本文整理汇总了Python中oscrypto.asymmetric.load_certificate方法的典型用法代码示例。如果您正苦于以下问题:Python asymmetric.load_certificate方法的具体用法?Python asymmetric.load_certificate怎么用?Python asymmetric.load_certificate使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类oscrypto.asymmetric
的用法示例。
在下文中一共展示了asymmetric.load_certificate方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_build_no_certificate
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_no_certificate(self):
issuer_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test.key'))
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
with self.assertRaisesRegex(ValueError, 'must be set if the response_status is "successful"'):
builder = OCSPResponseBuilder('successful', subject_cert, 'good')
builder.certificate = None
builder.build(issuer_key, issuer_cert)
with self.assertRaisesRegex(ValueError, 'must be set if the response_status is "successful"'):
builder = OCSPResponseBuilder('successful', subject_cert, 'good')
builder.certificate_status = None
builder.build(issuer_key, issuer_cert)
with self.assertRaisesRegex(ValueError, 'must be set if the response_status is "successful"'):
builder = OCSPResponseBuilder('successful', subject_cert)
builder.build(issuer_key, issuer_cert)
with self.assertRaisesRegex(ValueError, 'must be set if the response_status is "successful"'):
builder = OCSPResponseBuilder('successful', None, 'good')
builder.build(issuer_key, issuer_cert)
示例2: test_build_revoked_no_reason
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_revoked_no_reason(self):
issuer_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test.key'))
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
revoked_time = datetime(2015, 9, 1, 12, 0, 0, tzinfo=timezone.utc)
builder = OCSPResponseBuilder('successful', subject_cert, 'revoked', revoked_time)
ocsp_response = builder.build(issuer_key, issuer_cert)
der_bytes = ocsp_response.dump()
new_response = asn1crypto.ocsp.OCSPResponse.load(der_bytes)
basic_response = new_response['response_bytes']['response'].parsed
response_data = basic_response['tbs_response_data']
cert_response = response_data['responses'][0]
self.assertEqual('revoked', cert_response['cert_status'].name)
self.assertEqual(revoked_time, cert_response['cert_status'].chosen['revocation_time'].native)
self.assertEqual('unspecified', cert_response['cert_status'].chosen['revocation_reason'].native)
示例3: load_verify_cert
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def load_verify_cert(self):
if self.validate_certs:
# Convert the certificate to DER format
cert = pem_to_der(self.verify_cert, return_multiple=False)
# Convert the ca certificate to DER format
if self.verify_cert_ca:
trust_roots = pem_to_der(self.verify_cert_ca)
else:
trust_roots = []
# Verify the certificate against the trusted roots
verify_certificate_chain(
cert, trust_roots, ignore_self_signed=self.ignore_self_signed
)
return asymmetric.load_certificate(self.verify_cert)
示例4: load_encrypt_cert
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def load_encrypt_cert(self):
if self.validate_certs:
# Convert the certificate to DER format
cert = pem_to_der(self.encrypt_cert, return_multiple=False)
# Convert the ca certificate to DER format
if self.encrypt_cert_ca:
trust_roots = pem_to_der(self.encrypt_cert_ca)
else:
trust_roots = []
# Verify the certificate against the trusted roots
verify_certificate_chain(
cert, trust_roots, ignore_self_signed=self.ignore_self_signed
)
return asymmetric.load_certificate(self.encrypt_cert)
示例5: test_cert_attributes
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_cert_attributes(self):
cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'keys/test.crt'))
self.assertEqual(2048, cert.bit_size)
self.assertEqual(256, cert.byte_size)
self.assertEqual('rsa', cert.algorithm)
示例6: test_cert_ec_attributes
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_cert_ec_attributes(self):
cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'keys/test-ec-named.crt'))
self.assertEqual(256, cert.bit_size)
self.assertEqual(32, cert.byte_size)
self.assertEqual('secp256r1', cert.curve)
self.assertEqual('ec', cert.algorithm)
示例7: test_dump_certificate
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_dump_certificate(self):
cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'keys/test.crt'))
pem_serialized = asymmetric.dump_certificate(cert)
cert_reloaded = asymmetric.load_certificate(pem_serialized)
self.assertIsInstance(cert_reloaded, asymmetric.Certificate)
self.assertEqual('rsa', cert_reloaded.algorithm)
示例8: test_build_good_response
