeError("Must be a certificate signing request")
req = cls()
req._req = crypto_req._x509_req
return req 示例2: from_crypto
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def from_crypto(cls, csr: x509.CertificateSigningRequest):
# type: (type, x509.CertificateSigningRequest, CertificateType) -> Certificate
m = cls()
m.pem_data = csr.public_bytes(serialization.Encoding.PEM)
m.not_before = datetime.datetime.utcnow()
m.not_after = datetime.datetime.utcnow() + datetime.timedelta(days=700)
h = hashes.Hash(hashes.SHA256(), default_backend())
h.update(m.pem_data)
m.fingerprint = h.finalize()
m.discriminator = CertificateType.CSR.value
subject: x509.Name = csr.subject
cns = subject.get_attributes_for_oid(NameOID.COMMON_NAME)
if cns is not None:
m.x509_cn = cns[0].value
return m 示例3: create_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def create_csr(private_key, csr_file, subject, is_ca=False):
"""
Method to create a certificate signing request.
:param private_key: The private key to the certificate.
:param csr_file: The file name of the certificate signing request.
:param subject: The subject fo the certificate signing request.
:param is_ca: Boolean to indicate if a cert is ca or non ca.
:return: The certificate signing request.
:rtype: :class `x509.CertificateSigningRequest`
"""
builder = (
x509.CertificateSigningRequestBuilder()
.subject_name(
x509.Name(
[
# Provide various details about who we are.
x509.NameAttribute(NameOID.COMMON_NAME, str.encode(subject).decode("utf-8"))
]
)
)
.add_extension(x509.BasicConstraints(ca=is_ca, path_length=None), critical=False)
)
csr = builder.sign(
private_key=private_key, algorithm=hashes.SHA256(), backend=default_backend()
)
with open(csr_file, "wb") as f:
f.write(csr.public_bytes(serialization.Encoding.PEM))
return csr 示例4: to_cryptography
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def to_cryptography(self):
"""
Export as a ``cryptography`` certificate signing request.
:rtype: ``cryptography.x509.CertificateSigningRequest``
.. versionadded:: 17.1.0
"""
from cryptography.hazmat.backends.openssl.x509 import (
_CertificateSigningRequest
)
backend = _get_backend()
return _CertificateSigningRequest(backend, self._req) 示例5: generate_signing_request
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def generate_signing_request(cn: str, dnsname: Optional[str] = None) -> (rsa.RSAPrivateKey, x509.CertificateSigningRequest):
"""Generate a Private Key + Certificate Signing Request using the given dnsname as the CN and SAN dNSName.
Args:
cn (str): The certificate common name
dnsname (str): The public facing dns name of the MDM server.
Returns:
Tuple of rsa private key, csr
"""
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend(),
)
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, cn),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment')
])
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(name)
if dnsname is not None:
san = x509.SubjectAlternativeName([
x509.DNSName(dnsname)
])
builder = builder.add_extension(san, critical=True)
builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)
request = builder.sign(
private_key,
hashes.SHA256(),
default_backend()
)
return private_key, request 示例6: csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def csr(private_key: rsa.RSAPrivateKey) -> x509.CertificateSigningRequest:
b = x509.CertificateSigningRequestBuilder()
req = b.subject_name(x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
x509.NameAttribute(NameOID.COMMON_NAME, u"Commandment"),
])).sign(private_key, hashes.SHA256(), default_backend())
return req 示例7: generate_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def generate_csr(self, private_key, subject_name, extensions=None):
"""Generate certificate signing request.
:param private_key: Private key
:param subject_name: Subject name
:type subject_name: x509.Name
:param extensions: (Default value = None)
return: x509.CertificateSigningRequest
"""
builder = x509.CertificateSigningRequestBuilder(
subject_name, [] if extensions is None else extensions)
return builder.sign(
private_key, self.sign_hash_algorithm, default_backend()) 示例8: parse_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def parse_csr(self, csr, csr_format):
if isinstance(csr, x509.CertificateSigningRequest):
return csr
elif csr_format == Encoding.PEM:
return x509.load_pem_x509_csr(force_bytes(csr), default_backend())
elif csr_format == Encoding.DER:
return x509.load_der_x509_csr(force_bytes(csr), default_backend())
raise ValueError('Unknown CSR format passed: %s' % csr_format) 示例9: create_cert
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def create_cert(self, ca, csr, csr_format=Encoding.PEM, profile=None, autogenerated=None, **kwargs):
"""Create and sign a new certificate based on the given profile.
Parameters
----------
ca : :py:class:`~django_ca.models.CertificateAuthority`
The certificate authority to sign the certificate with.
csr : str or :py:class:`~cg:cryptography.x509.CertificateSigningRequest`
A valid CSR. If not already a :py:class:`~cg:cryptography.x509.CertificateSigningRequest`, the
format is given by the ``csr_format`` parameter.
csr_format : :py:class:`~cg:cryptography.hazmat.primitives.serialization.Encoding`, optional
The format of the CSR. The default is ``PEM``.
profile : str or :py:class:`~django_ca.profiles.Profile`, optional
The name of a profile or a manually created :py:class:`~django_ca.profiles.Profile` instance. If
not given, the profile configured by :ref:`CA_DEFAULT_PROFILE <settings-ca-default-profile>` is
used.
autogenerated : bool, optional
Override the profiles ``autogenerated`` flag.
