Python OpenSSL.crypto 模块,FILETYPE_ASN1 实例源码
我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用OpenSSL.crypto.FILETYPE_ASN1。
def test_dump_certificate(self):
"""
L{dump_certificate} writes PEM,DER,and text.
"""
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
cert = load_certificate(FILETYPE_PEM, pemData)
dumped_pem = dump_certificate(FILETYPE_PEM, cert)
self.assertEqual(dumped_pem, cleartextCertificatePEM)
dumped_der = dump_certificate(FILETYPE_ASN1, cert)
good_der = _runopenssl(dumped_pem, "x509", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
cert2 = load_certificate(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2)
self.assertEqual(dumped_pem2, cleartextCertificatePEM)
dumped_text = dump_certificate(FILETYPE_TEXT, cert)
good_text = _runopenssl(dumped_pem, "-noout", "-text")
self.assertEqual(dumped_text, good_text)
def test_dump_privatekey(self):
"""
L{dump_privatekey} writes a PEM,and text.
"""
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
dumped_pem = dump_privatekey(FILETYPE_PEM, key)
self.assertEqual(dumped_pem, cleartextPrivateKeyPEM)
dumped_der = dump_privatekey(FILETYPE_ASN1, key)
# XXX This OpenSSL call writes "writing RSA key" to standard out. Sad.
good_der = _runopenssl(dumped_pem, "rsa", good_der)
key2 = load_privatekey(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2)
self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM)
dumped_text = dump_privatekey(FILETYPE_TEXT, key)
good_text = _runopenssl(dumped_pem, good_text)
def test_dump_certificate_request(self):
"""
L{dump_certificate_request} writes a PEM,and text.
"""
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
good_der = _runopenssl(dumped_pem, "req", good_der)
req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(dumped_pem, good_text)
def test_dump_certificate(self):
"""
:py:obj:`dump_certificate` writes PEM, b"x509", b"-outform", b"DER")
self.assertEqual(dumped_der, b"-noout", b"-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self):
"""
:py:obj:`dump_certificate_request` writes a PEM, b"req", good_text)
self.assertRaises(ValueError, dump_certificate_request, 100, req)
def test_export_der(self):
"""
If passed ``FILETYPE_ASN1`` for the format,``CRL.export`` returns a
"DER" format string representing a serial number,a revoked reason,and
certificate issuer information.
"""
crl = self._get_crl()
# DER format
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
text = _runopenssl(
dumped_crl, b"crl", b"-text", b"-inform", b"DER"
)
text.index(b('Serial Number: 03AB'))
text.index(b('Superseded'))
text.index(
b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
)
def test_export_text(self):
"""
If passed ``FILETYPE_TEXT`` for the format,``CRL.export`` returns a
text format string like the one produced by the openssl command line
tool.
"""
crl = self._get_crl()
dumped_crl = crl.export(self.cert, b"DER"
)
# text format
dumped_text = crl.export(self.cert, type=FILETYPE_TEXT)
self.assertEqual(text, dumped_text)
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, b"DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), b('Superseded'))
def keyHash(self):
"""
Compute a hash of the underlying PKey object.
The purpose of this method is to allow you to determine if two
certificates share the same public key; it is not really useful for
anything else.
In versions of Twisted prior to 15.0,C{keyHash} used a technique
involving certificate requests for computing the hash that was not
stable in the face of changes to the underlying OpenSSL library.
@return: Return a 32-character hexadecimal string uniquely identifying
this public key,I{for this version of Twisted}.
