我们从Python开源项目中,提取了以下11个代码示例,用于说明如何使用OpenSSL.crypto.X509StoreContextError()。
def verify_cert_chain(chain_pem, trusted_certs): cert = crypto.load_certificate(crypto.FILETYPE_PEM, chain_pem.decode('utf-8')) # Build store of trusted certificates store = crypto.X509Store() for _cert in trusted_certs: tmp = crypto.load_certificate(crypto.FILETYPE_PEM, _cert.decode('utf-8')) store.add_cert(tmp) # Prepare context ctx = crypto.X509StoreContext(store, cert) # Start validation try: ctx.verify_certificate() return True except crypto.X509StoreContextError as e: logging.error("Certificate validation failed: %s" % e) return False
def _verify_ca(self): """ (internal use only) verifies the current x509 is signed by the associated CA """ store = crypto.X509Store() store.add_cert(self.ca.x509) store_ctx = crypto.X509StoreContext(store, self.x509) try: store_ctx.verify_certificate() except crypto.X509StoreContextError as e: raise ValidationError(_("CA doesn't match, got the " "following error from pyOpenSSL: \"%s\"") % e.args[0][2])
def test_modification_pre_verify(self): """ :py:obj:`verify_certificate` can use a store context modified after instantiation. """ store_bad = X509Store() store_bad.add_cert(self.intermediate_cert) store_good = X509Store() store_good.add_cert(self.root_cert) store_good.add_cert(self.intermediate_cert) store_ctx = X509StoreContext(store_bad, self.intermediate_server_cert) e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate) self.assertEqual(e.args[0][2], 'unable to get issuer certificate') self.assertEqual(e.certificate.get_subject().CN, 'intermediate') store_ctx.set_store(store_good) self.assertEqual(store_ctx.verify_certificate(), None)
def verify_certificate_chain(ca_pem_data, cert_pem_data): try: ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, ca_pem_data) cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem_data) store = crypto.X509Store() store.add_cert(ca_cert) store_ctx = crypto.X509StoreContext(store, cert) store_ctx.verify_certificate() except crypto.Error as e: raise InvalidCertificate('Broken certificate') from e except crypto.X509StoreContextError as e: raise InvalidCertificate('Invalid certificate chain: ' + str(e)) from e
def test_untrusted_self_signed(self): """ :py:obj:`verify_certificate` raises error when a self-signed certificate is verified without itself in the chain. """ store = X509Store() store_ctx = X509StoreContext(store, self.root_cert) e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate) self.assertEqual(e.args[0][2], 'self signed certificate') self.assertEqual(e.certificate.get_subject().CN, 'Testing Root CA')
def test_invalid_chain_no_root(self): """ :py:obj:`verify_certificate` raises error when a root certificate is missing from the chain. """ store = X509Store() store.add_cert(self.intermediate_cert) store_ctx = X509StoreContext(store, self.intermediate_server_cert) e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate) self.assertEqual(e.args[0][2], 'unable to get issuer certificate') self.assertEqual(e.certificate.get_subject().CN, 'intermediate')
def test_invalid_chain_no_intermediate(self): """ :py:obj:`verify_certificate` raises error when an intermediate certificate is missing from the chain. """ store = X509Store() store.add_cert(self.root_cert) store_ctx = X509StoreContext(store, self.intermediate_server_cert) e = self.assertRaises(X509StoreContextError, store_ctx.verify_certificate) self.assertEqual(e.args[0][2], 'unable to get local issuer certificate') self.assertEqual(e.certificate.get_subject().CN, 'intermediate-service')
