本文整理汇总了Python中cryptography.x509.CertificateSigningRequestBuilder方法的典型用法代码示例。如果您正苦于以下问题:Python x509.CertificateSigningRequestBuilder方法的具体用法?Python x509.CertificateSigningRequestBuilder怎么用?Python x509.CertificateSigningRequestBuilder使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.x509
的用法示例。
在下文中一共展示了x509.CertificateSigningRequestBuilder方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: build_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def build_csr(self, hostname, **kwargs):
realm = self.plugin.ipa.env.realm
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(oid.NameOID.COMMON_NAME, hostname),
x509.NameAttribute(oid.NameOID.ORGANIZATION_NAME, realm),
])
)
build = builder.add_extension(
x509.BasicConstraints(ca=False, path_length=None), critical=True,
)
build = builder.add_extension(
x509.ExtendedKeyUsage([TLS_SERVERAUTH]), critical=True
)
builder = build.add_extension(
x509.SubjectAlternativeName([x509.DNSName(hostname)]),
critical=False
)
return builder
# pylint: disable=arguments-differ
示例2: generate_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def generate_csr(common_name, dnsnames, ips, keysize):
key = rsa.generate_private_key(
public_exponent=65537,
key_size=keysize,
backend=default_backend()
)
key_pem = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
csr = x509.CertificateSigningRequestBuilder()
csr = csr.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, common_name)]))
csr = csr.add_extension(
x509.SubjectAlternativeName(dnsnames + ips),
critical=False,
)
csr = csr.sign(key, hashes.SHA256(), default_backend())
csr_pem = csr.public_bytes(serialization.Encoding.PEM)
return key_pem, csr_pem
示例3: create_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def create_csr(key, domains, must_staple=False):
"""
Creates a CSR in DER format for the specified key and domain names.
"""
assert domains
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, domains[0]),
])
san = x509.SubjectAlternativeName([x509.DNSName(domain) for domain in domains])
csr = x509.CertificateSigningRequestBuilder().subject_name(name) \
.add_extension(san, critical=False)
if must_staple:
ocsp_must_staple = x509.TLSFeature(features=[x509.TLSFeatureType.status_request])
csr = csr.add_extension(ocsp_must_staple, critical=False)
csr = csr.sign(key, hashes.SHA256(), default_backend())
return export_csr_for_acme(csr)
示例4: generate_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def generate_csr(key, domainname):
private_key = serialization.load_pem_private_key(key, password=None,
backend=default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
# Provide various details about who we are.
x509.NameAttribute(NameOID.COUNTRY_NAME, u"BR"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"RJ"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Rio de Janeiro"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"globo.com"),
x509.NameAttribute(NameOID.COMMON_NAME, domainname),
])).add_extension(
x509.SubjectAlternativeName([x509.DNSName(domainname)]),
critical=False,
).sign(private_key, hashes.SHA256(), default_backend())
return csr.public_bytes(serialization.Encoding.PEM)
示例5: generate_csr_and_key
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def generate_csr_and_key():
"""Return a dict with a new csr and key."""
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"system:masters")
])).sign(key, hashes.SHA256(), default_backend())
result = {
'csr': csr.public_bytes(
encoding=serialization.Encoding.PEM).decode("utf-8"),
'key': key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()).decode("utf-8"),
}
return result
示例6: _generate_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def _generate_csr(cls, cn, private_key, passphrase=None):
pk = serialization.load_pem_private_key(
data=private_key, password=passphrase,
backend=backends.default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, cn),
])
)
csr = csr.add_extension(
x509.BasicConstraints(
ca=False,
path_length=None
),
critical=True
)
csr = csr.add_extension(
x509.KeyUsage(
digital_signature=True,
key_encipherment=True,
data_encipherment=True,
key_agreement=True,
content_commitment=False,
key_cert_sign=False,
crl_sign=False,
encipher_only=False,
decipher_only=False
),
critical=True
)
csr = csr.add_extension(
x509.SubjectAlternativeName([x509.DNSName(cn)]),
critical=False
)
signed_csr = csr.sign(
pk,
getattr(hashes, CONF.certificates.signing_digest.upper())(),
backends.default_backend())
return signed_csr.public_bytes(serialization.Encoding.PEM)
示例7: setUp
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def setUp(self):
self.signing_digest = "sha256"
# Set up CSR data
csr_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=backends.default_backend()
)
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, u"test"),
])).sign(csr_key, hashes.SHA256(), backends.default_backend())
self.certificate_signing_request = csr.public_bytes(
serialization.Encoding.PEM)
# Set up keys
self.ca_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=backends.default_backend()
)
self.ca_private_key_passphrase = b"Testing"
self.ca_private_key = self.ca_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(
self.ca_private_key_passphrase),
)
super(BaseLocalCSRTestCase, self).setUp()
示例8: serialize
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def serialize(self,
# password=None,
country=u"US",
state=u"CA",
city=u"San Francisco",
company=u"Lokey Examle",
common_name=u"example.com"):
# This should be handled already
# if not password:
# password = None
key = serialization.load_pem_private_key(
self.to('pem'),
password=None,
backend=default_backend())
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, country),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
x509.NameAttribute(NameOID.LOCALITY_NAME, city),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, company),
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
])
cert = x509.CertificateSigningRequestBuilder().subject_name(
subject
).sign(key, hashes.SHA256(), default_backend())
return cert.public_bytes(serialization.Encoding.PEM)
示例9: generate_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def generate_csr(self):
if not self.private_key:
key = rsa.generate_private_key(
public_exponent=65537,
key_size=self.key_size,
backend=default_backend(),
)
else:
key = self.private_key
csr_builder = x509.CertificateSigningRequestBuilder(
subject_name=self.subject_name
)
if self.ip_addr_list:
csr_builder = csr_builder.add_extension(
self.subject_alt_name, critical=True
)
csr = csr_builder.sign(key, hashes.SHA256(), default_backend())
self.pem_csr = csr.public_bytes(serialization.Encoding.PEM)
self.pem_private_key = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
return csr
示例10: create_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def create_csr(private_key, csr_file, subject, is_ca=False):
"""
Method to create a certificate signing request.
