當前位置: 首頁>>代碼示例>>Python>>正文


Python x509.ExtendedKeyUsage方法代碼示例

本文整理匯總了Python中cryptography.x509.ExtendedKeyUsage方法的典型用法代碼示例。如果您正苦於以下問題:Python x509.ExtendedKeyUsage方法的具體用法?Python x509.ExtendedKeyUsage怎麽用?Python x509.ExtendedKeyUsage使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在cryptography.x509的用法示例。


在下文中一共展示了x509.ExtendedKeyUsage方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: build_csr

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def build_csr(self, hostname, **kwargs):
        realm = self.plugin.ipa.env.realm
        builder = x509.CertificateSigningRequestBuilder()
        builder = builder.subject_name(
            x509.Name([
                x509.NameAttribute(oid.NameOID.COMMON_NAME, hostname),
                x509.NameAttribute(oid.NameOID.ORGANIZATION_NAME, realm),
            ])
        )
        build = builder.add_extension(
            x509.BasicConstraints(ca=False, path_length=None), critical=True,
        )
        build = builder.add_extension(
            x509.ExtendedKeyUsage([TLS_SERVERAUTH]), critical=True
        )
        builder = build.add_extension(
            x509.SubjectAlternativeName([x509.DNSName(hostname)]),
            critical=False
        )
        return builder

    # pylint: disable=arguments-differ 
開發者ID:latchset,項目名稱:custodia,代碼行數:24,代碼來源:certrequest.py

示例2: cert_extended_key_usage

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def cert_extended_key_usage(**kwargs):
    """
    Helper to create x509.ExtendedKeyUsage object.

    Args:
        x509.ExtendedKeyUsage keys. If not provided False is used for each arg.

    Return:
        x509.ExtendedKeyUsage
    """
    usages = {
        'server_auth': x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
        'client_auth': x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH,
        'code_signing': x509.oid.ExtendedKeyUsageOID.CODE_SIGNING,
        # ... and others, which we do not need. Check e.g.
        # https://cryptography.io/en/latest/_modules/cryptography/x509/oid/#ExtendedKeyUsageOID
        # for details.
    }
    res = []
    for k, v in kwargs.items():
        assert k in usages, "unknown exteneded key usage specified"
        if v:
            res.append(usages[k])

    return x509.ExtendedKeyUsage(res) 
開發者ID:dcos,項目名稱:dcos-e2e,代碼行數:27,代碼來源:tls.py

示例3: test_sign_cert

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def test_sign_cert(self):
        # Attempt sign a cert
        signed_cert = self.cert_generator.sign_cert(
            csr=self.certificate_signing_request,
            validity=2 * 365 * 24 * 60 * 60,
            ca_cert=self.ca_certificate,
            ca_key=self.ca_private_key,
            ca_key_pass=self.ca_private_key_passphrase,
            ca_digest=self.signing_digest
        )

        self.assertIn("-----BEGIN CERTIFICATE-----",
                      signed_cert.decode('ascii'))

        # Load the cert for specific tests
        cert = x509.load_pem_x509_certificate(
            data=signed_cert, backend=backends.default_backend())

        # Make sure expiry time is accurate
        should_expire = (datetime.datetime.utcnow() +
                         datetime.timedelta(seconds=2 * 365 * 24 * 60 * 60))
        diff = should_expire - cert.not_valid_after
        self.assertLess(diff, datetime.timedelta(seconds=10))

        # Make sure this is a version 3 X509.
        self.assertEqual('v3', cert.version.name)

        # Make sure this cert is marked as Server and Client Cert via the
        # extended Key Usage extension
        self.assertIn(x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
                      cert.extensions.get_extension_for_class(
                          x509.ExtendedKeyUsage).value._usages)
        self.assertIn(x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH,
                      cert.extensions.get_extension_for_class(
                          x509.ExtendedKeyUsage).value._usages)

