当前位置: 首页>>代码示例>>Python>>正文


Python x509.DNSName方法代码示例

本文整理汇总了Python中cryptography.x509.DNSName方法的典型用法代码示例。如果您正苦于以下问题:Python x509.DNSName方法的具体用法?Python x509.DNSName怎么用?Python x509.DNSName使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cryptography.x509的用法示例。


在下文中一共展示了x509.DNSName方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: build_csr

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def build_csr(self, hostname, **kwargs):
        realm = self.plugin.ipa.env.realm
        builder = x509.CertificateSigningRequestBuilder()
        builder = builder.subject_name(
            x509.Name([
                x509.NameAttribute(oid.NameOID.COMMON_NAME, hostname),
                x509.NameAttribute(oid.NameOID.ORGANIZATION_NAME, realm),
            ])
        )
        build = builder.add_extension(
            x509.BasicConstraints(ca=False, path_length=None), critical=True,
        )
        build = builder.add_extension(
            x509.ExtendedKeyUsage([TLS_SERVERAUTH]), critical=True
        )
        builder = build.add_extension(
            x509.SubjectAlternativeName([x509.DNSName(hostname)]),
            critical=False
        )
        return builder

    # pylint: disable=arguments-differ 
开发者ID:latchset,项目名称:custodia,代码行数:24,代码来源:certrequest.py

示例2: extract_dns_subject_alternative_names

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def extract_dns_subject_alternative_names(certificate: x509.Certificate) -> List[str]:
    """Retrieve all the DNS entries of the Subject Alternative Name extension.
    """
    subj_alt_names: List[str] = []
    try:
        san_ext = certificate.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
        san_ext_value = cast(x509.SubjectAlternativeName, san_ext.value)
        subj_alt_names = san_ext_value.get_values_for_type(DNSName)
    except ExtensionNotFound:
        pass
    except DuplicateExtension:
        # Fix for https://github.com/nabla-c0d3/sslyze/issues/420
        # Not sure how browsers behave in this case but having a duplicate extension makes the certificate invalid
        # so we just return no SANs (likely to make hostname validation fail, which is fine)
        pass

    return subj_alt_names 
开发者ID:nabla-c0d3,项目名称:sslyze,代码行数:19,代码来源:_certificate_utils.py

示例3: create_csr

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def create_csr(key, domains, must_staple=False):
    """
    Creates a CSR in DER format for the specified key and domain names.
    """
    assert domains
    name = x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, domains[0]),
    ])
    san = x509.SubjectAlternativeName([x509.DNSName(domain) for domain in domains])
    csr = x509.CertificateSigningRequestBuilder().subject_name(name) \
        .add_extension(san, critical=False)
    if must_staple:
        ocsp_must_staple = x509.TLSFeature(features=[x509.TLSFeatureType.status_request])
        csr = csr.add_extension(ocsp_must_staple, critical=False)
    csr = csr.sign(key, hashes.SHA256(), default_backend())
    return export_csr_for_acme(csr) 
开发者ID:veeti,项目名称:manuale,代码行数:18,代码来源:crypto.py

示例4: match

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def match(self, value):
        # This is somewhat terrible. Probably can be better after
        # pyca/service_identity#14 is resolved.
        target_ids = [
            DNSPattern(target_name.encode('utf-8'))
            for target_name
            in (
                value.extensions
                .get_extension_for_oid(
                    ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
                .value
                .get_values_for_type(x509.DNSName)
            )]
        ids = [DNS_ID(self.name)]
        try:
            verify_service_identity(
                cert_patterns=target_ids, obligatory_ids=ids, optional_ids=[])
        except VerificationError:
            return Mismatch(
                '{!r} is not valid for {!r}'.format(value, self.name)) 
开发者ID:twisted,项目名称:txacme,代码行数:22,代码来源:matchers.py

