Python cryptography.x509.oid.NameOID.COUNTRY_NAME Examples
The following are 30
code examples of cryptography.x509.oid.NameOID.COUNTRY_NAME().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.x509.oid.NameOID
, or try the search function
.
.
Example #1
| Source File: backend.py From oss-ftp with MIT License | 6 votes |
|
def _encode_name(backend, attributes):
"""
The X509_NAME created will not be gc'd. Use _encode_name_gc if needed.
"""
subject = backend._lib.X509_NAME_new()
for attribute in attributes:
value = attribute.value.encode('utf8')
obj = _txt2obj_gc(backend, attribute.oid.dotted_string)
if attribute.oid == NameOID.COUNTRY_NAME:
# Per RFC5280 Appendix A.1 countryName should be encoded as
# PrintableString, not UTF8String
type = backend._lib.MBSTRING_ASC
else:
type = backend._lib.MBSTRING_UTF8
res = backend._lib.X509_NAME_add_entry_by_OBJ(
subject, obj, type, value, -1, -1, 0,
)
backend.openssl_assert(res == 1)
return subject
Example #2
| Source File: name.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
|
def __init__(self, oid, value):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if oid == NameOID.COUNTRY_NAME and len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
self._oid = oid
self._value = value
Example #3
| Source File: sslutils.py From rpaas with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def generate_csr(key, domainname):
private_key = serialization.load_pem_private_key(key, password=None,
backend=default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
# Provide various details about who we are.
x509.NameAttribute(NameOID.COUNTRY_NAME, u"BR"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"RJ"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Rio de Janeiro"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"globo.com"),
x509.NameAttribute(NameOID.COMMON_NAME, domainname),
])).add_extension(
x509.SubjectAlternativeName([x509.DNSName(domainname)]),
critical=False,
).sign(private_key, hashes.SHA256(), default_backend())
return csr.public_bytes(serialization.Encoding.PEM)
Example #4
| Source File: tests_subject.py From django-ca with GNU General Public License v3.0 | 6 votes |
|
def test_get(self):
self.assertEqual(Subject('/CN=example.com').get('CN'), 'example.com')
self.assertEqual(Subject('/C=AT/CN=example.com').get('C'), 'AT')
self.assertEqual(Subject('/C=AT/CN=example.com').get('CN'), 'example.com')
# try NameOID:
self.assertEqual(Subject('/CN=example.com').get(NameOID.COMMON_NAME), 'example.com')
self.assertEqual(Subject('/C=AT/CN=example.com').get(NameOID.COUNTRY_NAME), 'AT')
self.assertEqual(Subject('/C=AT/CN=example.com').get(NameOID.COMMON_NAME), 'example.com')
# OUs
self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com').get('OU'), ['foo'])
self.assertEqual(Subject('/C=AT/OU=foo/OU=bar/CN=example.com').get('OU'), ['foo', 'bar'])
# test that default doesn't overwrite anytying
self.assertEqual(Subject('/CN=example.com').get('CN', 'x'), 'example.com')
self.assertEqual(Subject('/C=AT/CN=example.com').get('C', 'x'), 'AT')
self.assertEqual(Subject('/C=AT/CN=example.com').get('CN', 'x'), 'example.com')
# test default value
self.assertIsNone(Subject('/C=AT/OU=foo/CN=example.com').get('L'))
self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com').get('L', 'foo'), 'foo')
self.assertIsNone(Subject('/C=AT/OU=foo/CN=example.com').get(NameOID.LOCALITY_NAME))
self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com').get(NameOID.LOCALITY_NAME, 'foo'), 'foo')
Example #5
| Source File: tests_subject.py From django-ca with GNU General Public License v3.0 | 6 votes |
|
def test_getitem(self):
self.assertEqual(Subject('/CN=example.com')['CN'], 'example.com')
self.assertEqual(Subject('/C=AT/CN=example.com')['C'], 'AT')
self.assertEqual(Subject('/C=AT/CN=example.com')['CN'], 'example.com')
# try NameOID:
self.assertEqual(Subject('/CN=example.com')[NameOID.COMMON_NAME], 'example.com')
self.assertEqual(Subject('/C=AT/CN=example.com')[NameOID.COUNTRY_NAME], 'AT')
self.assertEqual(Subject('/C=AT/CN=example.com')[NameOID.COMMON_NAME], 'example.com')
# OUs
self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com')['OU'], ['foo'])
self.assertEqual(Subject('/C=AT/OU=foo/OU=bar/CN=example.com')['OU'], ['foo', 'bar'])
# test keyerror
with self.assertRaisesRegex(KeyError, r"^'L'$"):
Subject('/C=AT/OU=foo/CN=example.com')['L']
with self.assertRaisesRegex(KeyError, r"^'L'$"):
Subject('/C=AT/OU=foo/CN=example.com')[NameOID.LOCALITY_NAME]
Example #6
| Source File: test_mdmcert.py From commandment with MIT License | 6 votes |
|