        # Make sure this cert can't sign other certs
        self.assertFalse(cert.extensions.get_extension_for_class(
            x509.BasicConstraints).value.ca) 
開發者ID:openstack,項目名稱:octavia,代碼行數:41,代碼來源:test_local.py

示例4: _decode_extended_key_usage

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def _decode_extended_key_usage(backend, sk):
    sk = backend._ffi.cast("Cryptography_STACK_OF_ASN1_OBJECT *", sk)
    sk = backend._ffi.gc(sk, backend._lib.sk_ASN1_OBJECT_free)
    num = backend._lib.sk_ASN1_OBJECT_num(sk)
    ekus = []

    for i in range(num):
        obj = backend._lib.sk_ASN1_OBJECT_value(sk, i)
        backend.openssl_assert(obj != backend._ffi.NULL)
        oid = x509.ObjectIdentifier(_obj2txt(backend, obj))
        ekus.append(oid)

    return x509.ExtendedKeyUsage(ekus) 
開發者ID:aliyun,項目名稱:oss-ftp,代碼行數:15,代碼來源:x509.py

示例5: _serialize

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def _serialize(self, value, attr, obj):
        usages = value._usages
        usage_list = {}
        for usage in usages:
            if usage == x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH:
                usage_list["useClientAuthentication"] = True

            elif usage == x509.oid.ExtendedKeyUsageOID.SERVER_AUTH:
                usage_list["useServerAuthentication"] = True

            elif usage == x509.oid.ExtendedKeyUsageOID.CODE_SIGNING:
                usage_list["useCodeSigning"] = True

            elif usage == x509.oid.ExtendedKeyUsageOID.EMAIL_PROTECTION:
                usage_list["useEmailProtection"] = True

            elif usage == x509.oid.ExtendedKeyUsageOID.TIME_STAMPING:
                usage_list["useTimestamping"] = True

            elif usage == x509.oid.ExtendedKeyUsageOID.OCSP_SIGNING:
                usage_list["useOCSPSigning"] = True

            elif usage.dotted_string == "1.3.6.1.5.5.7.3.14":
                usage_list["useEapOverLAN"] = True

            elif usage.dotted_string == "1.3.6.1.5.5.7.3.13":
                usage_list["useEapOverPPP"] = True

            elif usage.dotted_string == "1.3.6.1.4.1.311.20.2.2":
                usage_list["useSmartCardLogon"] = True

            else:
                current_app.logger.warning(
                    "Unable to serialize ExtendedKeyUsage with OID: {usage}".format(
                        usage=usage.dotted_string
                    )
                )

        return usage_list 
開發者ID:Netflix,項目名稱:lemur,代碼行數:41,代碼來源:fields.py

示例6: _deserialize

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def _deserialize(self, value, attr, data):
        usage_oids = []
        for k, v in value.items():
            if k == "useClientAuthentication" and v:
                usage_oids.append(x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH)

            elif k == "useServerAuthentication" and v:
                usage_oids.append(x509.oid.ExtendedKeyUsageOID.SERVER_AUTH)

            elif k == "useCodeSigning" and v:
                usage_oids.append(x509.oid.ExtendedKeyUsageOID.CODE_SIGNING)

            elif k == "useEmailProtection" and v:
                usage_oids.append(x509.oid.ExtendedKeyUsageOID.EMAIL_PROTECTION)

            elif k == "useTimestamping" and v:
                usage_oids.append(x509.oid.ExtendedKeyUsageOID.TIME_STAMPING)

            elif k == "useOCSPSigning" and v:
                usage_oids.append(x509.oid.ExtendedKeyUsageOID.OCSP_SIGNING)

            elif k == "useEapOverLAN" and v:
                usage_oids.append(x509.oid.ObjectIdentifier("1.3.6.1.5.5.7.3.14"))

            elif k == "useEapOverPPP" and v:
                usage_oids.append(x509.oid.ObjectIdentifier("1.3.6.1.5.5.7.3.13"))

            elif k == "useSmartCardLogon" and v:
                usage_oids.append(x509.oid.ObjectIdentifier("1.3.6.1.4.1.311.20.2.2"))

            else:
                current_app.logger.warning(
                    "Unable to deserialize ExtendedKeyUsage with name: {key}".format(
                        key=k
                    )
                )

        return x509.ExtendedKeyUsage(usage_oids) 
開發者ID:Netflix,項目名稱:lemur,代碼行數:40,代碼來源:fields.py