示例5: test_certificate_input_with_extensions

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_certificate_input_with_extensions(client, authority):
    from lemur.certificates.schemas import CertificateInputSchema

    input_data = {
        "commonName": "test.example.com",
        "owner": "jim@example.com",
        "authority": {"id": authority.id},
        "description": "testtestest",
        "extensions": {
            "keyUsage": {"digital_signature": True},
            "extendedKeyUsage": {
                "useClientAuthentication": True,
                "useServerAuthentication": True,
            },
            "subjectKeyIdentifier": {"includeSKI": True},
            "subAltNames": {
                "names": [{"nameType": "DNSName", "value": "test.example.com"}]
            },
        },
        "dnsProvider": None,
    }

    data, errors = CertificateInputSchema().load(input_data)
    assert not errors 
开发者ID:Netflix,项目名称:lemur,代码行数:26,代码来源:test_certificates.py

示例6: test_certificate_allowed_names

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_certificate_allowed_names(client, authority, session, logged_in_user):
    """Test for allowed CN and SAN values."""
    from lemur.certificates.schemas import CertificateInputSchema

    input_data = {
        "commonName": "Names with spaces are not checked",
        "owner": "jim@example.com",
        "authority": {"id": authority.id},
        "description": "testtestest",
        "validityStart": "2020-01-01T00:00:00",
        "validityEnd": "2020-01-01T00:00:01",
        "extensions": {
            "subAltNames": {
                "names": [
                    {"nameType": "DNSName", "value": "allowed.example.com"},
                    {"nameType": "IPAddress", "value": "127.0.0.1"},
                ]
            }
        },
        "dnsProvider": None,
    }

    data, errors = CertificateInputSchema().load(input_data)
    assert not errors 
开发者ID:Netflix,项目名称:lemur,代码行数:26,代码来源:test_certificates.py

示例7: test_csr_disallowed_san

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_csr_disallowed_san(client, logged_in_user):
    """SAN name is disallowed by LEMUR_WHITELISTED_DOMAINS."""
    from lemur.common import validators

    request, pkey = create_csr(
        common_name="CN with spaces isn't a domain and is thus allowed",
        owner="joe@example.com",
        key_type="RSA2048",
        extensions={
            "sub_alt_names": {
                "names": x509.SubjectAlternativeName([x509.DNSName("evilhacker.org")])
            }
        },
    )
    with pytest.raises(ValidationError) as err:
        validators.csr(request)
    assert str(err.value).startswith(
        "Domain evilhacker.org does not match whitelisted domain patterns"
    ) 
开发者ID:Netflix,项目名称:lemur,代码行数:21,代码来源:test_certificates.py

示例8: domains

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def domains(cert):
    """
    Attempts to get an domains listed in a certificate.
    If 'subjectAltName' extension is not available we simply
    return the common name.

    :param cert:
    :return: List of domains
    """
    domains = []
    try:
        ext = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME)
        entries = ext.value.get_values_for_type(x509.DNSName)
        for entry in entries:
            domains.append(entry)
    except x509.ExtensionNotFound:
        if current_app.config.get("LOG_SSL_SUBJ_ALT_NAME_ERRORS", True):
            sentry.captureException()
    except Exception as e:
        sentry.captureException()

    return domains 
开发者ID:Netflix,项目名称:lemur,代码行数:24,代码来源:defaults.py

示例9: sub_alt_type

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def sub_alt_type(alt_type):
    """
    Determines if the specified subject alternate type is valid.
    :param alt_type:
    :return:
    """
    valid_types = [
        "DNSName",
        "IPAddress",
        "uniFormResourceIdentifier",
        "directoryName",
        "rfc822Name",
        "registrationID",
        "otherName",
        "x400Address",
        "EDIPartyName",
    ]
    if alt_type.lower() not in [a_type.lower() for a_type in valid_types]:
        raise ValidationError(
            "Invalid SubAltName Type: {0} choose from {1}".format(
                type, ",".join(valid_types)
            )
        ) 
开发者ID:Netflix,项目名称:lemur,代码行数:25,代码来源:validators.py