:param private_key: The private key to the certificate.
:param csr_file: The file name of the certificate signing request.
:param subject: The subject fo the certificate signing request.
:param is_ca: Boolean to indicate if a cert is ca or non ca.
:return: The certificate signing request.
:rtype: :class `x509.CertificateSigningRequest`
"""
builder = (
x509.CertificateSigningRequestBuilder()
.subject_name(
x509.Name(
[
# Provide various details about who we are.
x509.NameAttribute(NameOID.COMMON_NAME, str.encode(subject).decode("utf-8"))
]
)
)
.add_extension(x509.BasicConstraints(ca=is_ca, path_length=None), critical=False)
)
csr = builder.sign(
private_key=private_key, algorithm=hashes.SHA256(), backend=default_backend()
)
with open(csr_file, "wb") as f:
f.write(csr.public_bytes(serialization.Encoding.PEM))
return csr
示例11: csr_for_names
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def csr_for_names(names, key):
"""
Generate a certificate signing request for the given names and private key.
.. seealso:: `acme.client.Client.request_issuance`
.. seealso:: `generate_private_key`
:param ``List[str]``: One or more names (subjectAltName) for which to
request a certificate.
:param key: A Cryptography private key object.
:rtype: `cryptography.x509.CertificateSigningRequest`
:return: The certificate request message.
"""
if len(names) == 0:
raise ValueError('Must have at least one name')
if len(names[0]) > 64:
common_name = u'san.too.long.invalid'
else:
common_name = names[0]
return (
x509.CertificateSigningRequestBuilder()
.subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, common_name)]))
.add_extension(
x509.SubjectAlternativeName(list(map(x509.DNSName, names))),
critical=False)
.sign(key, hashes.SHA256(), default_backend()))
示例12: _generate_csr_and_key
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def _generate_csr_and_key(self):
"""Return a dict with a new csr and key."""
from cryptography.hazmat import backends
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography import x509
from cryptography.x509.oid import NameOID
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=backends.default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME,
u"system:masters")
])).sign(key, hashes.SHA256(), backends.default_backend())
result = {
"csr": csr.public_bytes(encoding=serialization.Encoding.PEM),
"key": key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()),
}
return result
示例13: _build_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def _build_csr(self, private_key):
csr = c_x509.CertificateSigningRequestBuilder()
csr = csr.subject_name(c_x509.Name([
c_x509.NameAttribute(NameOID.COMMON_NAME, self.subject_name)
]))
return csr.sign(private_key, hashes.SHA256(), default_backend())
示例14: generate_csr_and_key
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def generate_csr_and_key(common_name):
"""Return a dict with a new csr, public key and private key."""
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend())
public_key = private_key.public_key()
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, common_name),
])).sign(private_key, hashes.SHA256(), default_backend())
result = {
'csr': csr.public_bytes(
encoding=serialization.Encoding.PEM).decode("utf-8"),
'private_key': private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()).decode("utf-8"),
'public_key': public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
"utf-8"),
}
return result
示例15: generate_signing_request
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import CertificateSigningRequestBuilder [as 别名]
def generate_signing_request(cn: str, dnsname: Optional[str] = None) -> (rsa.RSAPrivateKey, x509.CertificateSigningRequest):
"""Generate a Private Key + Certificate Signing Request using the given dnsname as the CN and SAN dNSName.
Args:
cn (str): The certificate common name
dnsname (str): The public facing dns name of the MDM server.
Returns:
Tuple of rsa private key, csr
"""
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend(),
)
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, cn),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment')
])
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(name)
if dnsname is not None:
san = x509.SubjectAlternativeName([
x509.DNSName(dnsname)
])
builder = builder.add_extension(san, critical=True)
builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)
request = builder.sign(
private_key,
hashes.SHA256(),
default_backend()
)
return private_key, request