示例7: create_certificate

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def create_certificate(subject_name,
                       private_key,
                       signing_certificate,
                       signing_key,
                       days_valid=365,
                       client_auth=False):
    subject = x509.Name([
        x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."),
        x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name)
    ])
    builder = x509.CertificateBuilder().subject_name(
        subject
    ).issuer_name(
        signing_certificate.subject
    ).public_key(
        private_key.public_key()
    ).serial_number(
        x509.random_serial_number()
    ).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=days_valid)
    )

    if client_auth:
        builder = builder.add_extension(
            x509.ExtendedKeyUsage([x509.ExtendedKeyUsageOID.CLIENT_AUTH]),
            critical=True
        )

    certificate = builder.sign(
        signing_key,
        hashes.SHA256(),
        backends.default_backend()
    )
    return certificate 
開發者ID:OpenKMIP,項目名稱:PyKMIP,代碼行數:38,代碼來源:create_certificates.py

示例8: test_get_extended_key_usage_from_certificate

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def test_get_extended_key_usage_from_certificate(self):
        """
        Test that the ExtendedKeyUsage extension can be retrieved from a
        certificate.
        """
        extension = utils.get_extended_key_usage_from_certificate(
            self.certificate
        )

        self.assertIsInstance(extension, x509.ExtendedKeyUsage)
        self.assertIn(x509.ExtendedKeyUsageOID.CLIENT_AUTH, extension) 
開發者ID:OpenKMIP,項目名稱:PyKMIP,代碼行數:13,代碼來源:test_utils.py

示例9: test_get_extended_key_usage_from_certificate_with_no_extension

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def test_get_extended_key_usage_from_certificate_with_no_extension(self):
        """
        Test that the right value is returned when the ExtendedKeyUsage
        extension cannot be retrieved from a certificate.
        """
        extension = utils.get_extended_key_usage_from_certificate(
            self.certificate_no_extension
        )

        self.assertEqual(None, extension) 
開發者ID:OpenKMIP,項目名稱:PyKMIP,代碼行數:12,代碼來源:test_utils.py

示例10: assertInClientExtensions

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def assertInClientExtensions(self, cert):
        key_usage = c_x509.KeyUsage(True, False, True, False, False, False,
                                    False, False, False)
        key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
        extended_key_usage = c_x509.ExtendedKeyUsage([c_x509.OID_CLIENT_AUTH])
        extended_key_usage = c_x509.Extension(extended_key_usage.oid, False,
                                              extended_key_usage)
        basic_constraints = c_x509.BasicConstraints(ca=False, path_length=None)
        basic_constraints = c_x509.Extension(basic_constraints.oid, True,
                                             basic_constraints)

        self.assertIn(key_usage, cert.extensions)
        self.assertIn(extended_key_usage, cert.extensions)
        self.assertIn(basic_constraints, cert.extensions) 
開發者ID:openstack,項目名稱:magnum,代碼行數:16,代碼來源:test_sign.py

示例11: _build_client_extentions

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def _build_client_extentions():
    # Digital Signature and Key Encipherment are enabled
    key_usage = x509.KeyUsage(True, False, True, False, False, False, False,
                              False, False)
    key_usage = x509.Extension(key_usage.oid, True, key_usage)
    extended_key_usage = x509.ExtendedKeyUsage([x509.OID_CLIENT_AUTH])
    extended_key_usage = x509.Extension(extended_key_usage.oid, False,
                                        extended_key_usage)
    basic_constraints = x509.BasicConstraints(ca=False, path_length=None)
    basic_constraints = x509.Extension(basic_constraints.oid, True,
                                       basic_constraints)

    return [key_usage, extended_key_usage, basic_constraints] 
開發者ID:openstack,項目名稱:magnum,代碼行數:15,代碼來源:operations.py

