本文整理汇总了Python中cryptography.x509.DNSName方法的典型用法代码示例。如果您正苦于以下问题:Python x509.DNSName方法的具体用法?Python x509.DNSName怎么用?Python x509.DNSName使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.x509
的用法示例。
在下文中一共展示了x509.DNSName方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: build_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def build_csr(self, hostname, **kwargs):
realm = self.plugin.ipa.env.realm
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(oid.NameOID.COMMON_NAME, hostname),
x509.NameAttribute(oid.NameOID.ORGANIZATION_NAME, realm),
])
)
build = builder.add_extension(
x509.BasicConstraints(ca=False, path_length=None), critical=True,
)
build = builder.add_extension(
x509.ExtendedKeyUsage([TLS_SERVERAUTH]), critical=True
)
builder = build.add_extension(
x509.SubjectAlternativeName([x509.DNSName(hostname)]),
critical=False
)
return builder
# pylint: disable=arguments-differ
示例2: extract_dns_subject_alternative_names
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def extract_dns_subject_alternative_names(certificate: x509.Certificate) -> List[str]:
"""Retrieve all the DNS entries of the Subject Alternative Name extension.
"""
subj_alt_names: List[str] = []
try:
san_ext = certificate.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
san_ext_value = cast(x509.SubjectAlternativeName, san_ext.value)
subj_alt_names = san_ext_value.get_values_for_type(DNSName)
except ExtensionNotFound:
pass
except DuplicateExtension:
# Fix for https://github.com/nabla-c0d3/sslyze/issues/420
# Not sure how browsers behave in this case but having a duplicate extension makes the certificate invalid
# so we just return no SANs (likely to make hostname validation fail, which is fine)
pass
return subj_alt_names
示例3: create_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def create_csr(key, domains, must_staple=False):
"""
Creates a CSR in DER format for the specified key and domain names.
"""
assert domains
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, domains[0]),
])
san = x509.SubjectAlternativeName([x509.DNSName(domain) for domain in domains])
csr = x509.CertificateSigningRequestBuilder().subject_name(name) \
.add_extension(san, critical=False)
if must_staple:
ocsp_must_staple = x509.TLSFeature(features=[x509.TLSFeatureType.status_request])
csr = csr.add_extension(ocsp_must_staple, critical=False)
csr = csr.sign(key, hashes.SHA256(), default_backend())
return export_csr_for_acme(csr)
示例4: match
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def match(self, value):
# This is somewhat terrible. Probably can be better after
# pyca/service_identity#14 is resolved.
target_ids = [
DNSPattern(target_name.encode('utf-8'))
for target_name
in (
value.extensions
.get_extension_for_oid(
ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
.value
.get_values_for_type(x509.DNSName)
)]
ids = [DNS_ID(self.name)]
try:
verify_service_identity(
cert_patterns=target_ids, obligatory_ids=ids, optional_ids=[])
except VerificationError:
return Mismatch(
'{!r} is not valid for {!r}'.format(value, self.name))
示例5: test_certificate_input_with_extensions
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_certificate_input_with_extensions(client, authority):
from lemur.certificates.schemas import CertificateInputSchema
input_data = {
"commonName": "test.example.com",
"owner": "jim@example.com",
"authority": {"id": authority.id},
"description": "testtestest",
"extensions": {
"keyUsage": {"digital_signature": True},
"extendedKeyUsage": {
"useClientAuthentication": True,
"useServerAuthentication": True,
},
"subjectKeyIdentifier": {"includeSKI": True},
"subAltNames": {
"names": [{"nameType": "DNSName", "value": "test.example.com"}]
},
},
"dnsProvider": None,
}
data, errors = CertificateInputSchema().load(input_data)
assert not errors
示例6: test_certificate_allowed_names
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_certificate_allowed_names(client, authority, session, logged_in_user):
"""Test for allowed CN and SAN values."""
from lemur.certificates.schemas import CertificateInputSchema
input_data = {
"commonName": "Names with spaces are not checked",
"owner": "jim@example.com",
"authority": {"id": authority.id},
"description": "testtestest",
"validityStart": "2020-01-01T00:00:00",
"validityEnd": "2020-01-01T00:00:01",
"extensions": {
"subAltNames": {
"names": [
{"nameType": "DNSName", "value": "allowed.example.com"},
{"nameType": "IPAddress", "value": "127.0.0.1"},
]
}
},
"dnsProvider": None,
}
data, errors = CertificateInputSchema().load(input_data)
assert not errors
示例7: test_csr_disallowed_san
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_csr_disallowed_san(client, logged_in_user):
"""SAN name is disallowed by LEMUR_WHITELISTED_DOMAINS."""
from lemur.common import validators
request, pkey = create_csr(
common_name="CN with spaces isn't a domain and is thus allowed",
owner="joe@example.com",
key_type="RSA2048",
extensions={
"sub_alt_names": {
"names": x509.SubjectAlternativeName([x509.DNSName("evilhacker.org")])
}
},
)
with pytest.raises(ValidationError) as err:
validators.csr(request)
assert str(err.value).startswith(
"Domain evilhacker.org does not match whitelisted domain patterns"
)
示例8: domains
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def domains(cert):
"""
Attempts to get an domains listed in a certificate.
