本文整理汇总了Python中cryptography.x509.ReasonFlags方法的典型用法代码示例。如果您正苦于以下问题:Python x509.ReasonFlags方法的具体用法?Python x509.ReasonFlags怎么用?Python x509.ReasonFlags使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.x509
的用法示例。
在下文中一共展示了x509.ReasonFlags方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_revocation
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import ReasonFlags [as 别名]
def get_revocation(self):
if self.revoked is False:
raise ValueError('Certificate is not revoked.')
revoked_cert = x509.RevokedCertificateBuilder().serial_number(
self.x509.serial_number).revocation_date(self.revoked_date)
reason = self.get_revocation_reason()
if reason != x509.ReasonFlags.unspecified:
# RFC 5270, 5.3.1: "reason code CRL entry extension SHOULD be absent instead of using the
# unspecified (0) reasonCode value"
revoked_cert = revoked_cert.add_extension(x509.CRLReason(reason), critical=False)
compromised = self.get_compromised_time()
if compromised:
# RFC 5280, 5.3.2 says that this extension MUST be non-critical
revoked_cert = revoked_cert.add_extension(x509.InvalidityDate(compromised), critical=False)
return revoked_cert.build(default_backend())
示例2: __init__
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import ReasonFlags [as 别名]
def __init__(self, data=None):
if data is None:
data = {}
if isinstance(data, x509.DistributionPoint):
self.full_name = _gnl_or_empty(data.full_name)
self.relative_name = data.relative_name
self.crl_issuer = _gnl_or_empty(data.crl_issuer)
self.reasons = data.reasons
elif isinstance(data, dict):
self.full_name = _gnl_or_empty(data.get('full_name'))
self.relative_name = data.get('relative_name')
self.crl_issuer = _gnl_or_empty(data.get('crl_issuer'))
self.reasons = data.get('reasons')
if self.full_name is not None and self.relative_name is not None:
raise ValueError('full_name and relative_name cannot both have a value')
if self.relative_name is not None:
self.relative_name = x509_relative_name(self.relative_name)
if self.reasons is not None:
self.reasons = frozenset([x509.ReasonFlags[r] for r in self.reasons])
else:
raise ValueError('data must be x509.DistributionPoint or dict')
示例3: get_revocation_reason
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import ReasonFlags [as 别名]
def get_revocation_reason(self):
"""Get the revocation reason of this certificate."""
if self.revoked is False:
return
return x509.ReasonFlags[self.revoked_reason]
示例4: revoke
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import ReasonFlags [as 别名]
def revoke(self, reason='', compromised=None):
if not reason:
reason = ReasonFlags.unspecified
pre_revoke_cert.send(sender=self.__class__, cert=self, reason=reason)
self.revoked = True
self.revoked_date = timezone.now()
self.revoked_reason = reason.name
self.compromised = compromised
self.save()
post_revoke_cert.send(sender=self.__class__, cert=self)
示例5: test_get_revocation_reason
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import ReasonFlags [as 别名]
def test_get_revocation_reason(self):
cert = self.certs['child-cert']
self.assertIsNone(cert.get_revocation_reason())
for reason in ReasonFlags:
cert.revoke(reason)
got = cert.get_revocation_reason()
self.assertIsInstance(got, x509.ReasonFlags)
self.assertEqual(got.name, reason.name)
示例6: __init__
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import ReasonFlags [as 别名]
def __init__(self, cert, issuer, algorithm, cert_status, this_update,
next_update, revocation_time, revocation_reason):
if (
not isinstance(cert, x509.Certificate) or
not isinstance(issuer, x509.Certificate)
):
raise TypeError("cert and issuer must be a Certificate")
_verify_algorithm(algorithm)
if not isinstance(this_update, datetime.datetime):
raise TypeError("this_update must be a datetime object")
if (
next_update is not None and
not isinstance(next_update, datetime.datetime)
):
raise TypeError("next_update must be a datetime object or None")
self._cert = cert
self._issuer = issuer
self._algorithm = algorithm
self._this_update = this_update
self._next_update = next_update
if not isinstance(cert_status, OCSPCertStatus):
raise TypeError(
"cert_status must be an item from the OCSPCertStatus enum"
)
if cert_status is not OCSPCertStatus.REVOKED:
if revocation_time is not None:
raise ValueError(
"revocation_time can only be provided if the certificate "
"is revoked"
)
if revocation_reason is not None:
raise ValueError(
"revocation_reason can only be provided if the certificate"
" is revoked"
)
else:
if not isinstance(revocation_time, datetime.datetime):
raise TypeError("revocation_time must be a datetime object")
revocation_time = _convert_to_naive_utc_time(revocation_time)
if revocation_time < _EARLIEST_UTC_TIME:
raise ValueError('The revocation_time must be on or after'
' 1950 January 1.')
if (
revocation_reason is not None and
not isinstance(revocation_reason, x509.ReasonFlags)
):
raise TypeError(
"revocation_reason must be an item from the ReasonFlags "
"enum or None"
)
self._cert_status = cert_status
self._revocation_time = revocation_time
self._revocation_reason = revocation_reason