本文整理匯總了Python中OpenSSL.crypto.Error方法的典型用法代碼示例。如果您正苦於以下問題:Python crypto.Error方法的具體用法?Python crypto.Error怎麽用?Python crypto.Error使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類OpenSSL.crypto
的用法示例。
在下文中一共展示了crypto.Error方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: tearDown
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def tearDown(self):
"""
Clean up any files or directories created using :py:meth:`TestCase.mktemp`.
Subclasses must invoke this method if they override it or the
cleanup will not occur.
"""
if False and self._temporaryFiles is not None:
for temp in self._temporaryFiles:
if os.path.isdir(temp):
shutil.rmtree(temp)
elif os.path.exists(temp):
os.unlink(temp)
try:
exception_from_error_queue(Error)
except Error:
e = sys.exc_info()[1]
if e.args != ([],):
self.fail("Left over errors in OpenSSL error queue: " + repr(e))
示例2: test_invalid_extension
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_invalid_extension(self):
"""
:py:class:`X509Extension` raises something if it is passed a bad extension
name or value.
"""
self.assertRaises(
Error, X509Extension, b('thisIsMadeUp'), False, b('hi'))
self.assertRaises(
Error, X509Extension, b('basicConstraints'), False, b('blah blah'))
# Exercise a weird one (an extension which uses the r2i method). This
# exercises the codepath that requires a non-NULL ctx to be passed to
# X509V3_EXT_nconf. It can't work now because we provide no
# configuration database. It might be made to work in the future.
self.assertRaises(
Error, X509Extension, b('proxyCertInfo'), True,
b('language:id-ppl-anyLanguage,pathlen:1,policy:text:AB'))
示例3: test_sign
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_sign(self):
"""
:py:meth:`X509Req.sign` succeeds when passed a private key object and a valid
digest function. :py:meth:`X509Req.verify` can be used to check the signature.
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
request.set_pubkey(key)
request.sign(key, GOOD_DIGEST)
# If the type has a verify method, cover that too.
if getattr(request, 'verify', None) is not None:
pub = request.get_pubkey()
self.assertTrue(request.verify(pub))
# Make another key that won't verify.
key = PKey()
key.generate_key(TYPE_RSA, 512)
self.assertRaises(Error, request.verify, key)
示例4: test_key_only
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_key_only(self):
"""
A :py:obj:`PKCS12` with only a private key can be exported using
:py:obj:`PKCS12.export` and loaded again using :py:obj:`load_pkcs12`.
"""
passwd = b"blah"
p12 = PKCS12()
pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
p12.set_privatekey(pkey)
self.assertEqual(None, p12.get_certificate())
self.assertEqual(pkey, p12.get_privatekey())
try:
dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
except Error:
# Some versions of OpenSSL will throw an exception
# for this nearly useless PKCS12 we tried to generate:
# [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
return
p12 = load_pkcs12(dumped_p12, passwd)
self.assertEqual(None, p12.get_ca_certificates())
self.assertEqual(None, p12.get_certificate())
# OpenSSL fails to bring the key back to us. So sad. Perhaps in the
# future this will be improved.
self.assertTrue(isinstance(p12.get_privatekey(), (PKey, type(None))))
示例5: test_load_without_mac
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_load_without_mac(self):
"""
Loading a PKCS12 without a MAC does something other than crash.
"""
passwd = b"Lake Michigan"
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
try:
recovered_p12 = load_pkcs12(dumped_p12, passwd)
# The person who generated this PCKS12 should be flogged,
# or better yet we should have a means to determine
# whether a PCKS12 had a MAC that was verified.
# Anyway, libopenssl chooses to allow it, so the
# pyopenssl binding does as well.
self.assertTrue(isinstance(recovered_p12, PKCS12))
except Error:
# Failing here with an exception is preferred as some openssl
# versions do.
pass
示例6: verify
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string or bytes, The message to verify. If string, will be
encoded to bytes as utf-8.
signature: string or bytes, The signature on the message. If string,
will be encoded to bytes as utf-8.
Returns:
True if message was signed by the private key associated with the
public key that this object was constructed with.
"""
message = _to_bytes(message, encoding='utf-8')
signature = _to_bytes(signature, encoding='utf-8')
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except crypto.Error:
return False
示例7: from_string
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def from_string(key_pem, is_x509_cert):
"""Construct a Verified instance from a string.
Args:
key_pem: string, public key in PEM format.
is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it
is expected to be an RSA key in PEM format.
Returns:
Verifier instance.
Raises:
OpenSSL.crypto.Error: if the key_pem can't be parsed.
"""
key_pem = _to_bytes(key_pem)
if is_x509_cert:
pubkey = crypto.load_certificate(crypto.FILETYPE_PEM, key_pem)
else:
pubkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key_pem)
return OpenSSLVerifier(pubkey)
示例8: setup_remote_pydev_debug
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def setup_remote_pydev_debug(host, port):
error_msg = ('Error setting up the debug environment. Verify that the'
' option pydev_worker_debug_host is pointing to a valid '
'hostname or IP on which a pydev server is listening on'
' the port indicated by pydev_worker_debug_port.')
try:
try:
from pydev import pydevd
except ImportError:
import pydevd
pydevd.settrace(host,
port=port,
stdoutToServer=True,
stderrToServer=True)
return True
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(error_msg)
示例9: verify
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string or bytes, The message to verify. If string, will be
encoded to bytes as utf-8.
signature: string or bytes, The signature on the message. If string,
will be encoded to bytes as utf-8.