If 'subjectAltName' extension is not available we simply
return the common name.
:param cert:
:return: List of domains
"""
domains = []
try:
ext = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME)
entries = ext.value.get_values_for_type(x509.DNSName)
for entry in entries:
domains.append(entry)
except x509.ExtensionNotFound:
if current_app.config.get("LOG_SSL_SUBJ_ALT_NAME_ERRORS", True):
sentry.captureException()
except Exception as e:
sentry.captureException()
return domains
示例9: sub_alt_type
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def sub_alt_type(alt_type):
"""
Determines if the specified subject alternate type is valid.
:param alt_type:
:return:
"""
valid_types = [
"DNSName",
"IPAddress",
"uniFormResourceIdentifier",
"directoryName",
"rfc822Name",
"registrationID",
"otherName",
"x400Address",
"EDIPartyName",
]
if alt_type.lower() not in [a_type.lower() for a_type in valid_types]:
raise ValidationError(
"Invalid SubAltName Type: {0} choose from {1}".format(
type, ",".join(valid_types)
)
)
示例10: test_map_fields_with_validity_years
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_map_fields_with_validity_years(mock_current_app):
mock_current_app.config.get = Mock(side_effect=config_mock)
with patch('lemur.plugins.lemur_digicert.plugin.signature_hash') as mock_signature_hash:
mock_signature_hash.return_value = "sha256"
names = [u"one.example.com", u"two.example.com", u"three.example.com"]
options = {
"common_name": "example.com",
"owner": "bob@example.com",
"description": "test certificate",
"extensions": {"sub_alt_names": {"names": [x509.DNSName(x) for x in names]}},
"validity_years": 2
}
expected = {
"certificate": {
"csr": CSR_STR,
"common_name": "example.com",
"dns_names": names,
"signature_hash": "sha256",
},
"organization": {"id": 111111},
"validity_years": 2,
}
assert expected == plugin.map_fields(options, CSR_STR)
示例11: _dnsname_to_stdlib
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def _dnsname_to_stdlib(name):
"""Converts a DNSName SubjectAlternativeName field to the form used by the standard library.
Cryptography produces a dNSName as a unicode string that was idna-decoded
from ASCII bytes. We need to idna-encode that string to get it back, and
then on Python 3 we also need to convert to unicode via UTF-8 (the stdlib
uses PyUnicode_FromStringAndSize on it, which decodes via UTF-8).
Notes:
This depends on the Python version's standard library.
"""
def idna_encode(name):
"""Borrowed wholesale from the Python Cryptography Project.
It turns out that we can't just safely call `idna.encode`: it can explode for
wildcard names. This avoids that problem.
"""
import idna
for prefix in ['*.', '.']:
if name.startswith(prefix):
name = name[len(prefix):]
return prefix.encode('ascii') + idna.encode(name)
return idna.encode(name)
name = idna_encode(name)
if sys.version_info >= (3, 0):
name = name.decode('utf-8')
return name
示例12: read_cert
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def read_cert(cert_dir):
with open(os.path.join(cert_dir, 'cert.pem'), 'rb') as cert_file:
pem_data = cert_file.read()
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
common_name = [na.value for na in cert.subject if na.oid._dotted_string == "2.5.4.3"][0]
subject_alternative_names = [ext.value for ext in cert.extensions if ext.oid._dotted_string == "2.5.29.17"][0]
dns_names = subject_alternative_names.get_values_for_type(x509.DNSName)
ip_sans = [str(ip) for ip in subject_alternative_names.get_values_for_type(x509.IPAddress)]
return common_name, dns_names, ip_sans
示例13: service_dns
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def service_dns(service_name, namespace, domain):
return [
x509.DNSName(f'{service_name}.{namespace}.svc.{domain}'),
x509.DNSName(f'{service_name}.{namespace}.svc'),
x509.DNSName(f'{service_name}.{namespace}'),
x509.DNSName(f'{service_name}'),
]
示例14: pod_dns
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def pod_dns(pod_ip, namespace, domain):
return [
x509.DNSName(f'{pod_ip.replace(".", "-")}.{namespace}.pod.{domain}'),
x509.DNSName(f'{pod_ip.replace(".", "-")}.{namespace}.pod'),
]
示例15: headless_dns
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def headless_dns(hostname, subdomain, namespace, domain):
return [
x509.DNSName(f'{hostname}.{subdomain}.{namespace}.svc.{domain}'),
x509.DNSName(f'{hostname}.{subdomain}.{namespace}.svc'),
x509.DNSName(f'{hostname}.{subdomain}.{namespace}'),
x509.DNSName(f'{hostname}.{subdomain}'),
x509.DNSName(f'{hostname}'),
]