当前位置: 首页>>代码示例>>Python>>正文


Python x509.KeyUsage方法代码示例

本文整理汇总了Python中cryptography.x509.KeyUsage方法的典型用法代码示例。如果您正苦于以下问题:Python x509.KeyUsage方法的具体用法?Python x509.KeyUsage怎么用?Python x509.KeyUsage使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cryptography.x509的用法示例。


在下文中一共展示了x509.KeyUsage方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _decode_key_usage

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _decode_key_usage(backend, bit_string):
    bit_string = backend._ffi.cast("ASN1_BIT_STRING *", bit_string)
    bit_string = backend._ffi.gc(bit_string, backend._lib.ASN1_BIT_STRING_free)
    get_bit = backend._lib.ASN1_BIT_STRING_get_bit
    digital_signature = get_bit(bit_string, 0) == 1
    content_commitment = get_bit(bit_string, 1) == 1
    key_encipherment = get_bit(bit_string, 2) == 1
    data_encipherment = get_bit(bit_string, 3) == 1
    key_agreement = get_bit(bit_string, 4) == 1
    key_cert_sign = get_bit(bit_string, 5) == 1
    crl_sign = get_bit(bit_string, 6) == 1
    encipher_only = get_bit(bit_string, 7) == 1
    decipher_only = get_bit(bit_string, 8) == 1
    return x509.KeyUsage(
        digital_signature,
        content_commitment,
        key_encipherment,
        data_encipherment,
        key_agreement,
        key_cert_sign,
        crl_sign,
        encipher_only,
        decipher_only
    ) 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:26,代码来源:x509.py

示例2: _merge_key_usage

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _merge_key_usage(key_usage, allowed_key_usage):
    critical = key_usage.critical
    key_usage_value = key_usage.value

    usages = []
    for usage in extensions.KeyUsages:
        k, v = usage.value
        try:
            value = getattr(key_usage_value, v)
        except ValueError:
            # ValueError is raised when encipher_only/decipher_only is
            # retrieved but key_agreement is False
            value = False
        if value:
            if k not in allowed_key_usage:
                if critical:
                    raise exception.CertificateValidationError(
                        extension=key_usage)
                else:
                    value = False
        usages.append(value)

    rtn = x509.KeyUsage(*usages)
    return x509.Extension(rtn.oid, critical, rtn) 
开发者ID:openstack,项目名称:magnum,代码行数:26,代码来源:validator.py

示例3: _generate_csr

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _generate_csr(cls, cn, private_key, passphrase=None):
        pk = serialization.load_pem_private_key(
            data=private_key, password=passphrase,
            backend=backends.default_backend())
        csr = x509.CertificateSigningRequestBuilder().subject_name(
            x509.Name([
                x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, cn),
            ])
        )
        csr = csr.add_extension(
            x509.BasicConstraints(
                ca=False,
                path_length=None
            ),
            critical=True
        )
        csr = csr.add_extension(
            x509.KeyUsage(
                digital_signature=True,
                key_encipherment=True,
                data_encipherment=True,
                key_agreement=True,
                content_commitment=False,
                key_cert_sign=False,
                crl_sign=False,
                encipher_only=False,
                decipher_only=False
            ),
            critical=True
        )
        csr = csr.add_extension(
            x509.SubjectAlternativeName([x509.DNSName(cn)]),
            critical=False
        )
        signed_csr = csr.sign(
            pk,
            getattr(hashes, CONF.certificates.signing_digest.upper())(),
            backends.default_backend())
        return signed_csr.public_bytes(serialization.Encoding.PEM) 
开发者ID:openstack,项目名称:octavia,代码行数:41,代码来源:local.py

示例4: _build_key_usage

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _build_key_usage(self, critical=False):
        # Digital Signature and Key Encipherment are enabled
        key_usage = c_x509.KeyUsage(
            True, False, True, False, False, False, False, False, False)
        return c_x509.Extension(key_usage.oid, critical, key_usage) 
开发者ID:openstack,项目名称:magnum,代码行数:7,代码来源:test_validator.py

示例5: test_merge_key_usage_disallowed_but_not_critical

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_merge_key_usage_disallowed_but_not_critical(self):
        key_usage = self._build_key_usage()
        expected = c_x509.KeyUsage(
            True, False, False, False, False, False, False, False, False)
        expected = c_x509.Extension(expected.oid, False, expected)

        self.assertEqual(expected,
                         v._merge_key_usage(key_usage,
                                            ['Digital Signature'])) 
开发者ID:openstack,项目名称:magnum,代码行数:11,代码来源:test_validator.py

示例6: assertInClientExtensions

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def assertInClientExtensions(self, cert):
        key_usage = c_x509.KeyUsage(True, False, True, False, False, False,
                                    False, False, False)
        key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
        extended_key_usage = c_x509.ExtendedKeyUsage([c_x509.OID_CLIENT_AUTH])
        extended_key_usage = c_x509.Extension(extended_key_usage.oid, False,
                                              extended_key_usage)
        basic_constraints = c_x509.BasicConstraints(ca=False, path_length=None)
        basic_constraints = c_x509.Extension(basic_constraints.oid, True,
                                             basic_constraints)

        self.assertIn(key_usage, cert.extensions)
        self.assertIn(extended_key_usage, cert.extensions)
        self.assertIn(basic_constraints, cert.extensions) 
开发者ID:openstack,项目名称:magnum,代码行数:16,代码来源:test_sign.py

