我们从Python开源项目中,提取了以下16个代码示例,用于说明如何使用OpenSSL.crypto.load_certificate_request()。
def test_dump_certificate_request(self): """ L{dump_certificate_request} writes a PEM, DER, and text. """ req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM) dumped_pem = dump_certificate_request(FILETYPE_PEM, req) self.assertEqual(dumped_pem, cleartextCertificateRequestPEM) dumped_der = dump_certificate_request(FILETYPE_ASN1, req) good_der = _runopenssl(dumped_pem, "req", "-outform", "DER") self.assertEqual(dumped_der, good_der) req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM) dumped_text = dump_certificate_request(FILETYPE_TEXT, req) good_text = _runopenssl(dumped_pem, "req", "-noout", "-text") self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self): """ :py:obj:`dump_certificate_request` writes a PEM, DER, and text. """ req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM) dumped_pem = dump_certificate_request(FILETYPE_PEM, req) self.assertEqual(dumped_pem, cleartextCertificateRequestPEM) dumped_der = dump_certificate_request(FILETYPE_ASN1, req) good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER") self.assertEqual(dumped_der, good_der) req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM) dumped_text = dump_certificate_request(FILETYPE_TEXT, req) good_text = _runopenssl(dumped_pem, b"req", b"-noout", b"-text") self.assertEqual(dumped_text, good_text) self.assertRaises(ValueError, dump_certificate_request, 100, req)
def test_dump_certificate_request(self): """ L{dump_certificate_request} writes a PEM, DER, and text. """ req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM) dumped_pem = dump_certificate_request(FILETYPE_PEM, req) self.assertEqual(dumped_pem, cleartextCertificateRequestPEM) dumped_der = dump_certificate_request(FILETYPE_ASN1, req) good_der = _runopenssl(dumped_pem, "req", "-outform", "DER") self.assertEqual(dumped_der, good_der) req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM) dumped_text = dump_certificate_request(FILETYPE_TEXT, req) good_text = _runopenssl(dumped_pem, "req", "-noout", "-text") self.assertEqual(dumped_text, good_text) self.assertRaises(ValueError, dump_certificate_request, 100, req)
def load(Class, requestData, requestFormat=crypto.FILETYPE_ASN1): req = crypto.load_certificate_request(requestFormat, requestData) dn = DistinguishedName() dn._copyFrom(req.get_subject()) if not req.verify(req.get_pubkey()): raise VerifyError("Can't verify that request for %r is self-signed." % (dn,)) return Class(req)
def test_convert_to_cryptography_key(self): req = load_certificate_request( FILETYPE_PEM, cleartextCertificateRequestPEM ) crypto_req = req.to_cryptography() assert isinstance(crypto_req, x509.CertificateSigningRequest)
def test_dump_certificate_request(self): """ `dump_certificate_request` writes a PEM, DER, and text. """ req = load_certificate_request( FILETYPE_PEM, cleartextCertificateRequestPEM) dumped_pem = dump_certificate_request(FILETYPE_PEM, req) assert dumped_pem == cleartextCertificateRequestPEM dumped_der = dump_certificate_request(FILETYPE_ASN1, req) good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER") assert dumped_der == good_der req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) assert dumped_pem2 == cleartextCertificateRequestPEM dumped_text = dump_certificate_request(FILETYPE_TEXT, req) good_text = _runopenssl( dumped_pem, b"req", b"-noout", b"-text", b"-nameopt", b"") assert dumped_text == good_text with pytest.raises(ValueError): dump_certificate_request(100, req)
def test_bad_file_type(self): """ If the file type passed to `load_certificate_request` is neither `FILETYPE_PEM` nor `FILETYPE_ASN1` then `ValueError` is raised. """ with pytest.raises(ValueError): load_certificate_request(object(), b"") with pytest.raises(ValueError): load_certificate(object(), b"")
def test_badFileType(self): """ If the file type passed to :py:obj:`load_certificate_request` is neither :py:obj:`FILETYPE_PEM` nor :py:obj:`FILETYPE_ASN1` then :py:class:`ValueError` is raised. """ self.assertRaises(ValueError, load_certificate_request, object(), b"")
def load_certificate_request(path): """Load the specified certificate signing request.""" try: csr_content = open(path, 'rb').read() csr = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_content) return csr except (IOError, OSError) as exc: raise OpenSSLObjectError(exc)
