本文整理汇总了Python中cryptography.x509.KeyUsage方法的典型用法代码示例。如果您正苦于以下问题:Python x509.KeyUsage方法的具体用法?Python x509.KeyUsage怎么用?Python x509.KeyUsage使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.x509
的用法示例。
在下文中一共展示了x509.KeyUsage方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _decode_key_usage
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _decode_key_usage(backend, bit_string):
bit_string = backend._ffi.cast("ASN1_BIT_STRING *", bit_string)
bit_string = backend._ffi.gc(bit_string, backend._lib.ASN1_BIT_STRING_free)
get_bit = backend._lib.ASN1_BIT_STRING_get_bit
digital_signature = get_bit(bit_string, 0) == 1
content_commitment = get_bit(bit_string, 1) == 1
key_encipherment = get_bit(bit_string, 2) == 1
data_encipherment = get_bit(bit_string, 3) == 1
key_agreement = get_bit(bit_string, 4) == 1
key_cert_sign = get_bit(bit_string, 5) == 1
crl_sign = get_bit(bit_string, 6) == 1
encipher_only = get_bit(bit_string, 7) == 1
decipher_only = get_bit(bit_string, 8) == 1
return x509.KeyUsage(
digital_signature,
content_commitment,
key_encipherment,
data_encipherment,
key_agreement,
key_cert_sign,
crl_sign,
encipher_only,
decipher_only
)
示例2: _merge_key_usage
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _merge_key_usage(key_usage, allowed_key_usage):
critical = key_usage.critical
key_usage_value = key_usage.value
usages = []
for usage in extensions.KeyUsages:
k, v = usage.value
try:
value = getattr(key_usage_value, v)
except ValueError:
# ValueError is raised when encipher_only/decipher_only is
# retrieved but key_agreement is False
value = False
if value:
if k not in allowed_key_usage:
if critical:
raise exception.CertificateValidationError(
extension=key_usage)
else:
value = False
usages.append(value)
rtn = x509.KeyUsage(*usages)
return x509.Extension(rtn.oid, critical, rtn)
示例3: _generate_csr
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _generate_csr(cls, cn, private_key, passphrase=None):
pk = serialization.load_pem_private_key(
data=private_key, password=passphrase,
backend=backends.default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, cn),
])
)
csr = csr.add_extension(
x509.BasicConstraints(
ca=False,
path_length=None
),
critical=True
)
csr = csr.add_extension(
x509.KeyUsage(
digital_signature=True,
key_encipherment=True,
data_encipherment=True,
key_agreement=True,
content_commitment=False,
key_cert_sign=False,
crl_sign=False,
encipher_only=False,
decipher_only=False
),
critical=True
)
csr = csr.add_extension(
x509.SubjectAlternativeName([x509.DNSName(cn)]),
critical=False
)
signed_csr = csr.sign(
pk,
getattr(hashes, CONF.certificates.signing_digest.upper())(),
backends.default_backend())
return signed_csr.public_bytes(serialization.Encoding.PEM)
示例4: _build_key_usage
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _build_key_usage(self, critical=False):
# Digital Signature and Key Encipherment are enabled
key_usage = c_x509.KeyUsage(
True, False, True, False, False, False, False, False, False)
return c_x509.Extension(key_usage.oid, critical, key_usage)
示例5: test_merge_key_usage_disallowed_but_not_critical
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_merge_key_usage_disallowed_but_not_critical(self):
key_usage = self._build_key_usage()
expected = c_x509.KeyUsage(
True, False, False, False, False, False, False, False, False)
expected = c_x509.Extension(expected.oid, False, expected)
self.assertEqual(expected,
v._merge_key_usage(key_usage,
['Digital Signature']))
示例6: assertInClientExtensions
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def assertInClientExtensions(self, cert):
key_usage = c_x509.KeyUsage(True, False, True, False, False, False,
False, False, False)
key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
extended_key_usage = c_x509.ExtendedKeyUsage([c_x509.OID_CLIENT_AUTH])
extended_key_usage = c_x509.Extension(extended_key_usage.oid, False,
extended_key_usage)
basic_constraints = c_x509.BasicConstraints(ca=False, path_length=None)
basic_constraints = c_x509.Extension(basic_constraints.oid, True,
basic_constraints)
self.assertIn(key_usage, cert.extensions)
self.assertIn(extended_key_usage, cert.extensions)
self.assertIn(basic_constraints, cert.extensions)
示例7: test_generate_ca_certificate_set_extentions_as_ca
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_generate_ca_certificate_set_extentions_as_ca(self):
cert, _ = self._generate_ca_certificate(self.issuer_name)
key_usage = c_x509.KeyUsage(False, False, False, False, False, True,
False, False, False)
key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
basic_constraints = c_x509.BasicConstraints(ca=True, path_length=0)
basic_constraints = c_x509.Extension(basic_constraints.oid, True,
basic_constraints)
self.assertIn(key_usage, cert.extensions)
self.assertIn(basic_constraints, cert.extensions)
示例8: _build_ca_extentions
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _build_ca_extentions():
# Certificate Sign is enabled
key_usage = x509.KeyUsage(False, False, False, False, False, True, False,
False, False)
key_usage = x509.Extension(key_usage.oid, True, key_usage)
basic_constraints = x509.BasicConstraints(ca=True, path_length=0)
basic_constraints = x509.Extension(basic_constraints.oid, True,
basic_constraints)
return [basic_constraints, key_usage]
示例9: serialize
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def serialize(self):
"""Serialize this extension to a string in a way that it can be passed to a constructor again.
