Python源码示例:cryptography.x509.Extension()
示例1
def print_extension(self, ext):
if isinstance(ext, Extension):
if isinstance(ext, NullExtension):
if ext.critical:
# NOTE: Only PrecertPoison is ever marked as critical
self.stdout.write('%s (critical): Yes' % ext.name)
else:
self.stdout.write('%s: Yes' % ext.name)
else:
if ext.critical:
self.stdout.write('%s (critical):' % ext.name)
else:
self.stdout.write('%s:' % ext.name)
self.stdout.write(self.indent(ext.as_text()))
elif isinstance(ext, x509.Extension):
if ext.critical: # pragma: no cover - all unrecognized extensions that we have are non-critical
self.stdout.write('%s (critical): %s' % (ext.oid._name, ext.oid.dotted_string))
else:
self.stdout.write('%s: %s' % (ext.oid._name, ext.oid.dotted_string))
else: # pragma: no cover
raise ValueError('Received unknown extension type: %s' % type(ext))
示例2
def test_config(self):
self.assertTrue(issubclass(self.ext_class, Extension))
self.assertEqual(self.ext_class.key, self.ext_class_key)
self.assertEqual(self.ext_class.name, self.ext_class_name)
# Test some basic properties (just to be sure)
self.assertIsInstance(self.ext_class.oid, ObjectIdentifier)
self.assertIsInstance(self.ext_class.key, str)
self.assertGreater(len(self.ext_class.key), 0)
self.assertIsInstance(self.ext_class.name, str)
self.assertGreater(len(self.ext_class.name), 0)
# Test mapping dicts
self.assertEqual(KEY_TO_EXTENSION[self.ext_class.key], self.ext_class)
self.assertEqual(OID_TO_EXTENSION[self.ext_class.oid], self.ext_class)
# test that the model matches
self.assertTrue(hasattr(X509CertMixin, self.ext_class.key))
self.assertIsInstance(getattr(X509CertMixin, self.ext_class.key), cached_property)
示例3
def get_readonly_fields(self, request, obj=None):
fields = super(CertificateMixin, self).get_readonly_fields(request, obj=obj)
if not obj.revoked:
# We can only change the date when the certificate was compromised if it's actually revoked.
fields.append('compromised')
if obj is None: # pragma: no cover
# This is never True because CertificateAdmin (the only case where objects are added) doesn't call
# the superclass in this case.
return fields
fields = list(fields)
for field in obj.extension_fields:
if isinstance(field, x509.Extension):
field = self.get_oid_name(field.oid)
fields.append(field)
return fields
示例4
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPRequestBuilder(
self._request, self._extensions + [extension]
)
示例5
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPResponseBuilder(
self._response, self._responder_id,
self._certs, self._extensions + [extension],
)
示例6
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPRequestBuilder(
self._request, self._extensions + [extension]
)
示例7
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPResponseBuilder(
self._response, self._responder_id,
self._certs, self._extensions + [extension],
)
示例8
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPRequestBuilder(
self._request, self._extensions + [extension]
)
示例9
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPResponseBuilder(
self._response, self._responder_id,
self._certs, self._extensions + [extension],
)
示例10
def _build_key_usage(self, critical=False):
# Digital Signature and Key Encipherment are enabled
key_usage = c_x509.KeyUsage(
True, False, True, False, False, False, False, False, False)
return c_x509.Extension(key_usage.oid, critical, key_usage)
示例11
def _build_basic_constraints(self, ca=False, critical=False):
bc = c_x509.BasicConstraints(ca, None)
return c_x509.Extension(bc.oid, critical, bc)
示例12
def test_merge_key_usage_disallowed_but_not_critical(self):
key_usage = self._build_key_usage()
expected = c_x509.KeyUsage(
True, False, False, False, False, False, False, False, False)
expected = c_x509.Extension(expected.oid, False, expected)
self.assertEqual(expected,
