Python cryptography.x509.UniformResourceIdentifier() Examples
The following are 9
code examples of cryptography.x509.UniformResourceIdentifier().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.x509
, or try the search function
.
Example #1
Source File: managers.py From django-ca with GNU General Public License v3.0 | 7 votes |
def get_common_extensions(self, issuer_url=None, crl_url=None, ocsp_url=None): extensions = [] if crl_url: urls = [x509.UniformResourceIdentifier(force_text(c)) for c in crl_url] dps = [x509.DistributionPoint(full_name=[c], relative_name=None, crl_issuer=None, reasons=None) for c in urls] extensions.append((False, x509.CRLDistributionPoints(dps))) auth_info_access = [] if ocsp_url: uri = x509.UniformResourceIdentifier(force_text(ocsp_url)) auth_info_access.append(x509.AccessDescription( access_method=AuthorityInformationAccessOID.OCSP, access_location=uri)) if issuer_url: uri = x509.UniformResourceIdentifier(force_text(issuer_url)) auth_info_access.append(x509.AccessDescription( access_method=AuthorityInformationAccessOID.CA_ISSUERS, access_location=uri)) if auth_info_access: extensions.append((False, x509.AuthorityInformationAccess(auth_info_access))) return extensions
Example #2
Source File: test_verify.py From lemur with Apache License 2.0 | 6 votes |
def test_verify_crl_unknown_scheme(cert_builder, private_key): """Unknown distribution point URI schemes should be ignored.""" ldap_uri = "ldap://ldap.example.org/cn=Example%20Certificate%20Authority?certificateRevocationList;binary" crl_dp = x509.DistributionPoint( [UniformResourceIdentifier(ldap_uri)], relative_name=None, reasons=None, crl_issuer=None, ) cert = cert_builder.add_extension( x509.CRLDistributionPoints([crl_dp]), critical=False ).sign(private_key, hashes.SHA256(), default_backend()) with mktempfile() as cert_tmp: with open(cert_tmp, "wb") as f: f.write(cert.public_bytes(serialization.Encoding.PEM)) # Must not raise exception crl_verify(cert, cert_tmp)
Example #3
Source File: test_verify.py From lemur with Apache License 2.0 | 6 votes |
def test_verify_crl_unreachable(cert_builder, private_key): """Unreachable CRL distribution point results in error.""" ldap_uri = "http://invalid.example.org/crl/foobar.crl" crl_dp = x509.DistributionPoint( [UniformResourceIdentifier(ldap_uri)], relative_name=None, reasons=None, crl_issuer=None, ) cert = cert_builder.add_extension( x509.CRLDistributionPoints([crl_dp]), critical=False ).sign(private_key, hashes.SHA256(), default_backend()) with mktempfile() as cert_tmp: with open(cert_tmp, "wb") as f: f.write(cert.public_bytes(serialization.Encoding.PEM)) with pytest.raises(Exception, match="Unable to retrieve CRL:"): crl_verify(cert, cert_tmp)
Example #4
Source File: fields.py From lemur with Apache License 2.0 | 5 votes |
def _serialize(self, value, attr, obj): general_names = [] name_type = None if value: for name in value._general_names: value = name.value if isinstance(name, x509.DNSName): name_type = "DNSName" elif isinstance(name, x509.IPAddress): if isinstance(value, ipaddress.IPv4Network): name_type = "IPNetwork" else: name_type = "IPAddress" value = str(value) elif isinstance(name, x509.UniformResourceIdentifier): name_type = "uniformResourceIdentifier" elif isinstance(name, x509.DirectoryName): name_type = "directoryName" elif isinstance(name, x509.RFC822Name): name_type = "rfc822Name" elif isinstance(name, x509.RegisteredID): name_type = "registeredID" value = value.dotted_string else: current_app.logger.warning( "Unknown SubAltName type: {name}".format(name=name) ) continue general_names.append({"nameType": name_type, "value": value}) return general_names
Example #5
Source File: tests_models.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_full_crl(self): ca = self.cas['root'] child = self.cas['child'] cert = self.certs['root-cert'] full_name = 'http://localhost/crl' idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)]) crl = ca.get_crl(full_name=[full_name]).public_bytes(Encoding.PEM) self.assertCRL(crl, idp=idp, signer=ca) ca.crl_url = full_name ca.save() crl = ca.get_crl().public_bytes(Encoding.PEM) self.assertCRL(crl, idp=idp, crl_number=1, signer=ca) # revoke a cert cert.revoke() crl = ca.get_crl().public_bytes(Encoding.PEM) self.assertCRL(crl, idp=idp, certs=[cert], crl_number=2, signer=ca) # also revoke a CA child.revoke() crl = ca.get_crl().public_bytes(Encoding.PEM) self.assertCRL(crl, idp=idp, certs=[cert, child], crl_number=3, signer=ca) # unrevoke cert (so we have all three combinations) cert.revoked = False cert.revoked_date = None cert.revoked_reason = '' cert.save() crl = ca.get_crl().public_bytes(Encoding.PEM) self.assertCRL(crl, idp=idp, certs=[child], crl_number=4, signer=ca)
Example #6
Source File: tests_models.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_no_auth_key_identifier(self): # All CAs have a authority key identifier, so we mock that this exception is not present def side_effect(cls): raise x509.ExtensionNotFound('mocked', x509.AuthorityKeyIdentifier.oid) ca = self.cas['child'] full_name = 'http://localhost/crl' idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)]) with mock.patch('cryptography.x509.extensions.Extensions.get_extension_for_oid', side_effect=side_effect): crl = ca.get_crl(full_name=[full_name]).public_bytes(Encoding.PEM) self.assertCRL(crl, idp=idp, signer=ca, skip_authority_key_identifier=True)
Example #7
Source File: tests_utils.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_uri(self): url = 'https://example.com' self.assertEqual(parse_general_name(url), x509.UniformResourceIdentifier(url)) self.assertEqual(parse_general_name('uri:%s' % url), x509.UniformResourceIdentifier(url))
Example #8
Source File: base.py From django-ca with GNU General Public License v3.0 | 5 votes |
def uri(u): # just a shortcut return x509.UniformResourceIdentifier(u)
Example #9
Source File: tests_views.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_full_scope(self): full_name = 'http://localhost/crl' idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)]) self.ca.crl_url = full_name self.ca.save() response = self.client.get(reverse('full', kwargs={'serial': self.ca.serial})) self.assertEqual(response.status_code, 200) self.assertEqual(response['Content-Type'], 'application/pkix-crl') self.assertCRL(response.content, encoding=Encoding.DER, expires=600, idp=idp)