示例10: test_map_fields_with_validity_years

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def test_map_fields_with_validity_years(mock_current_app):
    mock_current_app.config.get = Mock(side_effect=config_mock)

    with patch('lemur.plugins.lemur_digicert.plugin.signature_hash') as mock_signature_hash:
        mock_signature_hash.return_value = "sha256"

        names = [u"one.example.com", u"two.example.com", u"three.example.com"]
        options = {
            "common_name": "example.com",
            "owner": "bob@example.com",
            "description": "test certificate",
            "extensions": {"sub_alt_names": {"names": [x509.DNSName(x) for x in names]}},
            "validity_years": 2
        }
        expected = {
            "certificate": {
                "csr": CSR_STR,
                "common_name": "example.com",
                "dns_names": names,
                "signature_hash": "sha256",
            },
            "organization": {"id": 111111},
            "validity_years": 2,
        }
        assert expected == plugin.map_fields(options, CSR_STR) 
开发者ID:Netflix,项目名称:lemur,代码行数:27,代码来源:test_digicert.py

示例11: _dnsname_to_stdlib

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def _dnsname_to_stdlib(name):
    """Converts a DNSName SubjectAlternativeName field to the form used by the standard library.

    Cryptography produces a dNSName as a unicode string that was idna-decoded
    from ASCII bytes. We need to idna-encode that string to get it back, and
    then on Python 3 we also need to convert to unicode via UTF-8 (the stdlib
    uses PyUnicode_FromStringAndSize on it, which decodes via UTF-8).

    Notes:
        This depends on the Python version's standard library.
    """

    def idna_encode(name):
        """Borrowed wholesale from the Python Cryptography Project.

        It turns out that we can't just safely call `idna.encode`: it can explode for
        wildcard names. This avoids that problem.
        """
        import idna

        for prefix in ['*.', '.']:
            if name.startswith(prefix):
                name = name[len(prefix):]
                return prefix.encode('ascii') + idna.encode(name)
        return idna.encode(name)

    name = idna_encode(name)
    if sys.version_info >= (3, 0):
        name = name.decode('utf-8')
    return name 
开发者ID:snowflakedb,项目名称:snowflake-connector-python,代码行数:32,代码来源:ssl_wrap_socket.py

示例12: read_cert

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def read_cert(cert_dir):
    with open(os.path.join(cert_dir, 'cert.pem'), 'rb') as cert_file:
        pem_data = cert_file.read()
    cert = x509.load_pem_x509_certificate(pem_data, default_backend())
    common_name = [na.value for na in cert.subject if na.oid._dotted_string == "2.5.4.3"][0]
    subject_alternative_names = [ext.value for ext in cert.extensions if ext.oid._dotted_string == "2.5.29.17"][0]
    dns_names = subject_alternative_names.get_values_for_type(x509.DNSName)
    ip_sans = [str(ip) for ip in subject_alternative_names.get_values_for_type(x509.IPAddress)]

    return common_name, dns_names, ip_sans 
开发者ID:python,项目名称:pypi-infra,代码行数:12,代码来源:sidecar.py

示例13: service_dns

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def service_dns(service_name, namespace, domain):
    return [
        x509.DNSName(f'{service_name}.{namespace}.svc.{domain}'),
        x509.DNSName(f'{service_name}.{namespace}.svc'),
        x509.DNSName(f'{service_name}.{namespace}'),
        x509.DNSName(f'{service_name}'),
    ] 
开发者ID:python,项目名称:pypi-infra,代码行数:9,代码来源:requestor.py

示例14: pod_dns

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def pod_dns(pod_ip, namespace, domain):
    return [
        x509.DNSName(f'{pod_ip.replace(".", "-")}.{namespace}.pod.{domain}'),
        x509.DNSName(f'{pod_ip.replace(".", "-")}.{namespace}.pod'),
    ] 
开发者ID:python,项目名称:pypi-infra,代码行数:7,代码来源:requestor.py

示例15: headless_dns

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import DNSName [as 别名]
def headless_dns(hostname, subdomain, namespace, domain):
    return [
        x509.DNSName(f'{hostname}.{subdomain}.{namespace}.svc.{domain}'),
        x509.DNSName(f'{hostname}.{subdomain}.{namespace}.svc'),
        x509.DNSName(f'{hostname}.{subdomain}.{namespace}'),
        x509.DNSName(f'{hostname}.{subdomain}'),
        x509.DNSName(f'{hostname}'),
    ] 
开发者ID:python,项目名称:pypi-infra,代码行数:10,代码来源:requestor.py


注:本文中的cryptography.x509.DNSName方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。