v._merge_key_usage(key_usage,
['Digital Signature']))
示例13
def assertInClientExtensions(self, cert):
key_usage = c_x509.KeyUsage(True, False, True, False, False, False,
False, False, False)
key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
extended_key_usage = c_x509.ExtendedKeyUsage([c_x509.OID_CLIENT_AUTH])
extended_key_usage = c_x509.Extension(extended_key_usage.oid, False,
extended_key_usage)
basic_constraints = c_x509.BasicConstraints(ca=False, path_length=None)
basic_constraints = c_x509.Extension(basic_constraints.oid, True,
basic_constraints)
self.assertIn(key_usage, cert.extensions)
self.assertIn(extended_key_usage, cert.extensions)
self.assertIn(basic_constraints, cert.extensions)
示例14
def test_generate_ca_certificate_set_extentions_as_ca(self):
cert, _ = self._generate_ca_certificate(self.issuer_name)
key_usage = c_x509.KeyUsage(False, False, False, False, False, True,
False, False, False)
key_usage = c_x509.Extension(key_usage.oid, True, key_usage)
basic_constraints = c_x509.BasicConstraints(ca=True, path_length=0)
basic_constraints = c_x509.Extension(basic_constraints.oid, True,
basic_constraints)
self.assertIn(key_usage, cert.extensions)
self.assertIn(basic_constraints, cert.extensions)
示例15
def _disallow_ca_in_basic_constraints(basic_constraints):
if basic_constraints.value.ca:
if basic_constraints.critical:
raise exception.CertificateValidationError(
extension=basic_constraints)
bc = x509.BasicConstraints(False, None)
return x509.Extension(bc.oid, False, bc)
return basic_constraints
示例16
def _build_client_extentions():
# Digital Signature and Key Encipherment are enabled
key_usage = x509.KeyUsage(True, False, True, False, False, False, False,
False, False)
key_usage = x509.Extension(key_usage.oid, True, key_usage)
extended_key_usage = x509.ExtendedKeyUsage([x509.OID_CLIENT_AUTH])
extended_key_usage = x509.Extension(extended_key_usage.oid, False,
extended_key_usage)
basic_constraints = x509.BasicConstraints(ca=False, path_length=None)
basic_constraints = x509.Extension(basic_constraints.oid, True,
basic_constraints)
return [key_usage, extended_key_usage, basic_constraints]
示例17
def _build_ca_extentions():
# Certificate Sign is enabled
key_usage = x509.KeyUsage(False, False, False, False, False, True, False,
False, False)
key_usage = x509.Extension(key_usage.oid, True, key_usage)
basic_constraints = x509.BasicConstraints(ca=True, path_length=0)
basic_constraints = x509.Extension(basic_constraints.oid, True,
basic_constraints)
return [basic_constraints, key_usage]
示例18
def get_authority_key_identifier_extension(self):
return AuthorityKeyIdentifier(x509.Extension(
critical=AuthorityKeyIdentifier.default_critical,
oid=AuthorityKeyIdentifier.oid,
value=self.get_authority_key_identifier()
))
示例19
def ext(self, value=None, critical=None):
if value is None:
value = {}
if isinstance(value, x509.extensions.ExtensionType):
if critical is None:
critical = self.ext_class.default_critical
ext = x509.extensions.Extension(oid=self.ext_class.oid, critical=critical, value=value)
return self.ext_class(ext)
else:
d = {'value': value}
if critical is not None:
d['critical'] = critical
return self.ext_class(d)
示例20
def test_as_extension(self):
for config in self.test_values.values():
with self.assertRaises(NotImplementedError):
Extension({'value': config['expected']}).as_extension()
示例21
def test_extension_type(self):
for config in self.test_values.values():
with self.assertRaises(NotImplementedError):
Extension({'value': config['expected']}).extension_type
示例22
def test_init_no_bool_critical(self):
class_name = 'example_class'
class example:
def __str__(self):
return class_name
for key, config in self.test_values.items():
for value in config['values']:
if isinstance(value, x509.extensions.ExtensionType):
continue # self.ext() would construct an x509.Extension and the constructor would fail