示例12: extension_type

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def extension_type(self):
        # call serialize_value() to ensure consistent sort order
        return x509.ExtendedKeyUsage(sorted(self.value, key=lambda v: self.serialize_value(v))) 
開發者ID:mathiasertl,項目名稱:django-ca,代碼行數:5,代碼來源:extensions.py

示例13: test_unknown_values

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def test_unknown_values(self):
        with self.assertRaisesRegex(ValueError, r'^Unknown value: foo$'):
            ExtendedKeyUsage({'value': ['foo']})

        with self.assertRaisesRegex(ValueError, r'^Unknown value: True$'):
            ExtendedKeyUsage({'value': [True]}) 
開發者ID:mathiasertl,項目名稱:django-ca,代碼行數:8,代碼來源:tests_extensions.py

示例14: test_completeness

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def test_completeness(self):
        # make sure we support all ExtendedKeyUsageOIDs
        for attr in [getattr(ExtendedKeyUsageOID, a) for a in dir(ExtendedKeyUsageOID) if a[0] != '_']:
            if isinstance(attr, ObjectIdentifier):
                self.assertIn(attr, ExtendedKeyUsage._CRYPTOGRAPHY_MAPPING_REVERSED)

        # make sure we haven't forgotton any keys in the form selection
        self.assertEqual(set(ExtendedKeyUsage.CRYPTOGRAPHY_MAPPING.keys()),
                         set([e[0] for e in ExtendedKeyUsage.CHOICES])) 
開發者ID:mathiasertl,項目名稱:django-ca,代碼行數:11,代碼來源:tests_extensions.py

示例15: test_sign_cert_passphrase_none

# 需要導入模塊: from cryptography import x509 [as 別名]
# 或者: from cryptography.x509 import ExtendedKeyUsage [as 別名]
def test_sign_cert_passphrase_none(self):
        # Attempt sign a cert
        ca_private_key = self.ca_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption()
        )
        signed_cert = self.cert_generator.sign_cert(
            csr=self.certificate_signing_request,
            validity=2 * 365 * 24 * 60 * 60,
            ca_cert=self.ca_certificate,
            ca_key=ca_private_key,
            ca_key_pass=None,
            ca_digest=self.signing_digest
        )

        self.assertIn("-----BEGIN CERTIFICATE-----",
                      signed_cert.decode('ascii'))

        # Load the cert for specific tests
        cert = x509.load_pem_x509_certificate(
            data=signed_cert, backend=backends.default_backend())

        # Make sure expiry time is accurate
        should_expire = (datetime.datetime.utcnow() +
                         datetime.timedelta(seconds=2 * 365 * 24 * 60 * 60))
        diff = should_expire - cert.not_valid_after
        self.assertLess(diff, datetime.timedelta(seconds=10))

        # Make sure this is a version 3 X509.
        self.assertEqual('v3', cert.version.name)

        # Make sure this cert is marked as Server and Client Cert via the
        # extended Key Usage extension
        self.assertIn(x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
                      cert.extensions.get_extension_for_class(
                          x509.ExtendedKeyUsage).value._usages)
        self.assertIn(x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH,
                      cert.extensions.get_extension_for_class(
                          x509.ExtendedKeyUsage).value._usages)

        # Make sure this cert can't sign other certs
        self.assertFalse(cert.extensions.get_extension_for_class(
            x509.BasicConstraints).value.ca) 
開發者ID:openstack,項目名稱:octavia,代碼行數:46,代碼來源:test_local.py


注:本文中的cryptography.x509.ExtendedKeyUsage方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。