def csr(private_key: rsa.RSAPrivateKey) -> x509.CertificateSigningRequest:
b = x509.CertificateSigningRequestBuilder()
req = b.subject_name(x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
x509.NameAttribute(NameOID.COMMON_NAME, u"Commandment"),
])).sign(private_key, hashes.SHA256(), default_backend())
return req
Example #7
| Source File: conftest.py From commandment with MIT License | 6 votes |
|
def certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate:
b = x509.CertificateBuilder()
name = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"),
])
cer = b.subject_name(name).issuer_name(name).public_key(
private_key.public_key()
).serial_number(1).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(
x509.BasicConstraints(ca=False, path_length=None), True
).sign(private_key, hashes.SHA256(), default_backend())
return cer
Example #8
| Source File: conftest.py From commandment with MIT License | 6 votes |
|
def ca_certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate:
b = x509.CertificateBuilder()
name = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"),
])
cert = b.serial_number(1).issuer_name(
name
).subject_name(
name
).public_key(
private_key.public_key()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(
x509.BasicConstraints(ca=True, path_length=None), True
).sign(private_key, hashes.SHA256(), default_backend())
return cert
Example #9
| Source File: certificatemanager.py From confidant with Apache License 2.0 | 5 votes |
|
def generate_x509_name(self, cn):
"""
For the given common name string, generate and return an x509.Name, with
attributes configured in the settings.
"""
name_attributes = [
x509.NameAttribute(NameOID.COMMON_NAME, cn),
]
if self.settings['csr_country_name']:
name_attributes.append(
x509.NameAttribute(
NameOID.COUNTRY_NAME,
self.settings['csr_country_name'],
)
)
if self.settings['csr_state_or_province_name']:
name_attributes.append(
x509.NameAttribute(
NameOID.STATE_OR_PROVINCE_NAME,
self.settings['csr_state_or_province_name'],
)
)
if self.settings['csr_locality_name']:
name_attributes.append(
x509.NameAttribute(
NameOID.LOCALITY_NAME,
self.settings['csr_locality_name'],
)
)
if self.settings['csr_organization_name']:
name_attributes.append(
x509.NameAttribute(
NameOID.ORGANIZATION_NAME,
self.settings['csr_organization_name'],
)
)
return x509.Name(name_attributes)
Example #10
| Source File: test_session_resumption.py From rpaas with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def generate_ca(cls):
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"BR"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"RJ"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Rio de Janeiro"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Tsuru Inc"),
x509.NameAttribute(NameOID.COMMON_NAME, u"tsuru.io"),
])
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
key.public_key()
).serial_number(
x509.random_serial_number()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(
x509.SubjectAlternativeName([x509.DNSName(u"tsuru.io")]),
critical=False,
).sign(key, hashes.SHA256(), default_backend())
key = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
cert = cert.public_bytes(serialization.Encoding.PEM)
return key, cert
Example #11
| Source File: __init__.py From agent with MIT License | 5 votes |
|
def generate_cert(device_id):
private_key = ec.generate_private_key(
ec.SECP256R1(), default_backend()
)
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'{}'.format(device_id)),
x509.NameAttribute(NameOID.COUNTRY_NAME, u'UK'),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'London'),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Web of Trusted Things, Ltd'),
]))
builder = builder.add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(u'{}'.format(device_id))]
),
critical=False
)
csr = builder.sign(private_key, hashes.SHA256(), default_backend())
serialized_private_key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
serialized_csr = csr.public_bytes(serialization.Encoding.PEM)
return {
'csr': serialized_csr.decode(),
'key': serialized_private_key.decode()
}
Example #12
| Source File: name.py From quickstart-git2s3 with Apache License 2.0 | 5 votes |
|
def __init__(self, oid, value, _type=_SENTINEL):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if (
oid == NameOID.COUNTRY_NAME or
oid == NameOID.JURISDICTION_COUNTRY_NAME
):
if len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
if _type == _SENTINEL:
_type = _ASN1Type.PrintableString
if len(value) == 0:
raise ValueError("Value cannot be an empty string")
