Python源码示例:cryptography.x509.RevokedCertificateBuilder()
示例1
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._create_asn1_time(builder._revocation_date)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例2
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._create_asn1_time(builder._revocation_date)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例3
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._create_asn1_time(builder._revocation_date)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例4
def get_revocation(self):
if self.revoked is False:
raise ValueError('Certificate is not revoked.')
revoked_cert = x509.RevokedCertificateBuilder().serial_number(
self.x509.serial_number).revocation_date(self.revoked_date)
reason = self.get_revocation_reason()
if reason != x509.ReasonFlags.unspecified:
# RFC 5270, 5.3.1: "reason code CRL entry extension SHOULD be absent instead of using the
# unspecified (0) reasonCode value"
revoked_cert = revoked_cert.add_extension(x509.CRLReason(reason), critical=False)
compromised = self.get_compromised_time()
if compromised:
# RFC 5280, 5.3.2 says that this extension MUST be non-critical
revoked_cert = revoked_cert.add_extension(x509.InvalidityDate(compromised), critical=False)
return revoked_cert.build(default_backend())
示例5
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._create_asn1_time(builder._revocation_date)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例6
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._create_asn1_time(builder._revocation_date)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例7
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._lib.ASN1_TIME_set(
self._ffi.NULL,
calendar.timegm(builder._revocation_date.timetuple())
)
self.openssl_assert(rev_date != self._ffi.NULL)
rev_date = self._ffi.gc(rev_date, self._lib.ASN1_TIME_free)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例8
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._lib.ASN1_TIME_set(
self._ffi.NULL,
calendar.timegm(builder._revocation_date.timetuple())
)
self.openssl_assert(rev_date != self._ffi.NULL)
rev_date = self._ffi.gc(rev_date, self._lib.ASN1_TIME_free)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
示例9
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
raise TypeError('Builder type mismatch.')
x509_revoked = self._lib.X509_REVOKED_new()
self.openssl_assert(x509_revoked != self._ffi.NULL)
x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
serial_number = _encode_asn1_int_gc(self, builder._serial_number)
res = self._lib.X509_REVOKED_set_serialNumber(
x509_revoked, serial_number
)
self.openssl_assert(res == 1)
rev_date = self._lib.ASN1_TIME_set(
self._ffi.NULL,
calendar.timegm(builder._revocation_date.timetuple())
)
self.openssl_assert(rev_date != self._ffi.NULL)
rev_date = self._ffi.gc(rev_date, self._lib.ASN1_TIME_free)
res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
self.openssl_assert(res == 1)
# add CRL entry extensions
self._create_x509_extensions(
extensions=builder._extensions,
handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
x509_obj=x509_revoked,
add_func=self._lib.X509_REVOKED_add_ext,
gc=True
)
return _RevokedCertificate(self, None, x509_revoked)
