Python x509.Extension方法代码示例

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def print_extension(self, ext):
        if isinstance(ext, Extension):
            if isinstance(ext, NullExtension):
                if ext.critical:
                    # NOTE: Only PrecertPoison is ever marked as critical
                    self.stdout.write('%s (critical): Yes' % ext.name)
                else:
                    self.stdout.write('%s: Yes' % ext.name)
            else:
                if ext.critical:
                    self.stdout.write('%s (critical):' % ext.name)
                else:
                    self.stdout.write('%s:' % ext.name)

                self.stdout.write(self.indent(ext.as_text()))
        elif isinstance(ext, x509.Extension):
            if ext.critical:  # pragma: no cover - all unrecognized extensions that we have are non-critical
                self.stdout.write('%s (critical): %s' % (ext.oid._name, ext.oid.dotted_string))
            else:
                self.stdout.write('%s: %s' % (ext.oid._name, ext.oid.dotted_string))
        else:  # pragma: no cover
            raise ValueError('Received unknown extension type: %s' % type(ext)) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def test_config(self):
        self.assertTrue(issubclass(self.ext_class, Extension))
        self.assertEqual(self.ext_class.key, self.ext_class_key)
        self.assertEqual(self.ext_class.name, self.ext_class_name)

        # Test some basic properties (just to be sure)
        self.assertIsInstance(self.ext_class.oid, ObjectIdentifier)
        self.assertIsInstance(self.ext_class.key, str)
        self.assertGreater(len(self.ext_class.key), 0)
        self.assertIsInstance(self.ext_class.name, str)
        self.assertGreater(len(self.ext_class.name), 0)

        # Test mapping dicts
        self.assertEqual(KEY_TO_EXTENSION[self.ext_class.key], self.ext_class)
        self.assertEqual(OID_TO_EXTENSION[self.ext_class.oid], self.ext_class)

        # test that the model matches
        self.assertTrue(hasattr(X509CertMixin, self.ext_class.key))
        self.assertIsInstance(getattr(X509CertMixin, self.ext_class.key), cached_property) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def get_readonly_fields(self, request, obj=None):
        fields = super(CertificateMixin, self).get_readonly_fields(request, obj=obj)

        if not obj.revoked:
            # We can only change the date when the certificate was compromised if it's actually revoked.
            fields.append('compromised')

        if obj is None:  # pragma: no cover
            # This is never True because CertificateAdmin (the only case where objects are added) doesn't call
            # the superclass in this case.
            return fields

        fields = list(fields)
        for field in obj.extension_fields:
            if isinstance(field, x509.Extension):
                field = self.get_oid_name(field.oid)

            fields.append(field)

        return fields 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def add_extension(self, extension, critical):
        if not isinstance(extension, x509.ExtensionType):
            raise TypeError("extension must be an ExtensionType")

        extension = x509.Extension(extension.oid, critical, extension)
        _reject_duplicate_extension(extension, self._extensions)

        return OCSPRequestBuilder(
            self._request, self._extensions + [extension]
        ) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def _build_key_usage(self, critical=False):
        # Digital Signature and Key Encipherment are enabled
        key_usage = c_x509.KeyUsage(
            True, False, True, False, False, False, False, False, False)
        return c_x509.Extension(key_usage.oid, critical, key_usage) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def _build_basic_constraints(self, ca=False, critical=False):
        bc = c_x509.BasicConstraints(ca, None)
        return c_x509.Extension(bc.oid, critical, bc) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def test_merge_key_usage_disallowed_but_not_critical(self):
        key_usage = self._build_key_usage()
        expected = c_x509.KeyUsage(
            True, False, False, False, False, False, False, False, False)
        expected = c_x509.Extension(expected.oid, False, expected)

        self.assertEqual(expected,
                         v._merge_key_usage(key_usage,
                                            ['Digital Signature'])) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def assertInClientExtensions(self, cert):
        key_usage = c_x509.KeyUsage(True, False, True, False, False, False,
                                    False, False, False)
        key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
        extended_key_usage = c_x509.ExtendedKeyUsage([c_x509.OID_CLIENT_AUTH])
        extended_key_usage = c_x509.Extension(extended_key_usage.oid, False,
                                              extended_key_usage)
        basic_constraints = c_x509.BasicConstraints(ca=False, path_length=None)
        basic_constraints = c_x509.Extension(basic_constraints.oid, True,
                                             basic_constraints)

        self.assertIn(key_usage, cert.extensions)
        self.assertIn(extended_key_usage, cert.extensions)
        self.assertIn(basic_constraints, cert.extensions) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def test_generate_ca_certificate_set_extentions_as_ca(self):
        cert, _ = self._generate_ca_certificate(self.issuer_name)

        key_usage = c_x509.KeyUsage(False, False, False, False, False, True,
                                    False, False, False)
        key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
        basic_constraints = c_x509.BasicConstraints(ca=True, path_length=0)
        basic_constraints = c_x509.Extension(basic_constraints.oid, True,
                                             basic_constraints)

        self.assertIn(key_usage, cert.extensions)
        self.assertIn(basic_constraints, cert.extensions) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def _disallow_ca_in_basic_constraints(basic_constraints):
    if basic_constraints.value.ca:
        if basic_constraints.critical:
            raise exception.CertificateValidationError(
                extension=basic_constraints)

        bc = x509.BasicConstraints(False, None)
        return x509.Extension(bc.oid, False, bc)

    return basic_constraints 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def _build_client_extentions():
    # Digital Signature and Key Encipherment are enabled
    key_usage = x509.KeyUsage(True, False, True, False, False, False, False,
                              False, False)
    key_usage = x509.Extension(key_usage.oid, True, key_usage)
    extended_key_usage = x509.ExtendedKeyUsage([x509.OID_CLIENT_AUTH])
    extended_key_usage = x509.Extension(extended_key_usage.oid, False,
                                        extended_key_usage)
    basic_constraints = x509.BasicConstraints(ca=False, path_length=None)
    basic_constraints = x509.Extension(basic_constraints.oid, True,
                                       basic_constraints)

    return [key_usage, extended_key_usage, basic_constraints] 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def _build_ca_extentions():
    # Certificate Sign is enabled
    key_usage = x509.KeyUsage(False, False, False, False, False, True, False,
                              False, False)
    key_usage = x509.Extension(key_usage.oid, True, key_usage)

    basic_constraints = x509.BasicConstraints(ca=True, path_length=0)
    basic_constraints = x509.Extension(basic_constraints.oid, True,
                                       basic_constraints)

    return [basic_constraints, key_usage] 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def get_authority_key_identifier_extension(self):
        return AuthorityKeyIdentifier(x509.Extension(
            critical=AuthorityKeyIdentifier.default_critical,
            oid=AuthorityKeyIdentifier.oid,
            value=self.get_authority_key_identifier()
        )) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def ext(self, value=None, critical=None):
        if value is None:
            value = {}

        if isinstance(value, x509.extensions.ExtensionType):
            if critical is None:
                critical = self.ext_class.default_critical
            ext = x509.extensions.Extension(oid=self.ext_class.oid, critical=critical, value=value)
            return self.ext_class(ext)
        else:
            d = {'value': value}
            if critical is not None:
                d['critical'] = critical
            return self.ext_class(d) 

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import Extension [as 别名]
def test_as_extension(self):
        for config in self.test_values.values():
            with self.assertRaises(NotImplementedError):
                Extension({'value': config['expected']}).as_extension()