@rtype: native L{str}
"""
raw = crypto.dump_publickey(crypto.FILETYPE_ASN1, self.original)
h = md5()
h.update(raw)
return h.hexdigest()
def test_dump_certificate(self):
"""
:py:obj:`dump_certificate` writes PEM, good_text)
def test_dump_certificate_request(self):
"""
:py:obj:`dump_certificate_request` writes a PEM, req)
def test_export_der(self):
"""
If passed ``FILETYPE_ASN1`` for the format, b"DER"
)
text.index(b('Serial Number: 03AB'))
text.index(b('Superseded'))
text.index(
b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
)
def test_export_text(self):
"""
If passed ``FILETYPE_TEXT`` for the format, dumped_text)
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, b('Superseded'))
def test_dump_privatekey(self):
"""
L{dump_privatekey} writes a PEM, cleartextPrivateKeyPEM)
self.assertTrue(key.check())
dumped_pem = dump_privatekey(FILETYPE_PEM, good_text)
def test_dump_certificate_request(self):
"""
L{dump_certificate_request} writes a PEM, req)
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, "crl", "DER")
crl = load_crl(FILETYPE_ASN1, b('Superseded'))
def test_dump_privatekey(self):
"""
L{dump_privatekey} writes a PEM, good_text)
def test_dump_certificate_request(self):
"""
L{dump_certificate_request} writes a PEM, good_text)
def load(Class, requestData, format=crypto.FILETYPE_ASN1, args=()):
"""
Load a certificate from an ASN.1- or PEM-format string.
@rtype: C{Class}
"""
return Class(crypto.load_certificate(format, requestData), *args)
def dump(self, format=crypto.FILETYPE_ASN1):
return crypto.dump_certificate(format, self.original)
def dump(self, format=crypto.FILETYPE_ASN1):
return crypto.dump_certificate_request(format, self.original)
def newCertificate(self, newCertData, format=crypto.FILETYPE_ASN1):
"""
Create a new L{PrivateCertificate} from the given certificate data and
this instance's private key.
"""
return self.load(newCertData, self.privateKey, format)
def load(Class, data, privateKey, format=crypto.FILETYPE_ASN1):
return Class._load(data, format)._setPrivateKey(privateKey)
def certificateRequest(self,
digestAlgorithm='md5'):
return self.privateKey.certificateRequest(
self.getSubject(),
format,
digestAlgorithm)
def signCertificateRequest(self,
requestData,
verifyDNCallback,
serialNumber,
requestFormat=crypto.FILETYPE_ASN1,
certificateFormat=crypto.FILETYPE_ASN1):
issuer = self.getSubject()
return self.privateKey.signCertificateRequest(
issuer,
requestData,
verifyDNCallback,
serialNumber,
requestFormat,
certificateFormat)
def load(Class, format=crypto.FILETYPE_ASN1):
return Class(crypto.load_privatekey(format, data))
def dump(self, format=crypto.FILETYPE_ASN1):
return crypto.dump_privatekey(format, self.original)
def __setstate__(self, state):
self.__init__(crypto.load_privatekey(crypto.FILETYPE_ASN1, state))
def newCertificate(self, format=crypto.FILETYPE_ASN1):
return PrivateCertificate.load(newCertData, self, format)
def certificateRequest(self, distinguishedName,
format=crypto.FILETYPE_ASN1,
digestAlgorithm='md5'):
"""Create a certificate request signed with this key.
@return: a string,formatted according to the 'format' argument.
"""
return self.requestObject(distinguishedName, digestAlgorithm).dump(format)
def test_invalid_key_format(self):
"""
load_publickey explodes on incorrect keys.
"""
with pytest.raises(Error):
load_publickey(FILETYPE_ASN1, cleartextPublicKeyPEM)
def test_load_privatekey_passphraseWrongType(self):
"""
`load_privatekey` raises `ValueError` when it is passeda passphrase
with a private key encoded in a format,that doesn't support
encryption.
