Python cryptography.x509.DistributionPoint() Examples
The following are 16
code examples of cryptography.x509.DistributionPoint().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.x509
, or try the search function
.
.
Example #1
| Source File: managers.py From django-ca with GNU General Public License v3.0 | 7 votes |
|
def get_common_extensions(self, issuer_url=None, crl_url=None, ocsp_url=None):
extensions = []
if crl_url:
urls = [x509.UniformResourceIdentifier(force_text(c)) for c in crl_url]
dps = [x509.DistributionPoint(full_name=[c], relative_name=None, crl_issuer=None, reasons=None)
for c in urls]
extensions.append((False, x509.CRLDistributionPoints(dps)))
auth_info_access = []
if ocsp_url:
uri = x509.UniformResourceIdentifier(force_text(ocsp_url))
auth_info_access.append(x509.AccessDescription(
access_method=AuthorityInformationAccessOID.OCSP, access_location=uri))
if issuer_url:
uri = x509.UniformResourceIdentifier(force_text(issuer_url))
auth_info_access.append(x509.AccessDescription(
access_method=AuthorityInformationAccessOID.CA_ISSUERS, access_location=uri))
if auth_info_access:
extensions.append((False, x509.AuthorityInformationAccess(auth_info_access)))
return extensions
Example #2
| Source File: test_verify.py From lemur with Apache License 2.0 | 6 votes |
|
def test_verify_crl_unknown_scheme(cert_builder, private_key):
"""Unknown distribution point URI schemes should be ignored."""
ldap_uri = "ldap://ldap.example.org/cn=Example%20Certificate%20Authority?certificateRevocationList;binary"
crl_dp = x509.DistributionPoint(
[UniformResourceIdentifier(ldap_uri)],
relative_name=None,
reasons=None,
crl_issuer=None,
)
cert = cert_builder.add_extension(
x509.CRLDistributionPoints([crl_dp]), critical=False
).sign(private_key, hashes.SHA256(), default_backend())
with mktempfile() as cert_tmp:
with open(cert_tmp, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
# Must not raise exception
crl_verify(cert, cert_tmp)
Example #3
| Source File: test_verify.py From lemur with Apache License 2.0 | 6 votes |
|
def test_verify_crl_unreachable(cert_builder, private_key):
"""Unreachable CRL distribution point results in error."""
ldap_uri = "http://invalid.example.org/crl/foobar.crl"
crl_dp = x509.DistributionPoint(
[UniformResourceIdentifier(ldap_uri)],
relative_name=None,
reasons=None,
crl_issuer=None,
)
cert = cert_builder.add_extension(
x509.CRLDistributionPoints([crl_dp]), critical=False
).sign(private_key, hashes.SHA256(), default_backend())
with mktempfile() as cert_tmp:
with open(cert_tmp, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
with pytest.raises(Exception, match="Unable to retrieve CRL:"):
crl_verify(cert, cert_tmp)
Example #4
| Source File: extensions.py From django-ca with GNU General Public License v3.0 | 6 votes |
|
def __init__(self, data=None):
if data is None:
data = {}
if isinstance(data, x509.DistributionPoint):
self.full_name = _gnl_or_empty(data.full_name)
self.relative_name = data.relative_name
self.crl_issuer = _gnl_or_empty(data.crl_issuer)
self.reasons = data.reasons
elif isinstance(data, dict):
self.full_name = _gnl_or_empty(data.get('full_name'))
self.relative_name = data.get('relative_name')
self.crl_issuer = _gnl_or_empty(data.get('crl_issuer'))
self.reasons = data.get('reasons')
if self.full_name is not None and self.relative_name is not None:
raise ValueError('full_name and relative_name cannot both have a value')
if self.relative_name is not None:
self.relative_name = x509_relative_name(self.relative_name)
if self.reasons is not None:
self.reasons = frozenset([x509.ReasonFlags[r] for r in self.reasons])
else:
raise ValueError('data must be x509.DistributionPoint or dict')
Example #5
| Source File: tests_extensions.py From django-ca with GNU General Public License v3.0 | 6 votes |
|
def test_init_basic(self):
dp = DistributionPoint()
self.assertIsNone(dp.full_name)
self.assertIsNone(dp.relative_name)
self.assertIsNone(dp.crl_issuer)
self.assertIsNone(dp.reasons)
dp = DistributionPoint({
'full_name': ['http://example.com'],