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_good_response(self):
issuer_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test.key'))
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
builder = OCSPResponseBuilder('successful', subject_cert, 'good')
ocsp_response = builder.build(issuer_key, issuer_cert)
der_bytes = ocsp_response.dump()
new_response = asn1crypto.ocsp.OCSPResponse.load(der_bytes)
basic_response = new_response['response_bytes']['response'].parsed
response_data = basic_response['tbs_response_data']
self.assertEqual('sha256', basic_response['signature_algorithm'].hash_algo)
self.assertEqual('rsassa_pkcs1v15', basic_response['signature_algorithm'].signature_algo)
self.assertEqual('v1', response_data['version'].native)
self.assertEqual('by_key', response_data['responder_id'].name)
self.assertEqual(
issuer_cert.asn1.public_key.sha1,
response_data['responder_id'].chosen.native
)
self.assertGreaterEqual(datetime.now(timezone.utc), response_data['produced_at'].native)
self.assertEqual(1, len(response_data['responses']))
self.assertEqual(0, len(response_data['response_extensions']))
cert_response = response_data['responses'][0]
self.assertEqual('sha1', cert_response['cert_id']['hash_algorithm']['algorithm'].native)
self.assertEqual(issuer_cert.asn1.subject.sha1, cert_response['cert_id']['issuer_name_hash'].native)
self.assertEqual(issuer_cert.asn1.public_key.sha1, cert_response['cert_id']['issuer_key_hash'].native)
self.assertEqual(subject_cert.asn1.serial_number, cert_response['cert_id']['serial_number'].native)
self.assertEqual('good', cert_response['cert_status'].name)
self.assertGreaterEqual(datetime.now(timezone.utc), cert_response['this_update'].native)
self.assertGreaterEqual(set(), cert_response.critical_extensions)
示例9: test_build_revoked_response
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_revoked_response(self):
issuer_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test.key'))
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
revoked_time = datetime(2015, 9, 1, 12, 0, 0, tzinfo=timezone.utc)
builder = OCSPResponseBuilder('successful', subject_cert, 'key_compromise', revoked_time)
ocsp_response = builder.build(issuer_key, issuer_cert)
der_bytes = ocsp_response.dump()
new_response = asn1crypto.ocsp.OCSPResponse.load(der_bytes)
basic_response = new_response['response_bytes']['response'].parsed
response_data = basic_response['tbs_response_data']
self.assertEqual('sha256', basic_response['signature_algorithm'].hash_algo)
self.assertEqual('rsassa_pkcs1v15', basic_response['signature_algorithm'].signature_algo)
self.assertEqual('v1', response_data['version'].native)
self.assertEqual('by_key', response_data['responder_id'].name)
self.assertEqual(
issuer_cert.asn1.public_key.sha1,
response_data['responder_id'].chosen.native
)
self.assertGreaterEqual(datetime.now(timezone.utc), response_data['produced_at'].native)
self.assertEqual(1, len(response_data['responses']))
self.assertEqual(0, len(response_data['response_extensions']))
cert_response = response_data['responses'][0]
self.assertEqual('sha1', cert_response['cert_id']['hash_algorithm']['algorithm'].native)
self.assertEqual(issuer_cert.asn1.subject.sha1, cert_response['cert_id']['issuer_name_hash'].native)
self.assertEqual(issuer_cert.asn1.public_key.sha1, cert_response['cert_id']['issuer_key_hash'].native)
self.assertEqual(subject_cert.asn1.serial_number, cert_response['cert_id']['serial_number'].native)
self.assertEqual('revoked', cert_response['cert_status'].name)
self.assertEqual(revoked_time, cert_response['cert_status'].chosen['revocation_time'].native)
self.assertEqual('key_compromise', cert_response['cert_status'].chosen['revocation_reason'].native)
self.assertGreaterEqual(datetime.now(timezone.utc), cert_response['this_update'].native)
self.assertGreaterEqual(set(), cert_response.critical_extensions)
示例10: test_build_delegated_good_response
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_delegated_good_response(self):
responder_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test-ocsp.key'), 'password')
responder_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-ocsp.crt'))
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
builder = OCSPResponseBuilder('successful', subject_cert, 'good')
builder.certificate_issuer = issuer_cert
ocsp_response = builder.build(responder_key, responder_cert)
der_bytes = ocsp_response.dump()
new_response = asn1crypto.ocsp.OCSPResponse.load(der_bytes)
basic_response = new_response['response_bytes']['response'].parsed
response_data = basic_response['tbs_response_data']