**kwargs
All other keyword arguments are passed to :py:func:`Profiles.create_cert()
<django_ca.profiles.Profile.create_cert>`.
"""
if not isinstance(profile, Profile):
profile = profiles[profile]
csr = self.parse_csr(csr, csr_format=csr_format)
cert = profile.create_cert(ca, csr, **kwargs)
c = self.model(ca=ca, csr=csr.public_bytes(Encoding.PEM).decode('utf-8'), profile=profile.name)
c.x509 = cert
if autogenerated is None:
c.autogenerated = profile.autogenerated
else:
c.autogenerated = autogenerated
c.save()
post_issue_cert.send(sender=self.model, cert=c)
return c 示例10: test_convert_to_cryptography_key
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def test_convert_to_cryptography_key(self):
req = load_certificate_request(
FILETYPE_PEM, cleartextCertificateRequestPEM
)
crypto_req = req.to_cryptography()
assert isinstance(crypto_req, x509.CertificateSigningRequest) 示例11: sign
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def sign(csr, issuer_name, ca_key, ca_key_password=None,
skip_validation=False):
"""Sign a given csr
:param csr: certificate signing request object or pem encoded csr
:param issuer_name: issuer name
:param ca_key: private key of CA
:param ca_key_password: private key password for given ca key
:param skip_validation: skip csr validation if true
:returns: generated certificate
"""
ca_key = _load_pem_private_key(ca_key, ca_key_password)
if not isinstance(issuer_name, six.text_type):
issuer_name = six.text_type(issuer_name.decode('utf-8'))
if isinstance(csr, six.text_type):
csr = six.b(str(csr))
if not isinstance(csr, x509.CertificateSigningRequest):
try:
csr = x509.load_pem_x509_csr(csr, backend=default_backend())
except ValueError:
LOG.exception("Received invalid csr %s.", csr)
raise exception.InvalidCsr(csr=csr)
term_of_validity = CONF.x509.term_of_validity
one_day = datetime.timedelta(1, 0, 0)
expire_after = datetime.timedelta(term_of_validity, 0, 0)
builder = x509.CertificateBuilder()
builder = builder.subject_name(csr.subject)
# issuer_name is set as common name
builder = builder.issuer_name(x509.Name([
x509.NameAttribute(x509.OID_COMMON_NAME, issuer_name),
]))
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
builder = builder.not_valid_after(datetime.datetime.today() + expire_after)
builder = builder.serial_number(int(uuid.uuid4()))
builder = builder.public_key(csr.public_key())
if skip_validation:
extensions = csr.extensions
else:
extensions = validator.filter_extensions(csr.extensions)
for extention in extensions:
builder = builder.add_extension(extention.value,
critical=extention.critical)
certificate = builder.sign(
private_key=ca_key, algorithm=hashes.SHA256(),
backend=default_backend()
).public_bytes(serialization.Encoding.PEM).strip()
return certificate 示例12: create_device_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def create_device_csr(self, common_name: str) -> (rsa.RSAPrivateKeyWithSerialization, x509.CertificateSigningRequest):
"""
Create a Certificate Signing Request with the specified Common Name.
The private key model is automatically committed to the database.
This is also true for the certificate signing request.
Args:
common_name (str): The certificate Common Name attribute
Returns:
Tuple[rsa.RSAPrivateKeyWithSerialization, x509.CertificateSigningRequest] - A tuple containing the RSA
Private key that was generated, along with the CSR.
"""
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend(),
)
private_key_model = RSAPrivateKey.from_crypto(private_key)
db.session.add(private_key_model)
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment')
])
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(name)
builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)
request = builder.sign(
private_key,
hashes.SHA256(),
default_backend()
)
csr_model = CertificateSigningRequest().from_crypto(request)
csr_model.rsa_private_key = private_key_model
db.session.add(csr_model)
db.session.commit()
return private_key, request 示例13: sign
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequest [as 别名]
def sign(self, request: x509.CertificateSigningRequest) -> x509.Certificate:
"""
Sign a Certificate Signing Request.
The issued certificate is automatically persisted to the database.
Args:
request (x509.CertificateSigningRequest): The CSR object (cryptography) not the SQLAlchemy model.
Returns:
x509.Certificate: A signed certificate
"""
b = x509.CertificateBuilder()
self.serial += 1
private_key_model = self.rsa_private_key
private_key = private_key_model.to_crypto()
# ca_certificate_model = self.certificate
# ca_certificate = ca_certificate_model.to_crypto()
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, self.common_name),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment')
])
cert = b.not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=self.validity_period)
).serial_number(
self.serial
).issuer_name(
name
).subject_name(
request.subject
).public_key(
request.public_key()
).sign(private_key, hashes.SHA256(), default_backend())
# cert_model = DeviceIdentityCertificate().from_crypto(cert)
# db.session.add(cert_model)
# db.session.commit()
return cert