'crl_issuer': ['http://example.net'],
})
self.assertEqual(dp.full_name, [uri('http://example.com')])
self.assertIsNone(dp.relative_name)
self.assertEqual(dp.crl_issuer, [uri('http://example.net')])
self.assertIsNone(dp.reasons)
dp = DistributionPoint({
'full_name': 'http://example.com',
'crl_issuer': 'http://example.net',
})
self.assertEqual(dp.full_name, [uri('http://example.com')])
self.assertIsNone(dp.relative_name)
self.assertEqual(dp.crl_issuer, [uri('http://example.net')])
self.assertIsNone(dp.reasons)
Example #6
| Source File: extensions.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def as_text(self):
return '\n'.join('* DistributionPoint:\n%s' % textwrap.indent(dp.as_text(), ' ')
for dp in self.value)
Example #7
| Source File: extensions.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def parse_value(self, v):
if isinstance(v, DistributionPoint):
return v
return DistributionPoint(v)
Example #8
| Source File: extensions.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def __eq__(self, other):
return isinstance(other, DistributionPoint) and self.full_name == other.full_name \
and self.relative_name == other.relative_name and self.crl_issuer == other.crl_issuer \
and self.reasons == other.reasons
Example #9
| Source File: extensions.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def for_extension_type(self):
return x509.DistributionPoint(full_name=self.full_name, relative_name=self.relative_name,
crl_issuer=self.crl_issuer, reasons=self.reasons)
Example #10
| Source File: tests_extensions.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_init_errors(self):
with self.assertRaisesRegex(ValueError, r'^data must be x509.DistributionPoint or dict$'):
DistributionPoint('foobar')
with self.assertRaisesRegex(ValueError, r'^full_name and relative_name cannot both have a value$'):
DistributionPoint({
'full_name': ['http://example.com'],
'relative_name': '/CN=example.com',
})
Example #11
| Source File: tests_extensions.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_str(self):
dp = DistributionPoint({'full_name': 'http://example.com'})
self.assertEqual(str(dp), "<DistributionPoint: full_name=['URI:http://example.com']>")
Example #12
| Source File: decode_asn1.py From teleport with Apache License 2.0 | 4 votes |
|
def _decode_dist_points(backend, cdps):
cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
cdps = backend._ffi.gc(cdps, backend._lib.CRL_DIST_POINTS_free)
num = backend._lib.sk_DIST_POINT_num(cdps)
dist_points = []
for i in range(num):
full_name = None
relative_name = None
crl_issuer = None
reasons = None
cdp = backend._lib.sk_DIST_POINT_value(cdps, i)
if cdp.reasons != backend._ffi.NULL:
reasons = _decode_reasons(backend, cdp.reasons)
if cdp.CRLissuer != backend._ffi.NULL:
crl_issuer = _decode_general_names(backend, cdp.CRLissuer)
# Certificates may have a crl_issuer/reasons and no distribution
# point so make sure it's not null.
if cdp.distpoint != backend._ffi.NULL:
full_name, relative_name = _decode_distpoint(
backend, cdp.distpoint
)
dist_points.append(
x509.DistributionPoint(
full_name, relative_name, reasons, crl_issuer
)
)
return dist_points
# ReasonFlags ::= BIT STRING {
# unused (0),
# keyCompromise (1),
# cACompromise (2),
# affiliationChanged (3),
# superseded (4),
# cessationOfOperation (5),
# certificateHold (6),
# privilegeWithdrawn (7),
# aACompromise (8) }
Example #13
| Source File: decode_asn1.py From teleport with Apache License 2.0 | 4 votes |
|
def _decode_dist_points(backend, cdps):
cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
cdps = backend._ffi.gc(cdps, backend._lib.CRL_DIST_POINTS_free)
num = backend._lib.sk_DIST_POINT_num(cdps)
dist_points = []
for i in range(num):
full_name = None
relative_name = None
crl_issuer = None
reasons = None
cdp = backend._lib.sk_DIST_POINT_value(cdps, i)
if cdp.reasons != backend._ffi.NULL:
reasons = _decode_reasons(backend, cdp.reasons)
if cdp.CRLissuer != backend._ffi.NULL:
crl_issuer = _decode_general_names(backend, cdp.CRLissuer)