self.assertEqual('sha256', basic_response['signature_algorithm'].hash_algo)
self.assertEqual('rsassa_pkcs1v15', basic_response['signature_algorithm'].signature_algo)
self.assertEqual('v1', response_data['version'].native)
self.assertEqual('by_key', response_data['responder_id'].name)
self.assertEqual(
responder_cert.asn1.public_key.sha1,
response_data['responder_id'].chosen.native
)
self.assertGreaterEqual(datetime.now(timezone.utc), response_data['produced_at'].native)
self.assertEqual(1, len(response_data['responses']))
self.assertEqual(0, len(response_data['response_extensions']))
cert_response = response_data['responses'][0]
self.assertEqual('sha1', cert_response['cert_id']['hash_algorithm']['algorithm'].native)
self.assertEqual(issuer_cert.asn1.subject.sha1, cert_response['cert_id']['issuer_name_hash'].native)
self.assertEqual(issuer_cert.asn1.public_key.sha1, cert_response['cert_id']['issuer_key_hash'].native)
self.assertEqual(subject_cert.asn1.serial_number, cert_response['cert_id']['serial_number'].native)
self.assertEqual('good', cert_response['cert_status'].name)
self.assertGreaterEqual(datetime.now(timezone.utc), cert_response['this_update'].native)
self.assertGreaterEqual(set(), cert_response.critical_extensions)
示例11: test_build_basic_request
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_basic_request(self):
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
builder = OCSPRequestBuilder(subject_cert, issuer_cert)
ocsp_request = builder.build()
der_bytes = ocsp_request.dump()
new_request = asn1crypto.ocsp.OCSPRequest.load(der_bytes)
tbs_request = new_request['tbs_request']
self.assertEqual(None, new_request['optional_signature'].native)
self.assertEqual('v1', tbs_request['version'].native)
self.assertEqual(None, tbs_request['requestor_name'].native)
self.assertEqual(1, len(tbs_request['request_list']))
request = tbs_request['request_list'][0]
self.assertEqual('sha1', request['req_cert']['hash_algorithm']['algorithm'].native)
self.assertEqual(issuer_cert.asn1.subject.sha1, request['req_cert']['issuer_name_hash'].native)
self.assertEqual(issuer_cert.asn1.public_key.sha1, request['req_cert']['issuer_key_hash'].native)
self.assertEqual(subject_cert.asn1.serial_number, request['req_cert']['serial_number'].native)
self.assertEqual(0, len(request['single_request_extensions']))
self.assertEqual(1, len(tbs_request['request_extensions']))
extn = tbs_request['request_extensions'][0]
self.assertEqual('nonce', extn['extn_id'].native)
self.assertEqual(16, len(extn['extn_value'].parsed.native))
示例12: test_build_signed_request
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_build_signed_request(self):
issuer_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt'))
subject_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-inter.crt'))
requestor_cert = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test-third.crt'))
requestor_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test-third.key'))
builder = OCSPRequestBuilder(subject_cert, issuer_cert)
ocsp_request = builder.build(requestor_key, requestor_cert, [subject_cert, issuer_cert])
der_bytes = ocsp_request.dump()
new_request = asn1crypto.ocsp.OCSPRequest.load(der_bytes)
tbs_request = new_request['tbs_request']
signature = new_request['optional_signature']
self.assertEqual('sha256', signature['signature_algorithm'].hash_algo)
self.assertEqual('rsassa_pkcs1v15', signature['signature_algorithm'].signature_algo)
self.assertEqual(3, len(signature['certs']))
self.assertEqual('v1', tbs_request['version'].native)
self.assertEqual(requestor_cert.asn1.subject, tbs_request['requestor_name'].chosen)
self.assertEqual(1, len(tbs_request['request_list']))
request = tbs_request['request_list'][0]
self.assertEqual('sha1', request['req_cert']['hash_algorithm']['algorithm'].native)
self.assertEqual(issuer_cert.asn1.subject.sha1, request['req_cert']['issuer_name_hash'].native)
self.assertEqual(issuer_cert.asn1.public_key.sha1, request['req_cert']['issuer_key_hash'].native)
self.assertEqual(subject_cert.asn1.serial_number, request['req_cert']['serial_number'].native)
self.assertEqual(0, len(request['single_request_extensions']))
self.assertEqual(1, len(tbs_request['request_extensions']))
extn = tbs_request['request_extensions'][0]
self.assertEqual('nonce', extn['extn_id'].native)
self.assertEqual(16, len(extn['extn_value'].parsed.native))
示例13: load_key
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def load_key(key_str: bytes, key_pass: str):
"""Function to load password protected key file in p12 or pem format."""