# Set the default string type for encoding ASN1 strings to UTF8. This
# is the default for newer OpenSSLs for several years (1.0.1h+) and is
# recommended in RFC 2459.
if _type == _SENTINEL:
_type = _ASN1Type.UTF8String
if not isinstance(_type, _ASN1Type):
raise TypeError("_type must be from the _ASN1Type enum")
self._oid = oid
self._value = value
self._type = _type
Example #13
| Source File: utils.py From django-auth-adfs with BSD 2-Clause "Simplified" License | 5 votes |
|
def generate_key_and_cert():
signing_key = rsa.generate_private_key(
backend=crypto_default_backend(),
public_exponent=65537,
key_size=2048
)
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),
x509.NameAttribute(NameOID.COMMON_NAME, u"example.com"),
])
signing_cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
signing_key.public_key()
).serial_number(
x509.random_serial_number()
).not_valid_before(
datetime.utcnow()
).not_valid_after(
# Our certificate will be valid for 10 days
datetime.utcnow() + timedelta(days=10)
# Sign our certificate with our private key
).sign(
signing_key, hashes.SHA256(), crypto_default_backend()
).public_bytes(crypto_serialization.Encoding.DER)
return signing_key, signing_cert
Example #14
| Source File: ssl.py From ripe-atlas-sagan with GNU General Public License v3.0 | 5 votes |
|
def _parse_x509_name(name):
cn = None
o = None
c = None
for attr in name:
if attr.oid == NameOID.COUNTRY_NAME:
c = attr.value
elif attr.oid == NameOID.ORGANIZATION_NAME:
o = attr.value
elif attr.oid == NameOID.COMMON_NAME:
cn = attr.value
return cn, o, c
Example #15
| Source File: tls.py From dcos-e2e with Apache License 2.0 | 5 votes |
|
def cert_name(common_name):
"""
Create x509.Name
"""
return x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, "D2iQ, Inc."),
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
])
Example #16
| Source File: tls.py From dcos-e2e with Apache License 2.0 | 5 votes |
|
def cert_name(common_name):
"""
Create x509.Name
"""
return x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, "D2iQ, Inc."),
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
])
Example #17
| Source File: name.py From quickstart-redhat-openshift with Apache License 2.0 | 5 votes |
|
def __init__(self, oid, value, _type=_SENTINEL):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if (
oid == NameOID.COUNTRY_NAME or
oid == NameOID.JURISDICTION_COUNTRY_NAME
):
if len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
if len(value) == 0:
raise ValueError("Value cannot be an empty string")
# The appropriate ASN1 string type varies by OID and is defined across
# multiple RFCs including 2459, 3280, and 5280. In general UTF8String
# is preferred (2459), but 3280 and 5280 specify several OIDs with
# alternate types. This means when we see the sentinel value we need
# to look up whether the OID has a non-UTF8 type. If it does, set it
# to that. Otherwise, UTF8!
if _type == _SENTINEL:
_type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)
if not isinstance(_type, _ASN1Type):
raise TypeError("_type must be from the _ASN1Type enum")
self._oid = oid
self._value = value
self._type = _type
Example #18
| Source File: test_verifier.py From alexa-skills-kit-sdk-for-python with Apache License 2.0 | 5 votes |
|
def create_certificate(self):
self.private_key = self.generate_private_key()
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"WA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Seattle"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Amazon Alexa"),
x509.NameAttribute(
NameOID.COMMON_NAME, u"{}".format(self.PREPOPULATED_CERT_URL)),
])
self.mock_certificate = x509.CertificateBuilder().subject_name(
name=subject).issuer_name(
name=issuer).public_key(
key=self.private_key.public_key()).serial_number(
number=x509.random_serial_number()).not_valid_before(
time=datetime.utcnow() - timedelta(minutes=1)).not_valid_after(
time=datetime.utcnow() + timedelta(minutes=1)).add_extension(
extension=x509.SubjectAlternativeName(
[x509.DNSName(u"{}".format(CERT_CHAIN_DOMAIN))]),
critical=False).sign(
private_key=self.private_key,
algorithm=SHA1(),
backend=default_backend()
)
self.request_verifier._cert_cache[
self.PREPOPULATED_CERT_URL] = self.mock_certificate
Example #19
| Source File: name.py From Carnets with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def __init__(self, oid, value, _type=_SENTINEL):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if (
oid == NameOID.COUNTRY_NAME or
oid == NameOID.JURISDICTION_COUNTRY_NAME
):
if len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
if len(value) == 0:
raise ValueError("Value cannot be an empty string")
