本文整理匯總了Python中cryptography.x509.CRLDistributionPoints方法的典型用法代碼示例。如果您正苦於以下問題:Python x509.CRLDistributionPoints方法的具體用法?Python x509.CRLDistributionPoints怎麽用?Python x509.CRLDistributionPoints使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類cryptography.x509的用法示例。
在下文中一共展示了x509.CRLDistributionPoints方法的6個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: test_verify_crl_unknown_scheme
# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import CRLDistributionPoints [as 別名]
def test_verify_crl_unknown_scheme(cert_builder, private_key):
"""Unknown distribution point URI schemes should be ignored."""
ldap_uri = "ldap://ldap.example.org/cn=Example%20Certificate%20Authority?certificateRevocationList;binary"
crl_dp = x509.DistributionPoint(
[UniformResourceIdentifier(ldap_uri)],
relative_name=None,
reasons=None,
crl_issuer=None,
)
cert = cert_builder.add_extension(
x509.CRLDistributionPoints([crl_dp]), critical=False
).sign(private_key, hashes.SHA256(), default_backend())
with mktempfile() as cert_tmp:
with open(cert_tmp, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
# Must not raise exception
crl_verify(cert, cert_tmp) 示例2: test_verify_crl_unreachable
# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import CRLDistributionPoints [as 別名]
def test_verify_crl_unreachable(cert_builder, private_key):
"""Unreachable CRL distribution point results in error."""
ldap_uri = "http://invalid.example.org/crl/foobar.crl"
crl_dp = x509.DistributionPoint(
[UniformResourceIdentifier(ldap_uri)],
relative_name=None,
reasons=None,
crl_issuer=None,
)
cert = cert_builder.add_extension(
x509.CRLDistributionPoints([crl_dp]), critical=False
).sign(private_key, hashes.SHA256(), default_backend())
with mktempfile() as cert_tmp:
with open(cert_tmp, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
with pytest.raises(Exception, match="Unable to retrieve CRL:"):
crl_verify(cert, cert_tmp) 示例3: get_common_extensions
# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import CRLDistributionPoints [as 別名]
def get_common_extensions(self, issuer_url=None, crl_url=None, ocsp_url=None):
extensions = []
if crl_url:
urls = [x509.UniformResourceIdentifier(force_text(c)) for c in crl_url]
dps = [x509.DistributionPoint(full_name=[c], relative_name=None, crl_issuer=None, reasons=None)
for c in urls]
extensions.append((False, x509.CRLDistributionPoints(dps)))
auth_info_access = []
if ocsp_url:
uri = x509.UniformResourceIdentifier(force_text(ocsp_url))
auth_info_access.append(x509.AccessDescription(
access_method=AuthorityInformationAccessOID.OCSP, access_location=uri))
if issuer_url:
uri = x509.UniformResourceIdentifier(force_text(issuer_url))
auth_info_access.append(x509.AccessDescription(
access_method=AuthorityInformationAccessOID.CA_ISSUERS, access_location=uri))
if auth_info_access:
extensions.append((False, x509.AuthorityInformationAccess(auth_info_access)))
return extensions 示例4: _decode_crl_distribution_points
# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import CRLDistributionPoints [as 別名]
def _decode_crl_distribution_points(backend, cdps):
dist_points = _decode_dist_points(backend, cdps)
return x509.CRLDistributionPoints(dist_points) 示例5: extension_type
# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import CRLDistributionPoints [as 別名]
def extension_type(self):
return x509.CRLDistributionPoints(distribution_points=[dp.for_extension_type for dp in self.value]) 示例6: extensions
# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import CRLDistributionPoints [as 別名]
def extensions(self):
# setup default values
return_extensions = {"sub_alt_names": {"names": []}}
try:
for extension in self.parsed_cert.extensions:
value = extension.value
if isinstance(value, x509.BasicConstraints):
return_extensions["basic_constraints"] = value
elif isinstance(value, x509.SubjectAlternativeName):
return_extensions["sub_alt_names"]["names"] = value
elif isinstance(value, x509.ExtendedKeyUsage):
return_extensions["extended_key_usage"] = value
elif isinstance(value, x509.KeyUsage):
return_extensions["key_usage"] = value
elif isinstance(value, x509.SubjectKeyIdentifier):
return_extensions["subject_key_identifier"] = {"include_ski": True}
elif isinstance(value, x509.AuthorityInformationAccess):
return_extensions["certificate_info_access"] = {"include_aia": True}
elif isinstance(value, x509.AuthorityKeyIdentifier):
aki = {"use_key_identifier": False, "use_authority_cert": False}
if value.key_identifier:
aki["use_key_identifier"] = True
if value.authority_cert_issuer:
aki["use_authority_cert"] = True
return_extensions["authority_key_identifier"] = aki
elif isinstance(value, x509.CRLDistributionPoints):
return_extensions["crl_distribution_points"] = {
"include_crl_dp": value
}
# TODO: Not supporting custom OIDs yet. https://github.com/Netflix/lemur/issues/665
else:
current_app.logger.warning(
"Custom OIDs not yet supported for clone operation."
)
except InvalidCodepoint as e:
sentry.captureException()
current_app.logger.warning(
"Unable to parse extensions due to underscore in dns name"
)
except ValueError as e:
sentry.captureException()
current_app.logger.warning("Unable to parse")
current_app.logger.exception(e)
return return_extensions