"""
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
blob = dump_privatekey(FILETYPE_ASN1, key)
with pytest.raises(ValueError):
load_privatekey(FILETYPE_ASN1, blob, "secret")
def test_dump_privatekey_passphrase_wrong_type(self):
"""
`dump_privatekey` raises `ValueError` when it is passed a passphrase
with a private key encoded in a format, cleartextPrivateKeyPEM)
with pytest.raises(ValueError):
dump_privatekey(FILETYPE_ASN1, key, GOOD_CIPHER, "secret")
def test_dump_certificate(self):
"""
`dump_certificate` writes PEM, cert)
assert dumped_pem == cleartextCertificatePEM
dumped_der = dump_certificate(FILETYPE_ASN1, b"DER")
assert dumped_der == good_der
cert2 = load_certificate(FILETYPE_ASN1, cert2)
assert dumped_pem2 == cleartextCertificatePEM
dumped_text = dump_certificate(FILETYPE_TEXT, cert)
good_text = _runopenssl(
dumped_pem, b"-nameopt", b"")
assert dumped_text == good_text
def test_dump_privatekey_asn1(self):
"""
`dump_privatekey` writes a DER
"""
key = load_privatekey(FILETYPE_PEM, key)
dumped_der = dump_privatekey(FILETYPE_ASN1, b"rsa", b"DER")
assert dumped_der == good_der
key2 = load_privatekey(FILETYPE_ASN1, key2)
assert dumped_pem2 == cleartextPrivateKeyPEM
def test_dump_certificate_request(self):
"""
`dump_certificate_request` writes a PEM,and text.
"""
req = load_certificate_request(
FILETYPE_PEM, req)
assert dumped_pem == cleartextCertificateRequestPEM
dumped_der = dump_certificate_request(FILETYPE_ASN1, b"DER")
assert dumped_der == good_der
req2 = load_certificate_request(FILETYPE_ASN1, req2)
assert dumped_pem2 == cleartextCertificateRequestPEM
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(
dumped_pem, b"")
assert dumped_text == good_text
with pytest.raises(ValueError):
dump_certificate_request(100, req)
def test_load_pkcs7_data_asn1(self):
"""
`load_pkcs7_data` accepts a bytes containing ASN1 data representing
PKCS#7 and returns an instance of `PKCS7`.
"""
pkcs7 = load_pkcs7_data(FILETYPE_ASN1, pkcs7DataASN1)
assert isinstance(pkcs7, PKCS7)
def test_bad_file_type(self):
"""
If the file type passed to `load_certificate_request` is neither
`FILETYPE_PEM` nor `FILETYPE_ASN1` then `ValueError` is raised.
"""
with pytest.raises(ValueError):
load_certificate_request(object(), b"")
with pytest.raises(ValueError):
load_certificate(object(), b"")
def test_bad_certificate(self):
"""
If the bytes passed to `load_certificate` are not a valid certificate,
an exception is raised.
"""
with pytest.raises(Error):
load_certificate(FILETYPE_ASN1, b"lol")
def test_export_der(self):
"""
If passed ``FILETYPE_ASN1`` for the format,and
certificate issuer information.
"""
crl = self._get_crl()
# DER format
dumped_crl = crl.export(
self.cert, FILETYPE_ASN1, digest=b"md5"
)
text = _runopenssl(
dumped_crl, b"DER"
)
text.index(b'Serial Number: 03AB')
text.index(b'Superseded')
text.index(
b'Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'
)
# Flaky because we compare the output of running commands which sometimes
# varies by 1 second
def test_export_unknown_filetype(self):
"""
Calling `OpenSSL.CRL.export` with a file type other than
`FILETYPE_PEM`,`FILETYPE_ASN1`,or
`FILETYPE_TEXT` results in a `ValueError` being raised.
"""
crl = CRL()
with pytest.raises(ValueError):
crl.export(self.cert, 10, digest=b"sha256")
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both EM and DER formats
are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
assert len(revs) == 2
assert revs[0].get_serial() == b'03AB'
assert revs[0].get_reason() is None
assert revs[1].get_serial() == b'0100'
assert revs[1].get_reason() == b'Superseded'
der = _runopenssl(crlData, der)
revs = crl.get_revoked()
assert len(revs) == 2
assert revs[0].get_serial() == b'03AB'
assert revs[0].get_reason() is None
assert revs[1].get_serial() == b'0100'
assert revs[1].get_reason() == b'Superseded'
def test_dump_certificate(self):
"""
L{dump_certificate} writes PEM, good_text)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。