# The appropriate ASN1 string type varies by OID and is defined across
# multiple RFCs including 2459, 3280, and 5280. In general UTF8String
# is preferred (2459), but 3280 and 5280 specify several OIDs with
# alternate types. This means when we see the sentinel value we need
# to look up whether the OID has a non-UTF8 type. If it does, set it
# to that. Otherwise, UTF8!
if _type == _SENTINEL:
_type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)
if not isinstance(_type, _ASN1Type):
raise TypeError("_type must be from the _ASN1Type enum")
self._oid = oid
self._value = value
self._type = _type
Example #20
| Source File: __init__.py From lokey with GNU General Public License v3.0 | 5 votes |
|
def serialize(self,
# password=None,
country=u"US",
state=u"CA",
city=u"San Francisco",
company=u"Lokey Examle",
common_name=u"example.com"):
# This should be handled already
# if not password:
# password = None
key = serialization.load_pem_private_key(
self.to('pem'),
password=None,
backend=default_backend())
subject = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, country),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
x509.NameAttribute(NameOID.LOCALITY_NAME, city),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, company),
x509.NameAttribute(NameOID.COMMON_NAME, common_name),
])
cert = x509.CertificateSigningRequestBuilder().subject_name(
subject
).sign(key, hashes.SHA256(), default_backend())
return cert.public_bytes(serialization.Encoding.PEM)
Example #21
| Source File: test_config.py From python-tripleoclient with Apache License 2.0 | 5 votes |
|
def get_certificate_and_private_key(self):
private_key = rsa.generate_private_key(public_exponent=3,
key_size=1024,
backend=default_backend())
issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"FI"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Helsinki"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Some Company"),
x509.NameAttribute(NameOID.COMMON_NAME, u"Test Certificate"),
])
cert_builder = x509.CertificateBuilder(
issuer_name=issuer, subject_name=issuer,
public_key=private_key.public_key(),
serial_number=x509.random_serial_number(),
not_valid_before=datetime.utcnow(),
not_valid_after=datetime.utcnow() + timedelta(days=10)
)
cert = cert_builder.sign(private_key,
hashes.SHA256(),
default_backend())
cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
key_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
return cert_pem, key_pem
Example #22
| Source File: tests_subject.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_fields(self):
s = Subject('')
self.assertEqual(list(s.fields), [])
s = Subject('/C=AT')
self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT')])
s = Subject('/C=AT/CN=example.com')
self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'), (NameOID.COMMON_NAME, 'example.com')])
s = Subject('/C=AT/OU=foo/CN=example.com')
self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'),
(NameOID.ORGANIZATIONAL_UNIT_NAME, 'foo'),
(NameOID.COMMON_NAME, 'example.com')])
s = Subject('/C=AT/OU=foo/OU=bar/CN=example.com')
self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'),
(NameOID.ORGANIZATIONAL_UNIT_NAME, 'foo'),
(NameOID.ORGANIZATIONAL_UNIT_NAME, 'bar'),
(NameOID.COMMON_NAME, 'example.com')])
# Also test order
s = Subject('/CN=example.com/C=AT/OU=foo/OU=bar')
self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'),
(NameOID.ORGANIZATIONAL_UNIT_NAME, 'foo'),
(NameOID.ORGANIZATIONAL_UNIT_NAME, 'bar'),
(NameOID.COMMON_NAME, 'example.com')])
Example #23
| Source File: tests_subject.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_contains(self):
self.assertIn('CN', Subject('/CN=example.com'))
self.assertIn(NameOID.COMMON_NAME, Subject('/CN=example.com'))
self.assertNotIn(NameOID.LOCALITY_NAME, Subject('/CN=example.com'))
self.assertNotIn(NameOID.COUNTRY_NAME, Subject('/CN=example.com'))
self.assertIn(NameOID.COUNTRY_NAME, Subject('/C=AT/CN=example.com'))
self.assertIn(NameOID.COMMON_NAME, Subject('/C=AT/CN=example.com'))
Example #24
| Source File: tests_subject.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_init_name(self):
name = x509.Name(attributes=[
x509.NameAttribute(oid=NameOID.COUNTRY_NAME, value=u'AT'),
x509.NameAttribute(oid=NameOID.COMMON_NAME, value=u'example.com'),
])
self.assertEqual(str(Subject(name)), '/C=AT/CN=example.com')
Example #25