with self.assertRaisesRegex(ValueError, '^%s: Invalid critical value passed$' % class_name):
self.ext(value, critical=example())
示例23
def test_as_extension(self):
for key, config in self.test_values.items():
if config['extension_type'] is None:
continue # test case is not a valid extension
ext = self.ext(config['expected'])
cg = x509.extensions.Extension(
oid=self.ext_class.oid, critical=self.ext_class.default_critical,
value=config['extension_type'])
self.assertEqual(ext.as_extension(), cg)
for critical in self.critical_values:
ext = self.ext(config['expected'], critical=critical)
self.assertEqual(ext.as_extension(), x509.extensions.Extension(
oid=self.ext_class.oid, critical=critical, value=config['extension_type']))
示例24
def test_from_extension(self):
ext = x509.Extension(oid=x509.ExtensionOID.BASIC_CONSTRAINTS, critical=True,
value=x509.BasicConstraints(ca=True, path_length=3))
with self.assertRaises(NotImplementedError):
Extension(ext)
示例25
def test_config(self):
self.assertTrue(issubclass(self.ext_class, Extension))
self.assertEqual(self.ext_class.key, self.ext_class_key)
self.assertEqual(self.ext_class.name, self.ext_class_name)
# Test mapping dicts
self.assertEqual(KEY_TO_EXTENSION[self.ext_class.key], self.ext_class)
self.assertEqual(OID_TO_EXTENSION[self.ext_class.oid], self.ext_class)
# test that the model matches
self.assertTrue(hasattr(X509CertMixin, self.ext_class.key))
self.assertIsInstance(getattr(X509CertMixin, self.ext_class.key), cached_property)
示例26
def get_idp(self, full_name=None, indirect_crl=False, only_contains_attribute_certs=False,
only_contains_ca_certs=False, only_contains_user_certs=False, only_some_reasons=None,
relative_name=None):
return x509.Extension(
oid=ExtensionOID.ISSUING_DISTRIBUTION_POINT,
value=x509.IssuingDistributionPoint(
full_name=full_name,
indirect_crl=indirect_crl,
only_contains_attribute_certs=only_contains_attribute_certs,
only_contains_ca_certs=only_contains_ca_certs,
only_contains_user_certs=only_contains_user_certs,
only_some_reasons=only_some_reasons,
relative_name=relative_name
), critical=True)
示例27
def get_fieldsets(self, request, obj=None):
fieldsets = super(CertificateMixin, self).get_fieldsets(request, obj=obj)
if obj is None:
return fieldsets
fieldsets = copy.deepcopy(fieldsets)
if obj.extension_fields:
for field in obj.extension_fields:
if field == SubjectAlternativeName.key: # already displayed in main section
continue
# If we encounter an object of type x509.Extension, it means that we do not yet support this
# extension, hence there are no accessors either. We compute a name for the extension based on
# the OID, create a partial function of unknown_oid and attach it under that name to this
# admin instance:
if isinstance(field, x509.Extension):
func = partial(self.unknown_oid, field.oid)
func.short_description = 'Unkown OID (%s)' % field.oid.dotted_string
field = self.get_oid_name(field.oid)
# attach function to this instance
setattr(self, field, func)
fieldsets[self.x509_fieldset_index][1]['fields'].append(field)
else:
# we have no extensions, so remove the whole fieldset
fieldsets.pop(self.x509_fieldset_index)
return fieldsets
示例28
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPRequestBuilder(
self._request, self._extensions + [extension]
)
示例29
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPResponseBuilder(
self._response, self._responder_id,
self._certs, self._extensions + [extension],
)
示例30
def add_extension(self, extension, critical):
if not isinstance(extension, x509.ExtensionType):
raise TypeError("extension must be an ExtensionType")
extension = x509.Extension(extension.oid, critical, extension)
_reject_duplicate_extension(extension, self._extensions)
return OCSPRequestBuilder(
self._request, self._extensions + [extension]
)