def sign_csr(arg_userid, arg_csr_path, arg_crt_path): # csr = User CSR file in internal crypto format (result, buffer) = get_file_contents(arg_csr_path) if not result: app.logger.error("sign_csr: cannot access CSR {%s} for user {%s}, reason: {%s}", arg_csr_path, arg_userid, buffer) return False try: csr = crypto.load_certificate_request(crypto.FILETYPE_PEM, buffer) except Exception as e: app.logger.error("sign_csr: load CSR {%s} for user {%s} failed, reason: {%s}", arg_csr_path, arg_userid, repr(e)) return False # CAcertificate = CA certificate in internal crypto format (result, buffer) = get_file_contents(CA_CRT_FILE) if not result: app.logger.error("sign_csr: cannot access CA certificate {%s} for user {%s}, reason: {%s}", CA_CRT_FILE, arg_userid, repr(e)) return False try: CAcertificate = crypto.load_certificate(crypto.FILETYPE_PEM, buffer) if app.debug: app.logger.debug("sign_csr: CA cert subject = {%s}", CAcertificate.get_subject()) except Exception as e: app.logger.error("sign_csr: load CA certificate {%s} for user {%s} failed, reason: {%s}", CA_CRT_FILE, arg_userid, repr(e)) return False # CAprivatekey = CA private key in internal crypto format (result, buffer) = get_file_contents(CA_KEY_FILE) if not result: app.logger.error("sign_csr: cannot access CA private key {%s} for user {%s}, reason: {%s}", CA_KEY_FILE, arg_userid, buffer) return False try: CAprivatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, buffer) except Exception as e: app.logger.error("sign_csr: load CA private key {%s} for user {%s} failed, reason: {%s}", CA_KEY_FILE, arg_userid, repr(e)) # Sign CSR, giving the CRT try: cert = crypto.X509() cert.set_serial_number(42) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(EXPIRY_PERIOD) cert.set_issuer(CAcertificate.get_subject()) subject = csr.get_subject() # will log the subject later cert.set_subject(subject) cert.set_pubkey(csr.get_pubkey()) cert.sign(CAprivatekey, DIGEST) except Exception as e: app.logger.error("sign_csr: Cannot sign CSR {%s} for user {%s}, reason: {%s}", arg_csr_path, arg_userid, repr(e)) return False # Store signed CRT try: file = open(arg_crt_path, "w") file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) file.flush() os.fsync(file) file.close() except Exception as e: app.logger.error("sign_csr: Cannot store CRT {%s} for user {%s}, reason: {%s}", arg_crt_path, arg_userid, repr(e)) return False # Success app.logger.info("sign_csr: Success with CRT {%s} for user {%s}, subject={%s}", arg_csr_path, arg_userid, subject) return True
def create_cert_signed_certificate(self, sign_cert_str, sign_key_str, request_cert_str, hash_alg="sha256", valid_from=0, valid_to=315360000, sn=1, passphrase=None): """ Will sign a certificate request with a give certificate. :param sign_cert_str: This certificate will be used to sign with. Must be a string representation of the certificate. If you only have a file use the method read_str_from_file to get a string representation. :param sign_key_str: This is the key for the ca_cert_str represented as a string. If you only have a file use the method read_str_from_file to get a string representation. :param request_cert_str: This is the prepared certificate to be signed. Must be a string representation of the requested certificate. If you only have a file use the method read_str_from_file to get a string representation. :param hash_alg: Hash algorithm to use for the key. Default is sha256. :param valid_from: When the certificate starts to be valid. Amount of seconds from when the certificate is generated. :param valid_to: How long the certificate will be valid from when it is generated. The value is in seconds. Default is 315360000 seconds, a.k.a 10 years. :param sn: Serial number for the certificate. Default is 1. :param passphrase: Password for the private key in sign_key_str. :return: String representation of the signed certificate. """ ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, sign_cert_str) ca_key = None if passphrase is not None: ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM, sign_key_str, passphrase) else: ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM, sign_key_str) req_cert = crypto.load_certificate_request(crypto.FILETYPE_PEM, request_cert_str) cert = crypto.X509() cert.set_subject(req_cert.get_subject()) cert.set_serial_number(sn) cert.gmtime_adj_notBefore(valid_from) cert.gmtime_adj_notAfter(valid_to) cert.set_issuer(ca_cert.get_subject()) cert.set_pubkey(req_cert.get_pubkey()) cert.sign(ca_key, hash_alg) cert_dump = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) if isinstance(cert_dump, six.string_types): return cert_dump return cert_dump.decode('utf-8')