示例7: test_generate_ca_certificate_set_extentions_as_ca

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_generate_ca_certificate_set_extentions_as_ca(self):
        cert, _ = self._generate_ca_certificate(self.issuer_name)

        key_usage = c_x509.KeyUsage(False, False, False, False, False, True,
                                    False, False, False)
        key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
        basic_constraints = c_x509.BasicConstraints(ca=True, path_length=0)
        basic_constraints = c_x509.Extension(basic_constraints.oid, True,
                                             basic_constraints)

        self.assertIn(key_usage, cert.extensions)
        self.assertIn(basic_constraints, cert.extensions) 
开发者ID:openstack,项目名称:magnum,代码行数:14,代码来源:test_sign.py

示例8: _build_ca_extentions

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def _build_ca_extentions():
    # Certificate Sign is enabled
    key_usage = x509.KeyUsage(False, False, False, False, False, True, False,
                              False, False)
    key_usage = x509.Extension(key_usage.oid, True, key_usage)

    basic_constraints = x509.BasicConstraints(ca=True, path_length=0)
    basic_constraints = x509.Extension(basic_constraints.oid, True,
                                       basic_constraints)

    return [basic_constraints, key_usage] 
开发者ID:openstack,项目名称:magnum,代码行数:13,代码来源:operations.py

示例9: serialize

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def serialize(self):
        """Serialize this extension to a string in a way that it can be passed to a constructor again.

        For example, this should always be True::

            >>> ku = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']})
            >>> ku == KeyUsage(ku.serialize())
            True
        """

        return {
            'critical': self.critical,
            'value': self.value,
        } 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:16,代码来源:extensions.py

示例10: for_builder

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def for_builder(self):
        """Return kwargs suitable for a :py:class:`~cg:cryptography.x509.CertificateBuilder`.

        Example::

            >>> kwargs = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}).for_builder()
            >>> builder.add_extension(**kwargs)  # doctest: +SKIP
        """
        return {'extension': self.extension_type, 'critical': self.critical} 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:11,代码来源:extensions.py

示例11: extension_type

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def extension_type(self):
        kwargs = {v: (v in self.value) for v in self.KNOWN_VALUES}
        return x509.KeyUsage(**kwargs) 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:5,代码来源:extensions.py

示例12: test_completeness

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_completeness(self):
        # make sure whe haven't forgotton any keys anywhere
        self.assertEqual(set(KeyUsage.CRYPTOGRAPHY_MAPPING.keys()),
                         set([e[0] for e in KeyUsage.CHOICES])) 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:6,代码来源:tests_extensions.py

示例13: test_auto_add

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def test_auto_add(self):
        # decipher/encipher_only automatically add key_agreement
        self.assertEqual(KeyUsage({'value': ['decipher_only']}),
                         KeyUsage({'value': ['decipher_only', 'key_agreement']}))
        self.assertEqual(KeyUsage({'value': ['encipher_only']}),
                         KeyUsage({'value': ['encipher_only', 'key_agreement']})) 
开发者ID:mathiasertl,项目名称:django-ca,代码行数:8,代码来源:tests_extensions.py

示例14: cert_key_usage

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def cert_key_usage(**kwargs):
    """
    Helper to create x509.KeyUsage object. Function provide defaults (False)
    for unspecified KeyUsage arguments.

    Args:
        x509.KeyUsage keys. If not provided False is used for each arg.

    Return:
        x509.KeyUsage
    """
    required = [
        'digital_signature',
        'content_commitment',
        'key_encipherment',
        'data_encipherment',
        'key_agreement',
        'key_cert_sign',
        'crl_sign',
        'encipher_only',
        'decipher_only',
    ]
    for name in required:
        kwargs.setdefault(name, False)

    return x509.KeyUsage(**kwargs) 
开发者ID:dcos,项目名称:dcos-e2e,代码行数:28,代码来源:tls.py

示例15: create_certificate

# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import KeyUsage [as 别名]
def create_certificate(directory: str) -> None:
    ca_directory = user_data_dir()
    ca_key_path = os.path.join(ca_directory, CA_KEY_FILENAME)
    ca_crt_path = os.path.join(ca_directory, CA_CRT_FILENAME)

    server_key_path = os.path.join(directory, SERVER_KEY_FILENAME)
    server_crt_path = os.path.join(directory, SERVER_CRT_FILENAME)

    if not os.path.isfile(ca_key_path) or not os.path.isfile(ca_crt_path):
        raise RuntimeError(
            "Could not find CA key and certificate. Please "
            'run the command "webviz certificate --auto-install" and '
            "try again"
        )

    with open(ca_key_path, "rb") as filehandle:
        ca_key = serialization.load_pem_private_key(
            data=filehandle.read(), password=None, backend=default_backend()
        )

    with open(ca_crt_path, "rb") as filehandle:
        ca_crt = x509.load_pem_x509_certificate(
            data=filehandle.read(), backend=default_backend()
        )

    server_key = create_key(server_key_path)

    crt = (
        certificate_template(NAME, ca_crt.subject, server_key.public_key())
        .add_extension(
            critical=True,
            extension=x509.KeyUsage(
                digital_signature=True,
                key_encipherment=True,
                content_commitment=True,
                data_encipherment=False,
                key_agreement=False,
                encipher_only=False,
                decipher_only=False,
                key_cert_sign=False,
                crl_sign=False,
            ),
        )
        .add_extension(
            critical=False,
            extension=x509.AuthorityKeyIdentifier.from_issuer_public_key(
                ca_key.public_key()
            ),
        )
        .sign(private_key=ca_key, algorithm=hashes.SHA256(), backend=default_backend())
    )

    with open(server_crt_path, "wb") as filehandle:
        filehandle.write(crt.public_bytes(encoding=serialization.Encoding.PEM)) 
开发者ID:equinor,项目名称:webviz-config,代码行数:56,代码来源:_certificate_generator.py


注:本文中的cryptography.x509.KeyUsage方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。