| Source File: tests_utils.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_dirname(self):
name = x509.DirectoryName(x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, 'AT'),
x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
]))
self.assertEqual(format_general_name(name), 'dirname:/C=AT/CN=example.com')
Example #26
| Source File: tests_utils.py From django-ca with GNU General Public License v3.0 | 5 votes |
|
def test_dirname(self):
self.assertEqual(parse_general_name('/CN=example.com'), x509.DirectoryName(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
])))
self.assertEqual(parse_general_name('dirname:/CN=example.com'), x509.DirectoryName(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
])))
self.assertEqual(parse_general_name('dirname:/C=AT/CN=example.com'), x509.DirectoryName(x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, 'AT'),
x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
])))
Example #27
| Source File: conftest.py From commandment with MIT License | 5 votes |
|
def csr(private_key: rsa.RSAPrivateKey) -> x509.CertificateSigningRequest:
b = x509.CertificateSigningRequestBuilder()
req = b.subject_name(x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
x509.NameAttribute(NameOID.COMMON_NAME, u"Commandment"),
])).sign(private_key, hashes.SHA256(), default_backend())
return req
Example #28
| Source File: name.py From learn_python3_spider with MIT License | 5 votes |
|
def __init__(self, oid, value, _type=_SENTINEL):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if (
oid == NameOID.COUNTRY_NAME or
oid == NameOID.JURISDICTION_COUNTRY_NAME
):
if len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
if len(value) == 0:
raise ValueError("Value cannot be an empty string")
# The appropriate ASN1 string type varies by OID and is defined across
# multiple RFCs including 2459, 3280, and 5280. In general UTF8String
# is preferred (2459), but 3280 and 5280 specify several OIDs with
# alternate types. This means when we see the sentinel value we need
# to look up whether the OID has a non-UTF8 type. If it does, set it
# to that. Otherwise, UTF8!
if _type == _SENTINEL:
_type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)
if not isinstance(_type, _ASN1Type):
raise TypeError("_type must be from the _ASN1Type enum")
self._oid = oid
self._value = value
self._type = _type
Example #29
| Source File: name.py From teleport with Apache License 2.0 | 5 votes |
|
def __init__(self, oid, value, _type=_SENTINEL):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if (
oid == NameOID.COUNTRY_NAME or
oid == NameOID.JURISDICTION_COUNTRY_NAME
):
if len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
# The appropriate ASN1 string type varies by OID and is defined across
# multiple RFCs including 2459, 3280, and 5280. In general UTF8String
# is preferred (2459), but 3280 and 5280 specify several OIDs with
# alternate types. This means when we see the sentinel value we need
# to look up whether the OID has a non-UTF8 type. If it does, set it
# to that. Otherwise, UTF8!
if _type == _SENTINEL:
_type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)
if not isinstance(_type, _ASN1Type):
raise TypeError("_type must be from the _ASN1Type enum")
self._oid = oid
self._value = value
self._type = _type
Example #30
| Source File: name.py From teleport with Apache License 2.0 | 5 votes |
|
def __init__(self, oid, value, _type=_SENTINEL):
if not isinstance(oid, ObjectIdentifier):
raise TypeError(
"oid argument must be an ObjectIdentifier instance."
)
if not isinstance(value, six.text_type):
raise TypeError(
"value argument must be a text type."
)
if (
oid == NameOID.COUNTRY_NAME or
oid == NameOID.JURISDICTION_COUNTRY_NAME
):
if len(value.encode("utf8")) != 2:
raise ValueError(
"Country name must be a 2 character country code"
)
# The appropriate ASN1 string type varies by OID and is defined across
# multiple RFCs including 2459, 3280, and 5280. In general UTF8String
# is preferred (2459), but 3280 and 5280 specify several OIDs with
# alternate types. This means when we see the sentinel value we need
# to look up whether the OID has a non-UTF8 type. If it does, set it
# to that. Otherwise, UTF8!
if _type == _SENTINEL:
_type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)
if not isinstance(_type, _ASN1Type):
raise TypeError("_type must be from the _ASN1Type enum")
self._oid = oid
self._value = value
self._type = _type