For example, this should always be True::
>>> ku = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']})
>>> ku == KeyUsage(ku.serialize())
True
"""
return {
'critical': self.critical,
'value': self.value,
}
示例10: for_builder
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def for_builder(self):
"""Return kwargs suitable for a :py:class:`~cg:cryptography.x509.CertificateBuilder`.
Example::
>>> kwargs = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}).for_builder()
>>> builder.add_extension(**kwargs) # doctest: +SKIP
"""
return {'extension': self.extension_type, 'critical': self.critical}
示例11: extension_type
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def extension_type(self):
kwargs = {v: (v in self.value) for v in self.KNOWN_VALUES}
return x509.KeyUsage(**kwargs)
示例12: test_completeness
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_completeness(self):
# make sure whe haven't forgotton any keys anywhere
self.assertEqual(set(KeyUsage.CRYPTOGRAPHY_MAPPING.keys()),
set([e[0] for e in KeyUsage.CHOICES]))
示例13: test_auto_add
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_auto_add(self):
# decipher/encipher_only automatically add key_agreement
self.assertEqual(KeyUsage({'value': ['decipher_only']}),
KeyUsage({'value': ['decipher_only', 'key_agreement']}))
self.assertEqual(KeyUsage({'value': ['encipher_only']}),
KeyUsage({'value': ['encipher_only', 'key_agreement']}))
示例14: cert_key_usage
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def cert_key_usage(**kwargs):
"""
Helper to create x509.KeyUsage object. Function provide defaults (False)
for unspecified KeyUsage arguments.
Args:
x509.KeyUsage keys. If not provided False is used for each arg.
Return:
x509.KeyUsage
"""
required = [
'digital_signature',
'content_commitment',
'key_encipherment',
'data_encipherment',
'key_agreement',
'key_cert_sign',
'crl_sign',
'encipher_only',
'decipher_only',
]
for name in required:
kwargs.setdefault(name, False)
return x509.KeyUsage(**kwargs)
示例15: create_certificate
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def create_certificate(directory: str) -> None:
ca_directory = user_data_dir()
ca_key_path = os.path.join(ca_directory, CA_KEY_FILENAME)
ca_crt_path = os.path.join(ca_directory, CA_CRT_FILENAME)
server_key_path = os.path.join(directory, SERVER_KEY_FILENAME)
server_crt_path = os.path.join(directory, SERVER_CRT_FILENAME)
if not os.path.isfile(ca_key_path) or not os.path.isfile(ca_crt_path):
raise RuntimeError(
"Could not find CA key and certificate. Please "
'run the command "webviz certificate --auto-install" and '
"try again"
)
with open(ca_key_path, "rb") as filehandle:
ca_key = serialization.load_pem_private_key(
data=filehandle.read(), password=None, backend=default_backend()
)
with open(ca_crt_path, "rb") as filehandle:
ca_crt = x509.load_pem_x509_certificate(
data=filehandle.read(), backend=default_backend()
)
server_key = create_key(server_key_path)
crt = (
certificate_template(NAME, ca_crt.subject, server_key.public_key())
.add_extension(
critical=True,
extension=x509.KeyUsage(
digital_signature=True,
key_encipherment=True,
content_commitment=True,
data_encipherment=False,
key_agreement=False,
encipher_only=False,
decipher_only=False,
key_cert_sign=False,
crl_sign=False,
),
)
.add_extension(
critical=False,
extension=x509.AuthorityKeyIdentifier.from_issuer_public_key(
ca_key.public_key()
),
)
.sign(private_key=ca_key, algorithm=hashes.SHA256(), backend=default_backend())
)
with open(server_crt_path, "wb") as filehandle:
filehandle.write(crt.public_bytes(encoding=serialization.Encoding.PEM))