# Certificates may have a crl_issuer/reasons and no distribution
# point so make sure it's not null.
if cdp.distpoint != backend._ffi.NULL:
full_name, relative_name = _decode_distpoint(
backend, cdp.distpoint
)
dist_points.append(
x509.DistributionPoint(
full_name, relative_name, reasons, crl_issuer
)
)
return dist_points
# ReasonFlags ::= BIT STRING {
# unused (0),
# keyCompromise (1),
# cACompromise (2),
# affiliationChanged (3),
# superseded (4),
# cessationOfOperation (5),
# certificateHold (6),
# privilegeWithdrawn (7),
# aACompromise (8) }
Example #14
| Source File: decode_asn1.py From learn_python3_spider with MIT License | 4 votes |
|
def _decode_dist_points(backend, cdps):
cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
cdps = backend._ffi.gc(cdps, backend._lib.CRL_DIST_POINTS_free)
num = backend._lib.sk_DIST_POINT_num(cdps)
dist_points = []
for i in range(num):
full_name = None
relative_name = None
crl_issuer = None
reasons = None
cdp = backend._lib.sk_DIST_POINT_value(cdps, i)
if cdp.reasons != backend._ffi.NULL:
reasons = _decode_reasons(backend, cdp.reasons)
if cdp.CRLissuer != backend._ffi.NULL:
crl_issuer = _decode_general_names(backend, cdp.CRLissuer)
# Certificates may have a crl_issuer/reasons and no distribution
# point so make sure it's not null.
if cdp.distpoint != backend._ffi.NULL:
full_name, relative_name = _decode_distpoint(
backend, cdp.distpoint
)
dist_points.append(
x509.DistributionPoint(
full_name, relative_name, reasons, crl_issuer
)
)
return dist_points
# ReasonFlags ::= BIT STRING {
# unused (0),
# keyCompromise (1),
# cACompromise (2),
# affiliationChanged (3),
# superseded (4),
# cessationOfOperation (5),
# certificateHold (6),
# privilegeWithdrawn (7),
# aACompromise (8) }
Example #15
| Source File: decode_asn1.py From quickstart-redhat-openshift with Apache License 2.0 | 4 votes |
|
def _decode_dist_points(backend, cdps):
cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
cdps = backend._ffi.gc(cdps, backend._lib.CRL_DIST_POINTS_free)
num = backend._lib.sk_DIST_POINT_num(cdps)
dist_points = []
for i in range(num):
full_name = None
relative_name = None
crl_issuer = None
reasons = None
cdp = backend._lib.sk_DIST_POINT_value(cdps, i)
if cdp.reasons != backend._ffi.NULL:
reasons = _decode_reasons(backend, cdp.reasons)
if cdp.CRLissuer != backend._ffi.NULL:
crl_issuer = _decode_general_names(backend, cdp.CRLissuer)
# Certificates may have a crl_issuer/reasons and no distribution
# point so make sure it's not null.
if cdp.distpoint != backend._ffi.NULL:
full_name, relative_name = _decode_distpoint(
backend, cdp.distpoint
)
dist_points.append(
x509.DistributionPoint(
full_name, relative_name, reasons, crl_issuer
)
)
return dist_points
# ReasonFlags ::= BIT STRING {
# unused (0),
# keyCompromise (1),
# cACompromise (2),
# affiliationChanged (3),
# superseded (4),
# cessationOfOperation (5),
# certificateHold (6),
# privilegeWithdrawn (7),
# aACompromise (8) }
Example #16
| Source File: decode_asn1.py From Carnets with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def _decode_dist_points(backend, cdps):
cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
cdps = backend._ffi.gc(cdps, backend._lib.CRL_DIST_POINTS_free)
num = backend._lib.sk_DIST_POINT_num(cdps)
dist_points = []
for i in range(num):
full_name = None
relative_name = None
crl_issuer = None
reasons = None
cdp = backend._lib.sk_DIST_POINT_value(cdps, i)
if cdp.reasons != backend._ffi.NULL:
reasons = _decode_reasons(backend, cdp.reasons)
if cdp.CRLissuer != backend._ffi.NULL:
crl_issuer = _decode_general_names(backend, cdp.CRLissuer)
# Certificates may have a crl_issuer/reasons and no distribution
# point so make sure it's not null.
if cdp.distpoint != backend._ffi.NULL:
full_name, relative_name = _decode_distpoint(
backend, cdp.distpoint
)
dist_points.append(
x509.DistributionPoint(
full_name, relative_name, reasons, crl_issuer
)
)
return dist_points
# ReasonFlags ::= BIT STRING {
# unused (0),
# keyCompromise (1),
# cACompromise (2),
# affiliationChanged (3),
# superseded (4),
# cessationOfOperation (5),
# certificateHold (6),
# privilegeWithdrawn (7),
# aACompromise (8) }