try:
# First try to parse as a p12 file
key, cert, _ = asymmetric.load_pkcs12(key_str, key_pass)
except ValueError as e:
# If it fails due to invalid password raise error here
if e.args[0] == "Password provided is invalid":
raise AS2Exception("Password not valid for Private Key.")
# if not try to parse as a pem file
key, cert = None, None
for kc in split_pem(key_str):
try:
cert = asymmetric.load_certificate(kc)
except (ValueError, TypeError):
try:
key = asymmetric.load_private_key(kc, key_pass)
except OSError:
raise AS2Exception(
"Invalid Private Key or password is not correct."
)
if not key or not cert:
raise AS2Exception("Invalid Private key file or Public key not included.")
return key, cert
示例14: test_signing
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_signing():
"""Test the signing and verification functions."""
# Load the signature key
with open(os.path.join(TEST_DIR, "cert_test.p12"), "rb") as fp:
sign_key = Organization.load_key(fp.read(), "test")
with open(os.path.join(TEST_DIR, "cert_test_public.pem"), "rb") as fp:
verify_cert = asymmetric.load_certificate(fp.read())
# Test failure of signature verification
with pytest.raises(IntegrityError):
cms.verify_message(b"data", INVALID_DATA, None)
# Test signature without signed attributes
cms.sign_message(
b"data", digest_alg="sha256", sign_key=sign_key, use_signed_attributes=False
)
# Test pss signature and verification
signature = cms.sign_message(
b"data", digest_alg="sha256", sign_key=sign_key, sign_alg="rsassa_pss"
)
cms.verify_message(b"data", signature, verify_cert)
# Test unsupported signature alg
with pytest.raises(AS2Exception):
cms.sign_message(
b"data", digest_alg="sha256", sign_key=sign_key, sign_alg="rsassa_pssa"
)
# Test unsupported digest alg
with pytest.raises(AS2Exception):
cms.sign_message(
b"data",
digest_alg="sha-256",
sign_key=sign_key,
use_signed_attributes=False,
)
示例15: test_encryption
# 需要导入模块: from oscrypto import asymmetric [as 别名]
# 或者: from oscrypto.asymmetric import load_certificate [as 别名]
def test_encryption():
"""Test the encryption and decryption functions."""
with open(os.path.join(TEST_DIR, "cert_test.p12"), "rb") as fp:
decrypt_key = Organization.load_key(fp.read(), "test")
with open(os.path.join(TEST_DIR, "cert_test_public.pem"), "rb") as fp:
encrypt_cert = asymmetric.load_certificate(fp.read())
with pytest.raises(DecryptionError):
cms.decrypt_message(INVALID_DATA, None)
# Test all the encryption algorithms
enc_algorithms = [
"rc2_128_cbc",
"rc4_128_cbc",
"aes_128_cbc",
"aes_192_cbc",
"aes_256_cbc",
]
for enc_algorithm in enc_algorithms:
encrypted_data = cms.encrypt_message(b"data", enc_algorithm, encrypt_cert)
_, decrypted_data = cms.decrypt_message(encrypted_data, decrypt_key)
assert decrypted_data == b"data"
# Test no encryption algorithm
with pytest.raises(AS2Exception):
cms.encrypt_message(b"data", "rc5_128_cbc", encrypt_cert)
# Test no encryption algorithm on decrypt
encrypted_data = cms.encrypt_message(b"data", "des_64_cbc", encrypt_cert)
with pytest.raises(AS2Exception):
cms.decrypt_message(encrypted_data, decrypt_key)