Returns:
True if message was signed by the private key associated with the
public key that this object was constructed with.
"""
message = _helpers._to_bytes(message, encoding='utf-8')
signature = _helpers._to_bytes(signature, encoding='utf-8')
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except crypto.Error:
return False
示例10: from_string
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def from_string(key_pem, is_x509_cert):
"""Construct a Verified instance from a string.
Args:
key_pem: string, public key in PEM format.
is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it
is expected to be an RSA key in PEM format.
Returns:
Verifier instance.
Raises:
OpenSSL.crypto.Error: if the key_pem can't be parsed.
"""
key_pem = _helpers._to_bytes(key_pem)
if is_x509_cert:
pubkey = crypto.load_certificate(crypto.FILETYPE_PEM, key_pem)
else:
pubkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key_pem)
return OpenSSLVerifier(pubkey)
示例11: _check_cert_expiration_date
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def _check_cert_expiration_date(self, cert_name, cert):
try:
loaded_cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
expire_date = datetime.strptime(loaded_cert.get_notAfter(), "%Y%m%d%H%M%SZ")
expire_in = expire_date - datetime.now()
if expire_in.days > 7:
self.logger.debug('Certificate %s is ok', cert_name)
CERT_EXPIRATION.labels(cert_name).state('valid')
elif 7 >= expire_in.days > 0:
self.logger.warning('Certificate %s will expire in %s', cert_name, expire_in.days)
CERT_EXPIRATION.labels(cert_name).state('expire_soon')
else:
self.logger.warning('Certificate %s expired!', cert_name)
CERT_EXPIRATION.labels(cert_name).state('expired')
except crypto.Error:
if cert_name:
self.logger.warning('Certificate not provided or incorrect: %s', cert_name)
CERT_EXPIRATION.labels(cert_name).state('expired')
else:
self.logger.warning('Certificate not provided or incorrect')
CERT_EXPIRATION.labels('None').state('expired')
示例12: test_sign
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_sign(self):
"""
`X509Req.sign` succeeds when passed a private key object and a
valid digest function. `X509Req.verify` can be used to check
the signature.
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
request.set_pubkey(key)
request.sign(key, GOOD_DIGEST)
# If the type has a verify method, cover that too.
if getattr(request, 'verify', None) is not None:
pub = request.get_pubkey()
assert request.verify(pub)
# Make another key that won't verify.
key = PKey()
key.generate_key(TYPE_RSA, 512)
with pytest.raises(Error):
request.verify(key)
示例13: test_key_only
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_key_only(self):
"""
A `PKCS12` with only a private key can be exported using
`PKCS12.export` and loaded again using `load_pkcs12`.
"""
passwd = b"blah"
p12 = PKCS12()
pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
p12.set_privatekey(pkey)
assert None is p12.get_certificate()
assert pkey == p12.get_privatekey()
try:
dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
except Error:
# Some versions of OpenSSL will throw an exception
# for this nearly useless PKCS12 we tried to generate:
# [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
return
p12 = load_pkcs12(dumped_p12, passwd)
assert None is p12.get_ca_certificates()
assert None is p12.get_certificate()
# OpenSSL fails to bring the key back to us. So sad. Perhaps in the
# future this will be improved.
assert isinstance(p12.get_privatekey(), (PKey, type(None)))
示例14: test_load_without_mac
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def test_load_without_mac(self):
"""
Loading a PKCS12 without a MAC does something other than crash.
"""
passwd = b"Lake Michigan"
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
try:
recovered_p12 = load_pkcs12(dumped_p12, passwd)
# The person who generated this PCKS12 should be flogged,
# or better yet we should have a means to determine
# whether a PCKS12 had a MAC that was verified.
# Anyway, libopenssl chooses to allow it, so the
# pyopenssl binding does as well.
assert isinstance(recovered_p12, PKCS12)
except Error:
# Failing here with an exception is preferred as some openssl
# versions do.
pass
示例15: verify_signature
# 需要導入模塊: from OpenSSL import crypto [as 別名]
# 或者: from OpenSSL.crypto import Error [as 別名]
def verify_signature(amazon_cert: crypto.X509, signature: str, request_body: bytes) -> bool:
"""Verifies Alexa request signature.
Args:
amazon_cert: Pycrypto X509 Amazon certificate.
signature: Base64 decoded Alexa request signature from Signature HTTP header.
request_body: full HTTPS request body
Returns:
result: True if verification was successful, False if not.
"""
signature = base64.b64decode(signature)
try:
crypto.verify(amazon_cert, signature, request_body, 'sha1')
result = True
except crypto.Error:
result = False
return result