本文整理汇总了Python中cryptography.x509.UniformResourceIdentifier方法的典型用法代码示例。如果您正苦于以下问题:Python x509.UniformResourceIdentifier方法的具体用法?Python x509.UniformResourceIdentifier怎么用?Python x509.UniformResourceIdentifier使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.x509
的用法示例。
在下文中一共展示了x509.UniformResourceIdentifier方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_verify_crl_unknown_scheme
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def test_verify_crl_unknown_scheme(cert_builder, private_key):
"""Unknown distribution point URI schemes should be ignored."""
ldap_uri = "ldap://ldap.example.org/cn=Example%20Certificate%20Authority?certificateRevocationList;binary"
crl_dp = x509.DistributionPoint(
[UniformResourceIdentifier(ldap_uri)],
relative_name=None,
reasons=None,
crl_issuer=None,
)
cert = cert_builder.add_extension(
x509.CRLDistributionPoints([crl_dp]), critical=False
).sign(private_key, hashes.SHA256(), default_backend())
with mktempfile() as cert_tmp:
with open(cert_tmp, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
# Must not raise exception
crl_verify(cert, cert_tmp)
示例2: test_verify_crl_unreachable
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def test_verify_crl_unreachable(cert_builder, private_key):
"""Unreachable CRL distribution point results in error."""
ldap_uri = "http://invalid.example.org/crl/foobar.crl"
crl_dp = x509.DistributionPoint(
[UniformResourceIdentifier(ldap_uri)],
relative_name=None,
reasons=None,
crl_issuer=None,
)
cert = cert_builder.add_extension(
x509.CRLDistributionPoints([crl_dp]), critical=False
).sign(private_key, hashes.SHA256(), default_backend())
with mktempfile() as cert_tmp:
with open(cert_tmp, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
with pytest.raises(Exception, match="Unable to retrieve CRL:"):
crl_verify(cert, cert_tmp)
示例3: get_common_extensions
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def get_common_extensions(self, issuer_url=None, crl_url=None, ocsp_url=None):
extensions = []
if crl_url:
urls = [x509.UniformResourceIdentifier(force_text(c)) for c in crl_url]
dps = [x509.DistributionPoint(full_name=[c], relative_name=None, crl_issuer=None, reasons=None)
for c in urls]
extensions.append((False, x509.CRLDistributionPoints(dps)))
auth_info_access = []
if ocsp_url:
uri = x509.UniformResourceIdentifier(force_text(ocsp_url))
auth_info_access.append(x509.AccessDescription(
access_method=AuthorityInformationAccessOID.OCSP, access_location=uri))
if issuer_url:
uri = x509.UniformResourceIdentifier(force_text(issuer_url))
auth_info_access.append(x509.AccessDescription(
access_method=AuthorityInformationAccessOID.CA_ISSUERS, access_location=uri))
if auth_info_access:
extensions.append((False, x509.AuthorityInformationAccess(auth_info_access)))
return extensions
示例4: _serialize
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def _serialize(self, value, attr, obj):
general_names = []
name_type = None
if value:
for name in value._general_names:
value = name.value
if isinstance(name, x509.DNSName):
name_type = "DNSName"
elif isinstance(name, x509.IPAddress):
if isinstance(value, ipaddress.IPv4Network):
name_type = "IPNetwork"
else:
name_type = "IPAddress"
value = str(value)
elif isinstance(name, x509.UniformResourceIdentifier):
name_type = "uniformResourceIdentifier"
elif isinstance(name, x509.DirectoryName):
name_type = "directoryName"
elif isinstance(name, x509.RFC822Name):
name_type = "rfc822Name"
elif isinstance(name, x509.RegisteredID):
name_type = "registeredID"
value = value.dotted_string
else:
current_app.logger.warning(
"Unknown SubAltName type: {name}".format(name=name)
)
continue
general_names.append({"nameType": name_type, "value": value})
return general_names
示例5: test_full_crl
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def test_full_crl(self):
ca = self.cas['root']
child = self.cas['child']
cert = self.certs['root-cert']
full_name = 'http://localhost/crl'
idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)])
crl = ca.get_crl(full_name=[full_name]).public_bytes(Encoding.PEM)
self.assertCRL(crl, idp=idp, signer=ca)
ca.crl_url = full_name
ca.save()
crl = ca.get_crl().public_bytes(Encoding.PEM)
self.assertCRL(crl, idp=idp, crl_number=1, signer=ca)
# revoke a cert
cert.revoke()
crl = ca.get_crl().public_bytes(Encoding.PEM)
self.assertCRL(crl, idp=idp, certs=[cert], crl_number=2, signer=ca)
# also revoke a CA
child.revoke()
crl = ca.get_crl().public_bytes(Encoding.PEM)
self.assertCRL(crl, idp=idp, certs=[cert, child], crl_number=3, signer=ca)
# unrevoke cert (so we have all three combinations)
cert.revoked = False
cert.revoked_date = None
cert.revoked_reason = ''
cert.save()
crl = ca.get_crl().public_bytes(Encoding.PEM)
self.assertCRL(crl, idp=idp, certs=[child], crl_number=4, signer=ca)
示例6: test_no_auth_key_identifier
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def test_no_auth_key_identifier(self):
# All CAs have a authority key identifier, so we mock that this exception is not present
def side_effect(cls):
raise x509.ExtensionNotFound('mocked', x509.AuthorityKeyIdentifier.oid)
ca = self.cas['child']
full_name = 'http://localhost/crl'
idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)])
with mock.patch('cryptography.x509.extensions.Extensions.get_extension_for_oid',
side_effect=side_effect):
crl = ca.get_crl(full_name=[full_name]).public_bytes(Encoding.PEM)
self.assertCRL(crl, idp=idp, signer=ca, skip_authority_key_identifier=True)
示例7: test_uri
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def test_uri(self):
url = 'https://example.com'
self.assertEqual(parse_general_name(url), x509.UniformResourceIdentifier(url))
self.assertEqual(parse_general_name('uri:%s' % url), x509.UniformResourceIdentifier(url))
示例8: uri
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def uri(u): # just a shortcut
return x509.UniformResourceIdentifier(u)
示例9: test_full_scope
# 需要导入模块: from cryptography import x509 [as 别名]
# 或者: from cryptography.x509 import UniformResourceIdentifier [as 别名]
def test_full_scope(self):
full_name = 'http://localhost/crl'
idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)])
self.ca.crl_url = full_name
self.ca.save()
response = self.client.get(reverse('full', kwargs={'serial': self.ca.serial}))
self.assertEqual(response.status_code, 200)
self.assertEqual(response['Content-Type'], 'application/pkix-crl')
self.assertCRL(response.content, encoding=Encoding.DER, expires=600, idp=idp)